www.reversinglabs.com Open in urlscan Pro
2606:2c40::c73c:671f Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Submission: On December 20 via api (December 20th 2023, 2:14:57 am UTC) from TR — Scanned from DE

Summary HTTP 175 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 55 IPs in 5 countries across 40 domains to perform 175 HTTP transactions. The main IP is 2606:2c40::c73c:671f, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.reversinglabs.com.
TLS certificate: Issued by GTS CA 1P5 on November 19th 2023. Valid for: 3 months.

This is the only time www.reversinglabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	2606:2c40::c7... 2606:2c40::c73c:671f	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
2	151.101.193.181 151.101.193.181	54113 (FASTLY) (FASTLY)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:70d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:c060	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.65.116 65.9.65.116	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	18.66.97.53 18.66.97.53	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
11	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:890f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:50ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e4a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:589a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7a0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:fba8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.32.27.21 13.32.27.21	16509 (AMAZON-02) (AMAZON-02)
2 7	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2.17.100.193 2.17.100.193	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
1	162.159.152.17 162.159.152.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	3.9.65.245 3.9.65.245	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:223... 2600:9000:223c:3600:9:d7d4:1380:93a1	16509 (AMAZON-02) (AMAZON-02)
3	3.67.234.21 3.67.234.21	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:2b1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.55.198.1 52.55.198.1	14618 (AMAZON-AES) (AMAZON-AES)
3	2606:4700::68... 2606:4700::6812:b07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700::68... 2606:4700::6812:a07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1f::9c	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
1	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
1	2a02:26f0:710... 2a02:26f0:7100::210:172	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	52.88.188.95 52.88.188.95	16509 (AMAZON-02) (AMAZON-02)
1	54.189.55.164 54.189.55.164	16509 (AMAZON-02) (AMAZON-02)
1	18.66.147.34 18.66.147.34	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:cbcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:b05d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
175	55

46 2606:2c40::c73c:671f (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.reversinglabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.181 (United States)

ASN54113 (FASTLY, US)

play.vidyard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:70d1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

3375217.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:c060 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

cookieinfoscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.65.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-65-116.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-53.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:890f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:50ba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e4a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:589a (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7a0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:fba8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.27.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-21.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6813:9b53 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.152.17 (None, )

ASN13335 (CLOUDFLARENET, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.9.65.245 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-65-245.eu-west-2.compute.amazonaws.com

script.anura.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:3600:9:d7d4:1380:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.67.234.21 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-234-21.eu-central-1.compute.amazonaws.com

snid.snitcher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2b1f (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.55.198.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-55-198-1.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:a07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1f::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::210:172 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.88.188.95 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-88-188-95.us-west-2.compute.amazonaws.com

api-gw.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.189.55.164 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-189-55-164.us-west-2.compute.amazonaws.com

a.usbrowserspeed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-34.fra60.r.cloudfront.net

ads.anura.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cbcc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:b05d (United States)

ASN13335 (CLOUDFLARENET, US)

3375217.hs-sites.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	reversinglabs.com www.reversinglabs.com	946 KB
21	gstatic.com fonts.gstatic.com www.gstatic.com	946 KB
11	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 2693	95 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5657 c.6sc.co — Cisco Umbrella Rank: 8715 ipv6.6sc.co — Cisco Umbrella Rank: 5852 b.6sc.co — Cisco Umbrella Rank: 3994	22 KB
10	hubspot.com 2 redirects js.hubspot.com — Cisco Umbrella Rank: 5191 app.hubspot.com — Cisco Umbrella Rank: 5546 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4978 track.hubspot.com — Cisco Umbrella Rank: 2246 forms.hubspot.com — Cisco Umbrella Rank: 4894 static.hubspot.com — Cisco Umbrella Rank: 23586	39 KB
6	hubspotusercontent-na1.net 3375217.fs1.hubspotusercontent-na1.net	126 KB
5	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4435 forms-na1.hsforms.com — Cisco Umbrella Rank: 7062 perf-na1.hsforms.com — Cisco Umbrella Rank: 5595	4 KB
5	linkedin.com 2 redirects platform.linkedin.com — Cisco Umbrella Rank: 3771 px.ads.linkedin.com — Cisco Umbrella Rank: 327 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	162 KB
4	metadata.io cdn.metadata.io — Cisco Umbrella Rank: 23286 api-gw.metadata.io — Cisco Umbrella Rank: 23247	4 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	177 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	41 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6765	670 B
3	snitcher.com snid.snitcher.com — Cisco Umbrella Rank: 98575	25 KB
3	anura.io script.anura.io — Cisco Umbrella Rank: 55672 ads.anura.io — Cisco Umbrella Rank: 70839	21 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 75	4 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1230 syndication.twitter.com — Cisco Umbrella Rank: 1549	132 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	291 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 700 script.hotjar.com — Cisco Umbrella Rank: 933	61 KB
3	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5536	12 KB
2	hs-sites.com 3375217.hs-sites.com	7 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	216 B
2	quora.com a.quora.com — Cisco Umbrella Rank: 4913 q.quora.com — Cisco Umbrella Rank: 3720	15 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4726 forms.hscollectedforms.net — Cisco Umbrella Rank: 4810	26 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1355 insight.adsrvr.org — Cisco Umbrella Rank: 557	3 KB
2	vidyard.com play.vidyard.com — Cisco Umbrella Rank: 11970	45 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3450	1 KB
1	usbrowserspeed.com a.usbrowserspeed.com — Cisco Umbrella Rank: 5716
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1387	637 B
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8744	2 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 763	15 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1266	9 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4681	24 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4727	88 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3131	4 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2129	20 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2128	21 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4490	2 KB
1	cookieinfoscript.com cookieinfoscript.com — Cisco Umbrella Rank: 86760	4 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8411	2 KB
175	40

	Domain	Requested by
46	www.reversinglabs.com	www.reversinglabs.com js.usemessages.com
11	fonts.gstatic.com	fonts.googleapis.com www.google.com www.reversinglabs.com
10	www.gstatic.com	www.google.com www.gstatic.com
10	www.google.com	www.reversinglabs.com www.gstatic.com www.google.com
8	b.6sc.co	www.reversinglabs.com
6	3375217.fs1.hubspotusercontent-na1.net	www.reversinglabs.com 3375217.hs-sites.com
4	connect.facebook.net	www.reversinglabs.com connect.facebook.net
4	cdnjs.cloudflare.com	www.reversinglabs.com
3	track.hubspot.com
3	px.ads.linkedin.com	2 redirects snap.licdn.com
3	www.google.de	www.reversinglabs.com
3	snid.snitcher.com	www.reversinglabs.com snid.snitcher.com
3	www.googletagmanager.com	www.reversinglabs.com www.googletagmanager.com js.hsadspixel.net
3	static.hsappstatic.net	www.reversinglabs.com 3375217.hs-sites.com
2	3375217.hs-sites.com	js.hubspot.com www.reversinglabs.com
2	perf-na1.hsforms.com	www.reversinglabs.com
2	api-gw.metadata.io	cdn.metadata.io
2	cta-service-cms2.hubspot.com	1 redirects js.hubspot.com
2	www.facebook.com	www.reversinglabs.com
2	forms.hsforms.com	www.reversinglabs.com
2	cdn.metadata.io	www.reversinglabs.com
2	script.anura.io	www.googletagmanager.com script.anura.io
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	script.hotjar.com	static.hotjar.com script.hotjar.com
2	js.hubspot.com	www.reversinglabs.com 3375217.hs-sites.com
2	platform.twitter.com	www.reversinglabs.com platform.twitter.com
2	fonts.googleapis.com	www.reversinglabs.com
2	play.vidyard.com	www.reversinglabs.com
1	static.hubspot.com	1 redirects
1	forms.hubspot.com	js.hsleadflows.net
1	insight.adsrvr.org	js.adsrvr.org
1	api.hubapi.com	js.hsadspixel.net
1	ads.anura.io	script.anura.io
1	a.usbrowserspeed.com	cdn.metadata.io
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	px4.ads.linkedin.com	www.reversinglabs.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	syndication.twitter.com	platform.twitter.com
1	alb.reddit.com	www.reversinglabs.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	forms-na1.hsforms.com	www.reversinglabs.com
1	q.quora.com	www.reversinglabs.com
1	tracking.g2crowd.com	www.reversinglabs.com
1	snap.licdn.com	www.googletagmanager.com
1	a.quora.com	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com
1	j.6sc.co	www.reversinglabs.com
1	app.hubspot.com	www.reversinglabs.com
1	js.usemessages.com	www.reversinglabs.com
1	js.hsleadflows.net	www.reversinglabs.com
1	js.hscollectedforms.net	www.reversinglabs.com
1	js.hsadspixel.net	www.reversinglabs.com
1	js.hs-banner.com	www.reversinglabs.com
1	js.hs-analytics.net	www.reversinglabs.com
1	ws.zoominfo.com	www.reversinglabs.com
1	static.hotjar.com	www.reversinglabs.com
1	js.adsrvr.org	www.reversinglabs.com
1	cookieinfoscript.com	www.reversinglabs.com
1	cdn2.hubspot.net	www.reversinglabs.com
1	platform.linkedin.com	www.reversinglabs.com
175	62

This site contains links to these domains. Also see Links.

Domain
register.reversinglabs.com
support.reversinglabs.com
rli.reversinglabs.com
www.secure.software
docs.github.com
blog.reversinglabs.com
setuptools.pypa.io
www.trendmicro.com
twitter.com
www.linkedin.com
www.youtube.com
www.facebook.com
www.instagram.com
cookieinfoscript.com

Subject Issuer	Validity	Valid
www.reversinglabs.com GTS CA 1P5	`2023-11-19` - `2024-02-17`	3 months	crt.sh
*.vidyard.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-01` - `2024-08-01`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-07-11` - `2024-07-10`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-09-30` - `2024-09-29`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
cookieinfoscript.com E1	`2023-12-08` - `2024-03-07`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-28` - `2023-12-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
6sc.co R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
quora.com R3	`2023-11-26` - `2024-02-24`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
script.anura.io Amazon RSA 2048 M02	`2023-10-16` - `2024-11-13`	a year	crt.sh
*.metadata.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-18` - `2024-01-07`	a year	crt.sh
snid.snitcher.com Amazon RSA 2048 M01	`2023-08-18` - `2024-09-14`	a year	crt.sh
*.quora.com R3	`2023-12-17` - `2024-03-16`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
syndication.twitter.com R3	`2023-12-11` - `2024-03-10`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
a.usbrowserspeed.com Amazon RSA 2048 M01	`2022-12-01` - `2023-12-30`	a year	crt.sh
ads.anura.io Amazon RSA 2048 M01	`2023-05-30` - `2024-06-27`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
hs-sites.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Frame ID: 82F5B7A16291EC98A248930B30B4C0CF
Requests: 145 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Frame ID: 09F8F5E5A4EF3B0E1D840DF606AA427C
Requests: 2 HTTP requests in this frame

Frame: https://3375217.hs-sites.com/hs-web-interactive-3375217-148772891797
Frame ID: AA290869466FF23F4794EDD98527BF84
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cucmV2ZXJzaW5nbGFicy5jb206NDQz&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=invisible&badge=inline&cb=tte3bjxjifgj
Frame ID: B1E70D8F168C2D61203F5B7DAE7B64E8
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: 9009C57D5D3F242B07489067EAF2B7F8
Requests: 13 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&upid=8t4axvj&upv=1.1.0
Frame ID: 8CB7403A6B9F35EB85C0B0F33752BC2A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malware leveraging public infrastructure like GitHub on the rise

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Lightbox (JavaScript Libraries) Expand

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

175
Requests

99 %
HTTPS

70 %
IPv6

40
Domains

62
Subdomains

55
IPs

5
Countries

3395 kB
Transfer

7886 kB
Size

37
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://register.reversinglabs.com/demo
Title: Demo

Search URL Search Domain Scan URL

URL: https://support.reversinglabs.com/hc/en-us/restricted
Title: Support

Search URL Search Domain Scan URL

URL: https://rli.reversinglabs.com/accounts/login/
Title: Login

Search URL Search Domain Scan URL

URL: https://www.secure.software/
Title: Developer Portal

Search URL Search Domain Scan URL

URL: https://docs.github.com/en/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists
Title: documentation

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-01.webp

Search URL Search Domain Scan URL

URL: https://setuptools.pypa.io/en/latest/userguide/extension.html
Title: extending setuptools commands

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-02.webp

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_th/research/19/c/new-slub-backdoor-uses-github-communicates-via-slack.html
Title: report on SLUB Backdoor from March 2019

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-03.webp

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-05.webp

Search URL Search Domain Scan URL

URL: https://twitter.com/reversinglabs
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/reversinglabs
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/reversinglabs
Title: Youtube play

Search URL Search Domain Scan URL

URL: https://www.facebook.com/reversinglabs

Search URL Search Domain Scan URL

URL: https://www.instagram.com/reversinglabs

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/blog/rss.xml

Search URL Search Domain Scan URL

URL: https://cookieinfoscript.com/
Title: cookie script

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 118

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1703038491703&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1703038491703&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&tm=gtmv2&cookiesTest=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1703038491703&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&tm=gtmv2&cookiesTest=true&e_ipv6=AQIpYq_A9oa5_gAAAYyFAR16Ew-YNXBNs5QQXgyvgc7tlesd2JPCMm3DlvslNJG0EgOBMMq8R4Qk

Request Chain 171

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/view?webInteractiveId=281158198618&containerType=SLIDE_IN&portalId=3375217&campaignId=4a1d6be3-c45a-4a52-ae11-71b94c842a02&isLoaded=true&pageUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&pageTitle=Malware+leveraging+public+infrastructure+like+GitHub+on+the+rise&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F120.0.6099.109+Safari%2F537.36&hutk=9109941e46ce69ef5139275cf7048895&hssc=60854195.1.1703038492908&hstc=60854195.9109941e46ce69ef5139275cf7048895.1703038492907.1703038492907.1703038492907.1&pageId=150420029995&analyticsPageId=150420029995&hsfp=166273013&canonicalUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&contentType=blog-post HTTP 307
https://static.hubspot.com/img/trackers/blank001.gif HTTP 301
https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

175 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request malware-leveraging-public-infrastructure-like-github-on-the-rise Show response
www.reversinglabs.com/blog/ 100 KB
21 KB 658ms
581ms Document
text/html 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e32ccb321369017de7c6d1f41e2d5aeac8497abd91f55446a7ef31fdd6c739f3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-ray: 83845fc24b474d44-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 20 Dec 2023 02:14:50 GMT
edge-cache-tag: CT-150420029995,CG-3375217,CG-5901382633,P-3375217,L-11118979719,L-11735000539,CW-103636562700,CW-10782554896,CW-114796045952,CW-115016303498,CW-115021731904,CW-137828326063,CW-137935116631,CW-140969871649,CW-144300602025,CW-144803306068,CW-23776629869,CW-23799638916,CW-36845096476,CW-79001037452,CW-80857835930,CW-80864562095,CW-80864563080,CW-80868056874,CW-87757605656,E-10528761402,E-11190015046,E-11708570900,E-139051314810,E-144306795402,E-23712622487,E-5951651806,E-6021532803,E-6021916068,E-6519964395,E-70521421874,PGS-ALL,SW-1,B-112999115134,B-5901382633,B-70179327783,B-94488163452,GC-103819429689,GC-115009898400,GC-115015365221,GC-115020232564,GC-139073577827,GC-140831756371,GC-25875947801,GC-26129507391,GC-80858624881,GC-80970810765,GC-80971492144,GC-81200326231,GC-87768577627
etag: W/"776677ea42c5f3cb288349893000880d"
last-modified: Wed, 20 Dec 2023 00:42:15 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SI9qQkZdnqAUEjTNTxZKpsfRuOT186YVkRly6JRcA5C%2BDnFPVjaDU2MUooewS%2Bu%2Bkajw1FWk61HVrfKnoxYyd8OVzii5CA4OxFeaM0QkLOx0D4cqWEAkbkb1d9f9htS%2FBru%2BnVZS3q8%2BqOiJMu%2F6WSlewg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: deny
x-hs-cache-config: BrowserCache-5s-EdgeCache-0s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-id: 150420029995
x-hs-https-only: worker
x-hs-hub-id: 3375217
x-hs-prerendered: two-phase;Wed, 20 Dec 2023 00:42:14 GMT
x-xss-protection: 1

GET
H2 200 project.js Show response
www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 79ms
63ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1716410
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UZiTeVWlPDTiMRle%2BKB63AcTjsJx7t0YoubXtWBTdkNALWf%2FFW%2FmZmNYfuWLfKCFVMWalWBvRwdQqc9WSsoXhOfyxFmckZSGGYvW4u56oYnx9UxvtEwTtg0wpTRtKck82SoGO43dEc5Eoj2VrXwhGbOvxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 83845fc62dea4d44-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Thu, 19 Dec 2024 02:14:50 GMT

GET
H2 200 v2.js Show response
www.reversinglabs.com/_hcms/forms/ 532 KB
178 KB 90ms
75ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bec065ae320fed4bb93d09440a473e82958293c8daf9371354588ece80588d15

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 257
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4270/bundles/project-v2.js&cfRay=8384597d10d24d3a-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"fc9d6a2cfcf42118865e200cd34d3672"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4270/bundles/project-v2.js
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 c0b0d7167cc2eb52d8d154aa7fc03a0a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: RBYY3BIyY8WMd_yGkQbPFvGfcq.KKRed
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: efefced9-16ae-4446-9664-a4917c1a0648
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: efefced9-16ae-4446-9664-a4917c1a0648
last-modified: Mon, 11 Dec 2023 15:17:46 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wqVRnvexMfNd%2BjZuAVwzybwxyCcQpKnS9onEuZPxPCCBHr%2Bt9MbsUUu2EnsY2t%2BdoYBpoGb5DQSYeSrOyxgsoPFix9O3zSKPX3GBAk3QTGU0JKG6IjrLvM5ql%2FGIuXVsgtkqP%2BDeGIZ5KrOaqeEP0%2BQHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-hzdvl
cf-ray: 83845fc62ded4d44-FRA
x-amz-cf-id: yKLEpHLe2nSSj0hmKEsgp5qdTefKZG_W2nvAnWnYtktdOhT0op0SiA==

GET
H2 200 header-transition.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/144306795402/1703003530161/Redesign_2023/css/globals/ 21 KB
7 KB 77ms
62ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/144306795402/1703003530161/Redesign_2023/css/globals/header-transition.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1819475257f8d4b324cdaa49e87bf54eed785c53dea112a68bbd51658d88f574

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: RD71FFC3ZQPAEGAK
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"ca10bc6a2d0ad2494289425a7135be67"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1703003531080
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: i1jfhrglLHQuvMW5BDdcRTlQEf0gJGF6
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: ce40962a-675e-4a69-b600-1730bf3eac6f
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 163
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dcuevHXT4hHAFp5+TOU7cShppwBOqbtSKB4PyZj3DEjlOaRwZqCibIeKRt/+Z//LVUSrlaQPui3J1OUcAG5WYG9u7pFDxgO5
x-evy-trace-route-configuration: listener_https/all
x-request-id: ce40962a-675e-4a69-b600-1730bf3eac6f
last-modified: Tue, 19 Dec 2023 16:32:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3aQYgITMh2KgEqi1A91hcuYugUnRYVRHlOVDbHXfie7uUpLUOTg1goZ7ZThLr2px6oRT6GBmEuW%2BVzhKqxpsIWq2bkXlDD5pjSHWjLBvy5fnzmVwfHY5jX%2B02CwgNrd3qFz9eeE%2BvUmBo%2FFqyqjo5jP6Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-l5wpd
access-control-allow-credentials: false
cf-ray: 83845fc61dce4d44-FRA
x-amz-cf-id: U9adEXm_zulr55w7l6DQbywVYGDH8E3lWYAt9P4P8D-ig3KY-LrGpg==

GET
H2 200 module_103636562700_Footer_Categories_Text_-_global_-_p1129.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/103636562700/1694185982219/ 89 B
1 KB 76ms
61ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/103636562700/1694185982219/module_103636562700_Footer_Categories_Text_-_global_-_p1129.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

350dfd290fcaf704accd61883b7d6dd6e2fcb8d6f10c747ba96707c20bddc000

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: 79A2TYWGY7DAQTEK
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"0e24424bd7a91e1adc940105ffcd26d9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1694185982219
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: UYxIVuK8hROmNkVmt39KiKV2MiShQ8hd
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: ae0adad3-3ed0-4cd8-80f0-f34cca25e913
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 215
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ABosj916rvVF/2p5hRX5ZTKBfTBj7qWIFYICrFun0itZzhhqXGbwXo84oG2BrV8G3WYWFoPcUjI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ae0adad3-3ed0-4cd8-80f0-f34cca25e913
last-modified: Fri, 08 Sep 2023 15:13:03 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wvK01yBTvG5amt0ZMTesGCI3DMz7nhZwXHKcTec%2F9KdkwWblPDqXYyXgIfS5TVdZrcLuNan659%2F87wxZ3ghW5Py%2BTF8wr4nxXyeZyQ04n4BE8lyOE1nVpWRb9NeNQRxXsPQpIuVF3NIxB15Taxrj7kAlmw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc61dd14d44-FRA
x-amz-cf-id: bv0fs1_w535CcWSmV-cgzwxB2Dg-iswNFWLX20LfkDLKgCiuQ56weQ==

GET
H2 200 module_87757605656_Footer_Categories_Blog_Listing_-_global_-_p1299.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/87757605656/1700047379193/ 83 B
1 KB 74ms
60ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/87757605656/1700047379193/module_87757605656_Footer_Categories_Blog_Listing_-_global_-_p1299.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

77af0a963d2016e3165d4e70050e60f0054e70ed0dba5ae5c2be14bcccbff207

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: H51M6T8Q6SGB1TMY
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"7a2a8d16729e44cc5588c37604841314"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1700047379193
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4aqZJyyEAevCo97LQW2sZjNB9xDpMIk5
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 95d89b57-5d6c-48d4-b050-90554c8f1cb1
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 154
alt-svc: h3=":443"; ma=86400
x-amz-id-2: w6zinUuBcDoTFqWEHebjtOTQFyNcNcV4He+6lujAgMbB6frMlO0d1EgECcmmabuAM2Btj3ymGIw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 95d89b57-5d6c-48d4-b050-90554c8f1cb1
last-modified: Wed, 15 Nov 2023 11:23:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oQa7sfI8NSjKfHakYWBxLz1zpqB5NikjqYlw3YHQkIs95aiWO5%2BguHyzT7CT3Sr3dU2tjxXNZq%2BrN6G8wk85ECU6BevRUlBIRr4x1ksim%2F4feUMo6NWfaH1%2FbfKRoMK1WS%2FZyW8nuni6K6cfgESS3sSxZg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-gqrq7
access-control-allow-credentials: false
cf-ray: 83845fc61dd24d44-FRA
x-amz-cf-id: 1lucgh-snCiuLMiBuHx8ZNjjDQjHp_0Q2jW7B-CIkaACQqrmachCzA==

GET
H2 200 module_36845096476_Blog_listing_card_grid_-_p1131.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1694005994176/ 304 B
1 KB 73ms
62ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1694005994176/module_36845096476_Blog_listing_card_grid_-_p1131.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e0e46665e34d5b09152a1ab9be9e89802f26f40b6e1a29780bf07ae94bc2376

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: MH2TYM6TEGZJGGWM
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"bfd6c45ad0a0ed80b73460eea867fdb6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1694005994176
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ZrfiAYbhD5n1nrCL_XqAwwXmCQNJJUy4
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 15433cb6-0804-4b5a-a50f-d812ddeb2cf6
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 422
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 6B2wEz9OiNQfToktFXM4/2QvuLThzTVllmgS7YJSr+RJzIVZ8jc0IgcgAZn3Y6RIkd5kx1twQIINitPG4HmDJxKH3GuhS5z2WiYUSaI6N5E=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 15433cb6-0804-4b5a-a50f-d812ddeb2cf6
last-modified: Wed, 06 Sep 2023 13:13:15 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kx6bm6%2F9%2BCU1TIgr%2FUapYeYmqVyw3xR1ArQeZ6%2FUgaxBj8az6UDIWC1AXv8WYAIxTzBNy5OXEiPUuQN7lm%2B48qkwObf4XG85unpezlz9nZb98%2Bd7N5jVeRukZlJASAYRT3VueTmeQqxypoTjZkzMTTv97g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc61dd34d44-FRA
x-amz-cf-id: JPj3-Ohxta5IdFgRxcjEuLDpZcJ6ZrOGp0sCvu7GQrBxI0wqjWvNYw==

GET
H2 200 module_80864562095_Sidebar_Categories_Blog_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864562095/1699699918041/ 379 B
1 KB 70ms
60ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864562095/1699699918041/module_80864562095_Sidebar_Categories_Blog_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8241cded06db0303212b505a16fe00ced734ccdfa01d114845813ec58c14ea0f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: MH2WKH9GAKT3ZFKC
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d7348911a8e6c5b2db18365e88521645"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1699699918041
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 1448f69604d5be1f9c9f0c64cfa90594.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: w_RO0VaH.fqhz7h4918HbUEA9LrHGLXa
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: bcb9051b-9498-4bcf-9155-25f89943145f
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 177
alt-svc: h3=":443"; ma=86400
x-amz-id-2: w98mFjRibxAyw+WvsGV6tjRXrzv5onvaaxAMtC68dEew0IJf92xYcpBLi4OXOtz6+X3j3ADE7Do=
x-evy-trace-route-configuration: listener_https/all
x-request-id: bcb9051b-9498-4bcf-9155-25f89943145f
last-modified: Sat, 11 Nov 2023 10:51:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8%2FKiOkpMcI0OduHYU0RjzAwpCOu3KQt%2BettpYmK0f5eRCUkLa1iqjwzl645hwYPD4zAAVAEjDuKMwxvJEkMJvQm9inewNijcj4TrDUtUePbQ06V1rCCOWML94V4efKSMwOKv7UIkBpdIoJCYB8CtkH3tg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-xmkgn
access-control-allow-credentials: false
cf-ray: 83845fc61dd44d44-FRA
x-amz-cf-id: vAcyXYKU1YUsVapIQdBAPQ7uZZusQYCrkBnqLjSdhv0cuSjMSIgmqw==

GET
H2 200 module_80868056874_Sidebar_Social_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80868056874/1694187419582/ 298 B
982 B 80ms
70ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80868056874/1694187419582/module_80868056874_Sidebar_Social_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ceca34a6609e849c64f553866eded7c217469d377e78d3fc21ff1c5cce67b388

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2037
x-amz-request-id: MH2ZF5S4KQX9Z9FJ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"89aa5586c5ead5879d4d5b61b6967cf2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1694187419582
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4WO6saQSE1L6hI9rKmFUUQEKOvD1DpjF
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b01f26d3-9fde-4271-a80e-550f58110aba
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 149
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3ThKSjhwXkEqM9a2wnb3EW1+jsaHpXgWufoG5qkKsLFlzZVWhDaT9i1tAy3bq70Thp7TIL7pxn0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: b01f26d3-9fde-4271-a80e-550f58110aba
last-modified: Fri, 08 Sep 2023 15:37:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5j%2Bii7emCG5m1mhXg6x0j0qHUPXFaiPdzXVzdrsrdRvSlOwzKmcePa31WPy%2BOdvIyn%2FqGcqBt9j%2F4PmgJjS7o3cccU28iwLofYV4%2FehBwDnUsAPdOsUCa2FATMmSjpzIDPiFGjRzo8nvotanql22DZossA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-xmkgn
access-control-allow-credentials: false
cf-ray: 83845fc61dd64d44-FRA
x-amz-cf-id: i7Y8tixXKQqrfPntUR-7SP2B0ecmS-_Qln-d3YFC2dSSXRBBjFVnZA==

GET
H2 200 module_80857835930_Sidebar_Blog_Subscribe_-_global.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1699699994617/ 717 B
1 KB 75ms
66ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1699699994617/module_80857835930_Sidebar_Blog_Subscribe_-_global.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9f3dd042bf1796ea7b2921bf72f593b94e9dffec3ac744661e3a0d0dd2b5210

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: H51J44FGY2VCW1RR
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"50bcc72c6a8c541c2a2fd0a9d8186d5a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1699699994617
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KPj9iAOkHyMt9QNfhAflbAEosIHnPjtV
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: cd62f145-2c3d-4141-9913-7d0347f11204
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 142
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ryWu2KvvZI8ujGxojwmt1PXmOkXOCpFkBt5hcoAKByA6+lOSoqk4HKzhsaEavVPLqfQFFFrtVGM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: cd62f145-2c3d-4141-9913-7d0347f11204
last-modified: Sat, 11 Nov 2023 10:53:15 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjNhXjD20K4qkuHds3%2FQUd0SHdD2h29proqN1tFdRIs6fQDk0P3aesHVMZFUefSjqTVkQN%2F%2FzNTdGxKhprgDXcX7RVJgysAj1LDLgYcbjH6Av9BmYFlGakdn0nCyrryYTSbzx0q7gEOKgWAXw8Ix0eqmYw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-l5wpd
access-control-allow-credentials: false
cf-ray: 83845fc61dd94d44-FRA
x-amz-cf-id: mrwI2oSmm0EAOzB4BFLlBxzCYxeNUnbScjS3tJqGvSxfyfY96RQJBg==

GET
H2 200 module_80864563080_Sidebar_Blog_Favorite_Post_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864563080/1699700043367/ 541 B
1 KB 77ms
68ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864563080/1699700043367/module_80864563080_Sidebar_Blog_Favorite_Post_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f8061fd33763925745e4349b693b994f563f17587b9505d76f4f6c70361b18a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: MH2GTC0TWWG8M4RE
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"5621d23caa8b30b89fd2a9a6fb44ba8f"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1699700043367
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: aRECFmNoEeDut9wYK2bNj285yckqgglG
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a9a5b6e1-1b23-4cf5-9ebe-9ee96b7b0778
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 198
alt-svc: h3=":443"; ma=86400
x-amz-id-2: q8qvYwypXESHnkPH1m4kC7q/0cL3bs9gE6CrFz51dyPRd/0goyzCk0M4LGiBy8YN8Q75lt7WjrZse2ql24U8Mc8M/iUmszT6
x-evy-trace-route-configuration: listener_https/all
x-request-id: a9a5b6e1-1b23-4cf5-9ebe-9ee96b7b0778
last-modified: Sat, 11 Nov 2023 10:54:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PyY7Yc8JAIOFUKAk857fs0psQA7ng8yJlO4kIO0NjuFiALV75WqMX%2F3hoqIaAuWueF5f%2FKWo9jFNdE2REqdFJYcyw9LTfDVVLHVk2moTkwrqUrz%2FL2UX5mPZ1B3%2Bxzog8k7ZZqUJVXIef67s66G%2FBwX0MA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc61dda4d44-FRA
x-amz-cf-id: Huf9vgFe1lfS6p4jqfSZjqhrrCTOhNk6j2hp_UimEeL6JXKnu4dRLg==

GET
H2 200 module_114796045952_Sidebar_ConversingLabs_Latest_Post_Block_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/114796045952/1700491114558/ 409 B
1 KB 76ms
67ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/114796045952/1700491114558/module_114796045952_Sidebar_ConversingLabs_Latest_Post_Block_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b94cd1a7c0ac73f67afea3ccb51f73d83769169d7cb705cb6acaa3341192485e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: H51V05D77SNKAGM3
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"16b1003f1148f5ae7c98bfaec0265831"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1700491114558
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: d1fZbWlg3X.2kOlriMlFZV4zRvJP0NEh
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 27ba7cd0-6e46-41f0-8c21-daeb0ca61a40
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 146
alt-svc: h3=":443"; ma=86400
x-amz-id-2: HWGoRoW1zgbS6ebTnwHhP0oqTjeT18sqzMPvbevgZFJjVPwVimMlDH/q8KT+IqUCdSTaQ9HatlU=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 27ba7cd0-6e46-41f0-8c21-daeb0ca61a40
last-modified: Mon, 20 Nov 2023 14:38:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sUQM96Fy1Otu5GamchyYQHmjKxkmjtf0OTHzya9Rpc4XYLYoE9GvmsN9NO0vZU6xMjcTn9GIFK%2Bgi2eFpDTLLdReQ7DEcccT18ooyIv031WmR83%2BzQd05Br9Y9IK7UNCJJOtF8UfpaWLsNGYC0XtF50LbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-xmkgn
access-control-allow-credentials: false
cf-ray: 83845fc61ddc4d44-FRA
x-amz-cf-id: 6k-hXfQl-iihZBC0nD_iMjNmvO4-d6qrYk1huj0hlNIvskHmspt9Rw==

GET
H2 200 module_115016303498_Sidebar_ReversingGlass_Latest_Post_Block_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115016303498/1699700315479/ 409 B
1 KB 73ms
64ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115016303498/1699700315479/module_115016303498_Sidebar_ReversingGlass_Latest_Post_Block_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b94cd1a7c0ac73f67afea3ccb51f73d83769169d7cb705cb6acaa3341192485e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: MEQVK6DCG9Z18EM2
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"16b1003f1148f5ae7c98bfaec0265831"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1699700315479
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 7b32163caf7e91fe96df7bbeaa58c0f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: JKcUIaIBPY6GDh9E5rOTktQnEgHSEVyB
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 1a77c0a0-3a2a-4b73-8505-b2be94fa7cf1
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 149
alt-svc: h3=":443"; ma=86400
x-amz-id-2: q8U60dpl4OFSZxz1lAuM30xcRdla24zPy65XyECE2JzktYxAdreCAcLXZm+5b+Z52mmNrJUPFzw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1a77c0a0-3a2a-4b73-8505-b2be94fa7cf1
last-modified: Sat, 11 Nov 2023 10:58:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YLGJd%2BA3YN39VS97aHOZ5iGOF1cebWwDFtDMSOTC190sy5ECNIcbn7fj5FkL1RvJMTlAeFfah1PvaR0gce5SNda12%2FYcDwNtq9O%2FbOu2icWfOAsEm73y0QOdBFFf646uPBAnQAIHrxghKevg0lzwRmT5jg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc61ddd4d44-FRA
x-amz-cf-id: hApH0xBHzEUMJBTSFZ99dfjX41uBGiQGVH0mJHm_QmV1eH-tG_6KQg==

GET
H2 200 module_115021731904_Sidebar_SPD_Latest_Post_Block_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115021731904/1699700391059/ 409 B
1 KB 115ms
107ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115021731904/1699700391059/module_115021731904_Sidebar_SPD_Latest_Post_Block_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b94cd1a7c0ac73f67afea3ccb51f73d83769169d7cb705cb6acaa3341192485e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: H51XG83FR76XNHDQ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"16b1003f1148f5ae7c98bfaec0265831"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1699700391059
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xjdwON7QXhKiAK1KchW9mj5AR4GXZ2P3
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 7d45c326-9c44-4308-aabf-4d3cb2124096
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 176
alt-svc: h3=":443"; ma=86400
x-amz-id-2: iGPMLkBj6hmp6L6JJ/wsVlu7yRt7rLD5wlySIEv/j+8Vfk0JQy+unSMB2ERPJtYoKo8JXdaPP+c=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 7d45c326-9c44-4308-aabf-4d3cb2124096
last-modified: Sat, 11 Nov 2023 10:59:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o1z1PaosriXn5fEOjVQDSQ7VtxvKU%2BlwKekNiiajmPqEf1wHMAcMqRNyHzhu4mx1OswMhoXenvhHjMX%2B6CthApT%2FVQdE6ZyDZvbml4bK%2Fo7l7zBC68%2BOBOJImAf6Ztnh09tMKhag6%2Bkfa7ei4SToETDeyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-gqrq7
access-control-allow-credentials: false
cf-ray: 83845fc62ddf4d44-FRA
x-amz-cf-id: jFYoo7VhYOi1VQaSNR4TaDQDu0qzXoYkIBW1Q_cEIuuRCmTASK1eIA==

GET
H2 200 v4.js Show response
play.vidyard.com/embed/ 70 KB
23 KB 103ms
31ms Script
application/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/embed/v4.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e492e5bd630a86a679a9ead911fc5e1e155d75098344c375131c40470e97396d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 1
date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 633
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 23031
x-served-by: cache-fra-eddf8230123-FRA
x-china: 0
last-modified: Mon, 28 Aug 2023 17:07:01 GMT
etag: "d22850d6ed493dad3ff1a51479d730cc"
vary: X-China, accept-language, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 80ms
18ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE6) /

Resource Hash

4c42962a901819fd2c6b69555f1e115b90f3adbb7900c15b74d9685dd7a039ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 2476
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163638
x-li-uuid: AAYM5vis97XAI3zuQBjpvQ==
last-modified: Wed, 20 Dec 2023 01:33:34 GMT
server: ECAcc (frc/4CE6)
x-li-pop: prod-ltx1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-ltx1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Wed, 20 Dec 2023 02:33:34 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1702914082322/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 118ms
73ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1702914082322/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 124354
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fda5882b24ca5a84d04d090722dc713b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702914083069
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 2112def0-1768-4453-9939-1e3a018afb78
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 153
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2112def0-1768-4453-9939-1e3a018afb78
last-modified: Mon, 18 Dec 2023 15:41:24 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8MfTiwfv0kWYWz5d9llo%2BpEFFzsXJgNnF16GA0f6b3PPU1I%2Fb0%2FXfAlJVluM3M3jdg6hPl%2FKsvJsu93kcHgIsz5LA2pYEDVe5Gh7kfofs%2FfNOoatYN0RbE%2BXzCjvUL%2BBsZKT0mFXggMwEyLm0j0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-c8b596779-fckn5
cf-ray: 83845fc6593e9137-FRA

GET
H2 200 RL-custom.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1699711648432/Reversinglabs_July2018_Theme/Coded_Files/ 12 KB
4 KB 77ms
69ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1699711648432/Reversinglabs_July2018_Theme/Coded_Files/RL-custom.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a94e1fd7de26b8bd3e63fc666c3d79bbe010fcbc98732cd4c617f99d413b99d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: HXAWHDHK476QZZ3D
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"327ad4cfa243a0ffb505777334db1866"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1699711649160
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: V_1_qqFbhp8w6nxvGZEJXB7hA5x_vW4m
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 77bbc47f-0ebf-44b7-a56e-69911824bed5
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 161
alt-svc: h3=":443"; ma=86400
x-amz-id-2: RkkkLQjHoUTD+bKdmw0D1z+7TkgGAudLzzwi1nG5mxikEwZP5/xkcNrG9V0R1Tje+3o3eeUMm/g=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 77bbc47f-0ebf-44b7-a56e-69911824bed5
last-modified: Sat, 11 Nov 2023 14:07:30 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPAbxNEeox4MIV3QRzsZPRe8L%2BU2%2FdERnjFp2I8MTyIn2Fm1wUTiRNRtmizZH3ympci3SJTThV1XwKeld5UswIFkhaNB8n0aj2PVxO6058HFgZ6nlKi9eYqeXspsTXhn%2FRS5Nq6i9fclkbB2HeVjT3gJeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-gqrq7
access-control-allow-credentials: false
cf-ray: 83845fc62de04d44-FRA
x-amz-cf-id: UW2RZmH9YJKlYIRLou4VdOar-ADtFoDB7CxkzuVe0zz0M4ncuFZuNQ==

GET
H2 200 Reversing_Labs_November2018-style.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1701691743766/Reversing_Labs_November2018_Theme/Coded_Files/ 143 KB
25 KB 126ms
119ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1701691743766/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e0a199d8c63738136f6932b2875fa8a39c8ac810410bf6522d2100d1cd7d0ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: HXASQC71JNA0Z1PR
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"40f159c42d433ff606aa7db7ea28a5a6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1701691745015
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: gb06b1WvD0s1.sXNeEA1OnxdubSe.y4J
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 078188f7-b047-4b82-a2bd-b3c15f97d0fc
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 158
alt-svc: h3=":443"; ma=86400
x-amz-id-2: WGbx60bwRMRr5vE51EFe1r8he7iCJwFyhL9WaCrmGvUpAXdl/k9JZttA0IoPP43am5z4Vt1sR0U=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 078188f7-b047-4b82-a2bd-b3c15f97d0fc
last-modified: Mon, 04 Dec 2023 12:09:06 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfx50xrrMW4SvPK%2Bi%2B6F%2Be4EGtd1fNuvK6ocEbzZweRN7%2BRf8%2FuSzjJR437hx8xYSJF8GPBMEjqOil796fF7wdC%2FCTNQwt4%2BDQ%2BwTOk4zTK0QBskl3cZQFLnVoYx5ABrXR7kIg0zAlgIDZUFl%2FdbjG8aoA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc62de14d44-FRA
x-amz-cf-id: nQydtfG66U5fYKk-ySaw7WLisA7PceukNFfwYeNnY3FLsifIJf4lXw==

GET
H2 200 site-redesign-june-2019.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10528761402/1701700496840/Redesign_june_2019/Coded_Files/CSS/Modules/ 11 KB
3 KB 147ms
139ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10528761402/1701700496840/Redesign_june_2019/Coded_Files/CSS/Modules/site-redesign-june-2019.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c63c167d6ff0aa2edead131abb184ea39ee633ccbdedb7e7605d79c2d647e24

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: 0729C1J3T963P0R1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"777e1cde1d0165b336ee5949a47e8313"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1701700497561
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nD_lp_FOzyoW1gKwwjzFFL7o2rznxKLX
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 1c7251c3-62be-49ec-a51b-1e451833146d
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 163
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 4vs2r7fCbpIhWiamuKT9+RD5Kh5453Y+CelbAPQn2JJr+2bxNmwTuPXgj3pHy3l5wgX37rLguRY=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1c7251c3-62be-49ec-a51b-1e451833146d
last-modified: Mon, 04 Dec 2023 14:34:58 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCjqwJzD645gqbnkGFk6jMBPqt9ORmFuQfa7syYs0c%2Fbn%2BoyyQfmJTUFg84KiJhcqbXDsctjLQJfMMZoU%2FoXW6iVk6o%2FsYcMJNcqk9g3gFj4%2Busoqn3IIv9%2FcZGXqhEtPM7GLfjayKL5tDmuWl%2Bq3CrXwA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc62de24d44-FRA
x-amz-cf-id: wDd_Na25G1lT-Z13HIvlKNHcXk0Kvk_ZIX7g0rKZ72TO4fY6ihl8Ug==

GET
H2 200 blog.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/23712622487/1699699392559/Coded_files/Modules/ 3 KB
2 KB 116ms
109ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/23712622487/1699699392559/Coded_files/Modules/blog.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b55385b7906037735336c7f18346a16a71febbf4779422ec1bb07cc539a1bae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: 072FGDSB75D1PR88
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"08d0ba8ba9cb84ca328192c67126f4b4"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1699699393152
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: zDiyvSNbih3mQpP1.9.nCth99yqkX3fg
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 95f106d6-9af3-4560-aa66-1f1a3e3f584c
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 174
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xkgfGPO5JIn4ERbQe5fYvh0sM0g5+JgnZwnbdKjbBVS5ItvgRzbRPMCimtuVAZ52IUF5zOWx3BY=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 95f106d6-9af3-4560-aa66-1f1a3e3f584c
last-modified: Sat, 11 Nov 2023 10:43:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=me7IQrfpOiWXyAya6g%2FF2uScqa1PUCeg8nk7KAFgkGMM54JDYzQL6baoLNTCrcfhBcv45cfJ1RM4%2BzA65XsAQtNV0zbseeReEK5izoVAhD%2FX8tHvBeIZMH8hQjQlApRU6whGIGAR5zlz2tfmtodI1liK%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-gqrq7
access-control-allow-credentials: false
cf-ray: 83845fc62de34d44-FRA
x-amz-cf-id: qhfrt50voout8SvcDtC8zvbDHC822Bs1wofHuGx0DqHws5XdtpgrgA==

GET
H2 200 conversing.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/70521421874/1699699461441/Redesign_june_2019/Coded_Files/CSS/Modules/ 2 KB
2 KB 78ms
71ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/70521421874/1699699461441/Redesign_june_2019/Coded_Files/CSS/Modules/conversing.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc2fab7ad17829305a9146a6a0db45bf46dba8b104548a2777c5583c0aff059d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: 072882AE9PFVFE9N
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"03194bf820a8d747a9c4e33f60a3d8a6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1699699462050
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tnQEYm0fq8pE.g1HQFFVgE87aKizhaY6
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 0c065818-692a-48de-bb41-a22044dfeb1c
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 237
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Ley5ng6wUz4F1k+ksi8470E2XpkflfOFpvJtZSS2IiosDh0+DWvlHYoCDYcKS7/Mn8bwYDHi2kM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 0c065818-692a-48de-bb41-a22044dfeb1c
last-modified: Sat, 11 Nov 2023 10:44:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hz9GkaANeQhuCmQqS1klemCZ5zmAZbZqZWb8ge9PPLBM9xuq0VW31suamy1Qn0fLIb5hJSptweatek%2FBOXY5rGKjFCz3uM6n3u4h7GAYwxIqP9mumpbC4nCKUMgqEyLqSZcKMz4skXrJz9xw9T4ZG2L2Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc62de54d44-FRA
x-amz-cf-id: nsDOIl-K0kogjTc7NzNM4ortO5S3KK_1nyqSc4NQEW4Jc-AMLlKxxg==

GET
H2 200 simplelightbox.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021532803/1569840493756/Reversinglabs_July2018_Theme/Coded_Files/ 5 KB
2 KB 147ms
140ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021532803/1569840493756/Reversinglabs_July2018_Theme/Coded_Files/simplelightbox.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c44bc92eb78d7b1596789095812e8c24f5c3f9b4835318cf329204d1efc37abb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2036
x-amz-request-id: H0VEBWC9752CHABR
x-evy-trace-route-service-name: envoyset-translator
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"9c259f55b65931c5838c0f7cd5f58f93"
vary: origin, Accept-Encoding
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Y9o3twj1TmNPLtARM7I8GKUA.atzxWnP
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 1f9d7118-d0ea-4d51-b4a3-c11d56c589ee
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 175
alt-svc: h3=":443"; ma=86400
x-amz-id-2: FfRLPK5U9zh33G2FIWMpTwTWISKts0ZrSOabsx/ufpJOLYE6xbgEEuf/Px1UEuF2rj7O156g4yA=
x-request-id: 1f9d7118-d0ea-4d51-b4a3-c11d56c589ee
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 30 Sep 2019 10:48:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFIAbL858afx2FmNFOjWfewmEhNPF9AUsXkP8ZD7OhVZ%2Bh1ArW4U8PLNW6mGpkVxHew5bOav6hpemC48jTAjPSwiilh7HkLcOhF6SEE%2BbLuHVfrRpQa%2FccdI7pZa04AwXFzZ%2Bt2rYtl6SzUTRLG2%2FTideg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-gqrq7
access-control-allow-credentials: false
cf-ray: 83845fc62de64d44-FRA
x-amz-cf-id: 3Krh0lCOscOrRn1QD3x8VTVfrvR9piaURPP87y7OyIfTBV-ZAXQGdg==

GET
H2 200 tag-list.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11708570900/1699699414815/Modules/Tag_list_-_inline/ 678 B
1 KB 147ms
140ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11708570900/1699699414815/Modules/Tag_list_-_inline/tag-list.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff534c713bd742f17f5666981a9a02a9c4c4831e3ba481412ae395c4d141c42

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3296
x-amz-request-id: 0VY0342BPYS5ERXG
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"31ed0dc5f360ee492410d3a78acceb85"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1699699415519
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: t5U5RUnhpouPH0nntvQkEsScNhBCIjli
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: ac25fcde-f868-4148-be82-cb72f1427a68
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 180
alt-svc: h3=":443"; ma=86400
x-amz-id-2: IWcdjrJ7/if3wtbaKUuL6/XWVqPZlm8jUP9ypMphn0AqSt4zXJbpQbcE053FdCluK9qlgPRpaaQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ac25fcde-f868-4148-be82-cb72f1427a68
last-modified: Sat, 11 Nov 2023 10:43:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dz%2FBnLCuPcTPUKUauXaQ01Neaggi4%2BIsJ4zhLCV4T6O9vFr7o%2F6bZcUI0P33dWYJTJYYZ%2BKgu5Jyroyq3sG76MZZUI9O%2BPLnDYMHz4FrwYvElTDOKUt12DmCwU%2FF5GgwuSzIV%2Bk8uHR4PbJ4hDmBHtVW6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc62de74d44-FRA
x-amz-cf-id: m5FZKn7mKIgIcuvHYk2tjFYN9Bo7rsx09eb0MRelops1u3MtYHebeA==

GET
H2 200 rl-logo-long.svg
www.reversinglabs.com/hubfs/RL%20Logo/ 6 KB
3 KB 122ms
115ms Image
image/svg+xml 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/RL%20Logo/rl-logo-long.svg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

da0183f97db8d8d2af9a74abfdf38270689dec5cc34c7b0ec229ba69e9bcc756

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
age: 87705
x-amz-request-id: F0GTS4NKYHGFZKEQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"d4a2965692559440f150bd2f13f6e019"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1697983483504
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Ny5kNhA6D3ymMFZxy2PPRX0g0w0iXW.D
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 83htF8NTryYJMCpwZxv33RdyJQvtA0VbXFOSKHwvchlHeqcvUCCRqjtIeAQaTOomFun7ZCFPKZQ=
last-modified: Sun, 22 Oct 2023 14:14:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VBdS2%2Fwq6k%2FZTsFEBiw68aUnhYYM%2B840wIGov1xUi3RSKMaDfgg8b5yGWJvC7kFobC9ZUIKmz6w1pWVisVtvLGmgDe33gzA4PXoMuwcMg2fw6eZo7Ma9bxAAltXZFMW7VmGdD%2FEWJ4fkdajS5NJK06zetg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83845fc62dee4d44-FRA
x-amz-cf-id: 12U7e2fvrleK2lGH6lKWi9KT9eCkwRPD_-RXEda1M2ZueNHs05Vxdw==

GET
H2 200 karlo_zanki.jpg
www.reversinglabs.com/hubfs/Imported_Blog_Media/authors/ 18 KB
19 KB 148ms
141ms Image
image/jpeg 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/Imported_Blog_Media/authors/karlo_zanki.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

262c51d03e4bdb5c91511e2df131b608a522b7a96c6a89048ceb90084b3402dc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-24367560330,FD-8444884887,P-3375217,FLS-ALL
x-amz-request-id: FD91Y32N5KQDTX12
edge-cache-tag: F-24367560330,FD-8444884887,P-3375217,FLS-ALL
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "c40419dee622f0738b5c1f8a5152db50"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: lfcykLsw0R1YXz10xZ03n4UPI8BPc.OS
x-amz-cf-pop: FRA56-C1
cf-polished: degrade=85, origSize=90381, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-24367560330,FD-8444884887,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 18276
x-amz-id-2: sWNTcgb5ihTphBGTCuynDeOCXCB9Y3Ocn4XVlsiXFFbqZW/B/KnT964QKISZf9Eouko+khc2vhY=
last-modified: Tue, 14 Jan 2020 16:45:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vTZ6CO2s9I6VuUxZkOv8Ebm4MeE4y%2F0aMDSWwXceV%2BjvntxrKtqKVFJSD9c%2FTYq2BVMo2jG5tkqzAFunjy1s7PCNFHYEVcHVodSZCq8zJVO%2Bk%2FA6l5rOfA%2FRPL1NdgcLtzDhU0zR5u6jwZuCm9O3owjWyw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 83845fc62df04d44-FRA
x-amz-cf-id: U1Fmq0cB_tNVWPhfGTKv41me53FcFRigFppav30noCVJbMNp5rJ3HA==

GET
H3 200 Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-01.webp
www.reversinglabs.com/hs-fs/hubfs/Blog/ 70 KB
71 KB 41ms
40ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-01.webp?width=1400&name=Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-01.webp

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

de2dde7256d42741ff6251d13c22f4540931d947619e1ee55ff8965445b7002a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-150420047960,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 71886
cf-resized: internal=ok/h q=0 n=20+0 c=8+0 v=2023.9.8 l=71886
last-modified: Mon, 18 Dec 2023 13:22:25 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfK2GFk9Cixyj0ExtAXzqYnO-1G4ubIV2ePdeCXg6EDQ:f3e7db381a7e15350b965a8abf77ab2e"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JK%2BK9zEYb4GywhH3rJN9DOcDlgpcrkCP7%2FG2GVPCEeYJO%2FgGztrrge8SgIb7dOPEahr9UKyDP7Krh4DMiKTINsI0CTqyhCwi%2FO%2BQAEF8NZjPFrEOinfPC0%2BpwXgX5vXlylu4fdXbdx8OSKW3hvRVzNpD2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc6efdb9b8e-FRA

GET
H3 200 Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-02.webp
www.reversinglabs.com/hs-fs/hubfs/Blog/ 39 KB
40 KB 41ms
40ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-02.webp?width=1400&name=Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-02.webp

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc1f11d398f826f3855f31d210b79d416b02e7f8201dd574625c1358224d26bc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-150420077393,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 39874
cf-resized: internal=ok/h q=0 n=21+0 c=4+0 v=2023.9.8 l=39874
last-modified: Mon, 18 Dec 2023 13:22:24 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfwvssGWuYEy8jzyDLTzdMfVZhG4ubIV2ePdeCXg6EDQ:46b731a7e3f2caa488b745a910a518fa"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFqWsMWaqsIVnhbSjKB31apIpC04mvEILKWNI%2BABBPbePBJA79MCCOHCBtcsawyDhP2mGPAwouZTuNmC5ITZXY6rGDpYu06WYfdC5gy1Ucbb3%2BTGtTCSx2mrjav6URYNOs5qPPjg9UfhmY1CzWekaq1P1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc70ff29b8e-FRA

GET
H3 200 Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-03.webp
www.reversinglabs.com/hs-fs/hubfs/Blog/ 26 KB
27 KB 70ms
69ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-03.webp?width=1400&name=Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-03.webp

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6294344ebba9d58c69a39884ec289f2256f0ccc846bc9dbc8762511802f19d2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-150420034089,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 26704
cf-resized: internal=ok/h q=0 n=13+0 c=3+1 v=2023.9.8 l=26704
last-modified: Mon, 18 Dec 2023 13:22:24 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfIK7C7M-fDVv8URL_8Ptk1zgVG4ubIV2ePdeCXg6EDQ:7359be3165446a7ab2e838818ada0a6e"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LWgL0HuB7DG9R19F1YmC%2BATnis33246OmLAnRZEJAzDvD3HyMriA%2B3naHhNMp%2BD5XPUQbzDNV1%2F2ob5PG87HQnPkRV9yV9lbK4zYBcCEkZlWT5uSeRdhQv%2B2hVv0HheNpKDC5eF7uu5v7EOsKj9m7He5%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc778369b8e-FRA

GET
H3 200 Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-05.webp
www.reversinglabs.com/hs-fs/hubfs/Blog/ 70 KB
71 KB 101ms
96ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-05.webp?width=1400&name=Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise-Figure-05.webp

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5601de4161ffa6ce27ab6c133e4a918b3cf6ebd3f9195509ab998398aa5b8e4a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-150420077394,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 71574
cf-resized: internal=ok/h q=0 n=14+0 c=8+0 v=2023.9.8 l=71574
last-modified: Mon, 18 Dec 2023 13:22:24 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfQx-Xl7dctiJBn9andHGRtWR6G4ubIV2ePdeCXg6EDQ:7d21ebd94895e84b1573d9eb927dff9f"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LpsxRq%2FwnQM%2BUYK%2Fq4ZcYoryZys3NrYx73is2ye9%2BA8sYUUhQ1HBDAsrElt0SYBGxQKRFM5Py3H5QuTyN%2BBTnrXwvWofQ7VQXYHLskjjwrybbxkuGP9SlyJgp45vAESGTLAJwqGFyMJ48CGUUWRoVT%2FYog%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc778419b8e-FRA

GET
H2 200 api-security-hugging-face-ai.jpg
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/ 43 KB
43 KB 159ms
99ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/api-security-hugging-face-ai.jpg?width=480&name=api-security-hugging-face-ai.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d79d912be2056b61d11fd88345b688c2a559277e4a567285d2918e129ccc423e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-149923228771,P-3375217,FLS-ALL
content-length: 44200
cf-resized: internal=ok/m q=0 n=465+0 c=15+38 v=2023.9.8 l=44200
last-modified: Thu, 14 Dec 2023 15:28:41 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf44_4GFifM_-6gY0GICpSfzSgzQG3Dz_JuxJXtzypDQ:4477ecadf50f26470943c10c28446e7f"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc7df233a9e-FRA

GET
H2 200 ai-system-guidance-cisa-ncsa.jpg
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/ 5 KB
6 KB 139ms
79ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/ai-system-guidance-cisa-ncsa.jpg?width=480&name=ai-system-guidance-cisa-ncsa.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88f4bc01ba7b5b0405602c4a7a421599c3a82c23adbc0bc78f7e3ac16cfa93c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-149622022819,P-3375217,FLS-ALL
content-length: 5572
cf-resized: internal=ok/m q=0 n=414+0 c=9+24 v=2023.9.8 l=5572
last-modified: Tue, 12 Dec 2023 17:34:35 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfao3y96fZ8rRqyuolfdo1L6cgzQG3Dz_JuxJXtzypDQ:88d6a802ef41f254794a909df73ca601"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc7df223a9e-FRA

GET
H2 200 mfa-supply-chain-security-magic-bullet.jpg
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/ 3 KB
4 KB 137ms
77ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/mfa-supply-chain-security-magic-bullet.jpg?width=480&name=mfa-supply-chain-security-magic-bullet.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cee1b21307178bb125fae02192bc67bbecb5fc74f585aee39299e43a1d3c3ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
via: 1.1 69ceaf2914bd01ec0e3201288b80afe2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-149453632926,P-3375217,FLS-ALL
content-length: 3158
cf-resized: internal=ok/h q=0 n=106+0 c=6+20 v=2023.9.8 l=3158
last-modified: Mon, 11 Dec 2023 14:54:21 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfZ69Js4wY33sk-iIgXqfe1_j-zQG3Dz_JuxJXtzypDQ:f36c8e8699b7bba8271d9be0f6029679"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc7df203a9e-FRA

GET
H3 200 tag.svg
www.reversinglabs.com/hubfs/ 946 B
2 KB 129ms
126ms Image
image/svg+xml 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/tag.svg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8dc97419c862f91c4279fb9e2d9a0b7b9b63982ae1d3700a351ea1950c46f564

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-79211394341,P-3375217,FLS-ALL
age: 93138
x-amz-request-id: MH2MA1MZMZV4QB3Q
x-amz-server-side-encryption: AES256
edge-cache-tag: F-79211394341,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"27594f47645e4d58406fd3cf3d07e0a2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1657811796583
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 9570c3a1725c20e6faed117bbb74223a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: aRYhGFr8YswkXmWbJnGhRE6TAiUwxgKw
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-79211394341,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: DQFGeazENnn8AFh/4YN1FV3Y0SmM2sBr7k95C7daxddCwU3Vc2Zay7pWzkvRbFxi/rJGg+qA5Ww=
last-modified: Thu, 14 Jul 2022 15:16:37 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IhoVlNsG%2Fga%2Fywb9emwhXKEgDXj%2FSf%2FBqX0KS5JPqV36nSstIrmkzZDDKixrXnwR%2FrCJPSIDMXB%2BPqxBHOOiq0fZob65pWmgdlJqkoSL1l63RhdCmb5xWrE5k01ORJzXtU28Dbb%2BQzjX0D%2FcaVg8%2BHwFOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83845fc778429b8e-FRA
x-amz-cf-id: vTB9WAz1FNpPtIZgcwAJ9rDKej1NK7uPuxxKkl_6KmAHVta-jmUuZg==

GET
H3 200 puzzle.png
www.reversinglabs.com/hs-fs/hubfs/images/ 190 B
1010 B 67ms
64ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/puzzle.png?width=24&name=puzzle.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ba44383bc980179d0772e2785fdb088c71034b7c54607e739bc56c0e1002250

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80971515058,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 190
cf-resized: internal=ok/e q=0 n=945+0 c=0+0 v=2023.9.8 l=190
last-modified: Wed, 03 Aug 2022 11:16:38 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfTEUp8Ew9ax83YU-aC7YLXg9u1csUNuQbJ8Ycnj_pDQ:e388a2e47cf27a736b1d0bbd369fa3d1"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTMyoBH%2B2WoylhghRyVW6uHDfRv5f5sN%2BIyQjidul0cJ79S13amnpe9GZnPr1hbj2QE9PDvpMiMjFtzSOIop%2B5JCNdfHsVI3fsZont8Vu3%2FqxLf%2BWfNB7aLeyR8d5hlg3AnQCxwbAQS6SNJt8WO%2Be%2FGcvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc778449b8e-FRA

GET
H3 200 tag-dev-devsec-ops.png
www.reversinglabs.com/hs-fs/hubfs/images/ 170 B
986 B 62ms
58ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/tag-dev-devsec-ops.png?width=24&name=tag-dev-devsec-ops.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

94e9a5e460eda83b3532d27cbb92a176ac95f1429ae89f9164d47a29d3370ee2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-85478930439,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 170
cf-resized: internal=ok/h q=0 n=8+0 c=0+0 v=2023.9.8 l=170
last-modified: Tue, 20 Sep 2022 12:31:04 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfv7c03z3Ffq_nGeIA5yKSc4mh1csUNuQbJ8Ycnj_pDQ:9183b185622ef93c463aaa428f1f5ec1"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oOTPmVQV9U7ZkPBNHJCxDamYZwjLWhuq7HMyPzl06WyNJXsZR2KDqAZFenyiXHFkedMFYegsZ767EGrHuBzI%2FEdEzqd70jhGS9h3X9SIiqmLPu6RMr2A1Gk8%2Bw7nvjJjT3ICHahp%2B2QfZq3Kr3ytKTwcpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc778459b8e-FRA

GET
H3 200 ico-threat-research.png
www.reversinglabs.com/hs-fs/hubfs/images/ 292 B
1 KB 68ms
65ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/ico-threat-research.png?width=24&name=ico-threat-research.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b1ecc91aa14b48acb2f7655cc2f4285d7839ab8d239982d4473b02917cd55db

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 f2fa38e6635ded6d22a69d089217bc90.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80135253149,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 292
cf-resized: internal=ok/e q=0 n=875+0 c=0+0 v=2023.9.8 l=292
last-modified: Mon, 25 Jul 2022 15:07:22 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfUSLvJ4c4Cy57IRZiA1hwxqgf1csUNuQbJ8Ycnj_pDQ:e7151140ece53d72171148a7324d4b11"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDBwVT4BjEPwV3%2FoORnuFCOpMZTx6LHaEtJp%2By1JnPq6fQiSMiDmjWYrdiJlUZJJUYqsX3aG5iDD7ffrKIKuOTBGK8TMwx7Hjeunhpj8wcbzpzMsFGIw0AD7JI%2BMN4pI1fVBKDdRy3ecm1ZWklQsr7xOKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc778469b8e-FRA

GET
H3 200 alarm.png
www.reversinglabs.com/hs-fs/hubfs/images/ 224 B
1 KB 66ms
63ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/alarm.png?width=24&name=alarm.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

be806513bf84af0e310b27e6d4c7eaa56119e06690c7b0bc50d728b7e82b3c9f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80978517010,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 224
cf-resized: internal=ok/e q=0 n=931+0 c=0+0 v=2023.9.8 l=224
last-modified: Wed, 03 Aug 2022 11:17:23 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf8LPChb5JPnuX8S6grriML_Pq1csUNuQbJ8Ycnj_pDQ:e129885aca10039ee2de1413175bc2d5"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4N0%2BHDDD4uTXrPhayPBdcXr4rwyY3VY6oogB0%2FzytQHEN%2Bh%2Br%2Fd6hK8DRMQF6mKAi6pnaKQJpP4Fb8wJEIK06II%2FBOSPwPJKzlwYVG57ej6spPHtVgvsFMqscJBaci9HcRBqNglxFRAl9i6c2xqVMNBNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc778479b8e-FRA

GET
H3 200 terminal.png
www.reversinglabs.com/hs-fs/hubfs/images/ 198 B
1017 B 60ms
57ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/terminal.png?width=24&name=terminal.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bc7148ba69c82eccc86c4a9b90d4cf456d9129c9503ad143c8005735f3fb8ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80972444337,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 198
cf-resized: internal=ok/h q=0 n=8+0 c=0+0 v=2023.9.8 l=198
last-modified: Wed, 03 Aug 2022 11:18:30 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf6bMIImIWOdGtWqvTkruXE1Mt1csUNuQbJ8Ycnj_pDQ:df29f53ad31749ce8ebed7c59dfda5a3"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zxRKoHI3BpJm7xzAkCnsEJQ65djZp9XicXtcP4OKDhZYDX7fNlDWwyK7HLzS4Vw%2B%2FM8aFDnTONQ2PxeDJ6WdeRsNJEkEkfO5GSv%2B8iuRiSjWnTLj1oQkSLPgxTC3bzw1QBdtxyn88k8xk6kG9sXHAmYeTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc778489b8e-FRA

GET
H3 200 calendar-three.png
www.reversinglabs.com/hs-fs/hubfs/images/ 222 B
1 KB 128ms
125ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/calendar-three.png?width=24&name=calendar-three.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

09d01a00c23781420e6623249a514a995ea7dd8417159f308ca5391078243928

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80978517087,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 222
cf-resized: internal=ok/e q=0 n=830+0 c=0+0 v=2023.9.8 l=222
last-modified: Wed, 03 Aug 2022 11:19:08 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfSCUVVewrbUrCezSPDCvLRaq61csUNuQbJ8Ycnj_pDQ:18503effdeb9c9bf3130e4d9c19e5f39"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FjRkkuK1oE4nhH06Bb8R%2B5bI29F3RB2grS4Qnt1mRhQmQQiaexgwDLdB4RLNUBazl9QNOF3C5pF8SNcvAb3tad88zEuxnPmE6AM7AjS0ALCsMVuQ8XNZFG1PPU83F7%2FgU4KrdS%2Bdn4KhzxlnhfXiuKKb3g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc778499b8e-FRA

GET
H3 200 ConversingLabs%20S5E5.jpg
www.reversinglabs.com/hubfs/ConversingLabs/ 89 KB
90 KB 129ms
126ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/ConversingLabs/ConversingLabs%20S5E5.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

89f1a01bdefa7a1d5ce3632bf7ac23bd6c16ee252987e78320895ecc43a9e43d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-138170570617,FD-69168798251,P-3375217,FLS-ALL
age: 93137
x-amz-request-id: MH2WRPKH75Z9WGJD
x-amz-server-side-encryption: AES256
edge-cache-tag: F-138170570617,FD-69168798251,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="ConversingLabs%20S5E5.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "a432212e019e7d15103cb68bfaf2934e"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1696440206800
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 29d33c5cd70a6501fde7bc2dba557906.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: yV9HSVCqO3iyyFU7yLWeEURuNR.U07jv
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=272344
x-cache: RefreshHit from cloudfront
cache-tag: F-138170570617,FD-69168798251,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 91044
x-amz-id-2: yv54P8CI/gGYB320HxKHsZAOm5QTwH3/Y7SqyPYhll0ihi6cp2LM2IjIloqc2ci5di6oaX/6zaA=
last-modified: Wed, 04 Oct 2023 17:23:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=folY1VAf5zfZCy0qRvAkMKQRzbmBrESn%2FRDuRXZdzFIcYFoYcK7hGEQgXqIvONBBgPjsN2YC5nw%2FxYjIxIvDA0IfWRigu39dPku6CFILobY58RmiqHgTGgzyrpzUDupPSXw%2BMF7SXupUAoYfGqnocCxPoA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 83845fc7784a9b8e-FRA
x-amz-cf-id: QvMf6TiUpySXypw6Mdjy2JY8FiWLKA5oIPDtG-34mWEV_6mbdnqAQQ==

GET
H3 200 ReversingGlass---WEB-1400x732-1.jpg
www.reversinglabs.com/hubfs/ 163 KB
164 KB 159ms
156ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/ReversingGlass---WEB-1400x732-1.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

87c6ad7fecd2610fd2d6074be70803d99f2f043d410501633e3147b40c692d1d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-149743636845,P-3375217,FLS-ALL
age: 93137
x-amz-request-id: K0YYBEFRTSSW0KRN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-149743636845,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="ReversingGlass---WEB-1400x732-1.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "ca6632a1a88881e5979d525ee7efd313"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702478733875
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: gpWeztl7PT9OKNASn1JPTFPeUBNwKPDs
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=304227
x-cache: RefreshHit from cloudfront
cache-tag: F-149743636845,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 166580
x-amz-id-2: JaMLw/P3Ahk+BngHKYYZ6U29zb7jeZiX97Z/5OrvkwpqvmKnXUIpYucSJiDeucCbHmC+Bd3eHze40lNrw6wHYhwGP1Ht1Uy2dz5H2vLVMUg=
last-modified: Wed, 13 Dec 2023 14:45:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FQ0DwickXcbdecK5WKlcW1I4iHn29%2Fnbij9jagSDMcblLs5FMML8BiZQdJ5ByBa4w3aFkkj1pKEmCg5Q5fpISsxWkjFUpeAxa6lzPNXjgfouGW5DEafsLW%2FzZfHx4WPCOAaSmy1hBDRxfZf3Z%2FiYZKPoxg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 83845fc7784b9b8e-FRA
x-amz-cf-id: EuEYnMCiQW0pQGK9C-YR8P8uITYYhVi57hDVDIFvMotqLMftuljwpQ==

GET
H3 200 Software-Package-Deconstruction-Zoom-1400x732%20%282%29.jpg
www.reversinglabs.com/hubfs/ 99 KB
100 KB 67ms
65ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/Software-Package-Deconstruction-Zoom-1400x732%20%282%29.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

49ccd6ef67a5506a1c8ae4ca61d9bcc2d3fcd8b70dc6ce7ef7ee8977a49856ff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-148136481853,P-3375217,FLS-ALL
age: 93137
x-amz-request-id: RB7QATYAF1YHY1VA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-148136481853,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Software-Package-Deconstruction-Zoom-1400x732%20%282%29.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "e24b19bd64dceaf213f98abe5326d74f"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1701443562319
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 29d33c5cd70a6501fde7bc2dba557906.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: O76Eg2t7ulZM8aaGKlwykHV.LYd8SPRm
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=386877
x-cache: RefreshHit from cloudfront
cache-tag: F-148136481853,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 101148
x-amz-id-2: rcvrjf5dYo4uJ4ZDo0UTI7OZq8ButLxrAS8G9aeDulk6O3HOWhqc+UBL8d6oTyf/7+2WLYOzmfs=
last-modified: Fri, 01 Dec 2023 15:12:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vkv6HQwbIOOcTC8IOpk9Nyepzf1BZDpgSEl1byt6ugyobLBQ%2FxAzQHNVIUPhRrsieIWGROWjFGuKQQG7KVr0%2BPUxYZ2wq3Z%2F4hHTKx%2Bu7%2B09KoZivbPaXcFQldr1OWvQzT00nLCssBjFtDQpqO%2FXbyA9jg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 83845fc7784c9b8e-FRA
x-amz-cf-id: dJMPlN2k0yZSzzNYxBt1iGMzKeu4bcDvuIB7HSVlUAG26DK5Pw7-GQ==

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/ 85 KB
27 KB 97ms
39ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 974335
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27437
last-modified: Tue, 01 Aug 2023 17:19:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93eb6-6b2d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sk7frPJnTk%2FDKp2dbJu1GbUMM3cZUgCxqpIufzF61fVv9QN5pnOPH5Pe6FHZXhNqhtNl78QteMXFbhc%2B4Q0kSbbGvPc71ag8QwAnvWG22nemmcBbj%2B%2B6OyqVCsAw4Cyq%2Fq5ASHhEwU%2BhN0dwktUNs6dE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83845fc7db0b9201-FRA
expires: Mon, 09 Dec 2024 02:14:50 GMT

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/3.0.5/ 2 KB
1 KB 86ms
29ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/3.0.5/js.cookie.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3286892
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 740
last-modified: Tue, 01 Aug 2023 17:49:43 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c945b7-2e4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TxVdGJo6aMaYXBmmWBCYKv4AZcJ%2F7CPeMLzHuVpumz78Xxpfnpt7bfS4cCPCX%2FJcfV6USu1p%2FjDg4T4nDo9IVXMFCij5t%2BIBddPKVQQEJof%2FcanX5qFnzz3EvvelTZJHfUwqgRL7BrhgTfr%2BAuiOaBIa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83845fc7db0d9201-FRA
expires: Mon, 09 Dec 2024 02:14:50 GMT

GET
H2 200 tiny-slider.css
cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/ 2 KB
929 B 98ms
41ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/tiny-slider.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9b8906a8b7540b8accfd2a491c0821d6bd6d8ccbd4ab53a56da8906ff028423

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3280584
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 573
last-modified: Tue, 26 Oct 2021 21:33:28 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61787428-23d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D6s9XRuv2LY8w5b6Z2LFKgEc1K%2BHuVZGXGbTGwlJ37dg77AjUv7XjaGLCtGqIhbSMhEt8p9Pgv%2FeCzxZx1j2A8IWwdbglXTVDvSh5XaamUMeT9qFZLPcun1WyNdqeGFHwuo6hv1E6UhqG5hicJnA8Is2"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83845fc7db0e9201-FRA
expires: Mon, 09 Dec 2024 02:14:50 GMT

GET
H2 200 tiny-slider.js Show response
cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/min/ 31 KB
11 KB 99ms
42ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/min/tiny-slider.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46c40fb973de87b70f9c738df7e9dc501f85fda35e5aac8aead035ee6957a625

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3610805
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11445
last-modified: Tue, 26 Oct 2021 21:33:28 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61787428-2cb5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vzDBXzItrb2dlUNhVvN%2FsW5rR%2BnUFjsjP03Psx5uDPxba4pIvH6oazacLEFIJ9MCaWT9CyweEYq9u5ECDn8D0G6nB%2FCwNpf6qz3H2YD5JZjEha19XATtNDfdLwUfUCWM3GUWRUiLVj5WsKLontBeIKEM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83845fc7db0c9201-FRA
expires: Mon, 09 Dec 2024 02:14:50 GMT

GET
H3 200 functions.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/139051314810/1700042430989/Redesign_2023/js/ 14 KB
6 KB 130ms
124ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/139051314810/1700042430989/Redesign_2023/js/functions.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

61a6be0215d1b05c92be6e24d60efd13b37c7e44ddb3b4038271979298c0e14e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1756
x-amz-request-id: 9N5A6D6JP6T59X6K
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"5bdc0dc9d855ae19e0b4203cfddea3f8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1700042431349
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: DfBDjNqMMAH39fdeQN0m7ghCbZ_NTDHm
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b301c717-fb7d-4364-8a35-fd1aad2edb1b
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 194
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9x0eEJB/7tSeRMmmxyHFBzhrtruXDQv6rgPWUvzW4xOQXKx7DlKIO70Xrk7G9S+6LQyYr30V/Ss=
x-evy-trace-route-configuration: listener_https/all
x-request-id: b301c717-fb7d-4364-8a35-fd1aad2edb1b
last-modified: Wed, 15 Nov 2023 10:00:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=os84XNAjYrWf9Dw9sMiiq4gIM5bviGrfeqq%2FYvjAt1nNNheAPhAMlh3DxVeDZTAmmb4p%2BWPGfWw5tTuzeNTDrOl4y17Fz3L7ksRb6mHvf9xPD5dQ7PalIvhMNUMrXkh8ppjzTHz4RUXFr7HRhkkCXvWX1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc7783c9b8e-FRA
x-amz-cf-id: vL6Xz-sw97om3QJ_0b8N9vPZFclnXAwtMZq3znYAULUJGdjC1Ux92Q==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 99ms
27ms Script
application/javascript 2606:4700::6811:c060
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 bc3ecf5f025b0be9b8c39c5dd2dace2e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 1899567
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IRG7dcsKObR%2B7thMHVVFasTDC%2BW4cvLAXmWki%2BFODdZN2cR%2Br6GRF2aGd75FM%2FdqZxFGJa8YffyATQxO38kY7oJPSsJDxMpSXSopI8xxMTp2kdzNNu6GTu51D6jdgydI4g0W1txU3C9HSdFSxGgjCVahfKs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 83845fc8586119a0-FRA
x-amz-cf-id: rhXOpYCNrMtoy20ZREGupaV1U7uo-Bc8S9EIj4CITWJ1slMr_M8V4A==
expires: Thu, 19 Dec 2024 02:14:50 GMT

GET
H3 200 simple-lightbox-min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021916068/1569840500063/Reversinglabs_July2018_Theme/Coded_Files/ 7 KB
4 KB 101ms
95ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021916068/1569840500063/Reversinglabs_July2018_Theme/Coded_Files/simple-lightbox-min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6dc97993d7e4803aeb35d0e9a24f0393eceb43de5f7ff0f0e437f1b05aea4e2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: MH2ZN57BXZ8VNBH5
x-evy-trace-route-service-name: envoyset-translator
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d02c339064b8d2b370bc4e18fa6ae421"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FsEJuIr7CYCWLWb_isdf3JLdbLwDP7p.
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 27145378-454d-4f0a-a6f7-83c86cf69661
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 164
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Vn0VxkAZTz3G5+4j73A4SH6KSPLUQ2lPbK0TlXLA1quAysLCZEdJPEE0mebdxF65q7BfzFUCJz8=
x-request-id: 27145378-454d-4f0a-a6f7-83c86cf69661
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 30 Sep 2019 10:48:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UICv3jmSYqMRApoTG4ePN5H3HnqmilbiZiPryiOVDilozgXTOOI8nK%2FUCmdlvcg%2BqqhzhDP9rg5ZW%2Flmxo7wn%2BWEIv9anffJGyD949MQi4w2bJW%2FwdbC%2BDKDpKAhIeoUtENtrU9TKU4QAlVr6Lics1YJ4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-f4gp4
access-control-allow-credentials: false
cf-ray: 83845fc7783d9b8e-FRA
x-amz-cf-id: tyW1im9Q154ehhu0gdxeY0H_s5dCyeEIDmltV6c4Rvl_uSVPwcDzdw==

GET
H3 200 rd-2019-main.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11190015046/1639664698263/Redesign_june_2019/Coded_Files/JS/ 2 KB
2 KB 62ms
57ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11190015046/1639664698263/Redesign_june_2019/Coded_Files/JS/rd-2019-main.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

589ec6096d83ed322d2e1cf7b85f978ecfe80dc19aab6ac106ef5e2352e32269

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1756
x-amz-request-id: AACPRTD7X2C7XXT0
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b2a254916a67659b4df42aa3c333359a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1639664698586
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: I5.cidQ.vGRls6iGZkmuPTBztEr2IVdj
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 17ad7e57-a54b-44d8-a72b-9d8ba5a0d696
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 174
alt-svc: h3=":443"; ma=86400
x-amz-id-2: PrhoduXM6oiK5en8pe4usYSD43znsK5PqhHp9SrHJnTQG22dLUyNR+I7MTIOhUPBl/EQBKhtwO0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 17ad7e57-a54b-44d8-a72b-9d8ba5a0d696
last-modified: Thu, 16 Dec 2021 14:24:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hNL8dMsaocghMMJE8EORKtTDzbkQCSvczPARTp9zDBwONfzTUK%2BEwjA%2FmEbkxCUe2zQR1mQUXZZvLcjBnykwlCtwFqtmGjGnlmgk0Gs9c6FdlWrh74qP0IKmiQOWL7hoPC8fpjXqy%2Bg7WYlUg5b9d3SvgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc7783f9b8e-FRA
x-amz-cf-id: pLlNOwsjxhKx7f2DdxaFs9XXV2a57tVO8dsRnDfRU3GDZ1pvf8WY2Q==

GET
H3 200 module_36845096476_Blog_listing_card_grid_-_p1131.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1694005993526/ 723 B
2 KB 131ms
125ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1694005993526/module_36845096476_Blog_listing_card_grid_-_p1131.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

96012ea1e665f4555d84592c02ed5ee2ae06ae12e7869c7878a9fb15cf2bd729

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1756
x-amz-request-id: VMGM4NRQ77C6GZMA
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a26b824a33500d5b24e748588dd1c35a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1694005993526
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Zc8VNRbGNZ7_e51OLWYieCbqMbEEfDx4
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 462a11b7-8cfa-46e0-8de7-41543de7396c
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 225
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Cy9cBkjSHWJJ8uprSDpqmc+dmrzNHJ5eKeYkZx0SnhW5kTYlt/G7fmJDyYvoacHHIowzbnhKL92GG4JM0M3asGHcVXpjLdIWKIWLIhbCe2U=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 462a11b7-8cfa-46e0-8de7-41543de7396c
last-modified: Wed, 06 Sep 2023 13:13:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BGyHk9lu6%2FJEUGZHo1Q4j1L8G2%2F%2FLpjrmfYbrfRF%2BxivS2%2BfzXsomKfpN8cvXpHHmHMLsfBSGAdB8UY90tB5lIzhT317MYyObiiTqkUjbIdIBcwz61M24qMSnv2zuiCwtgtfYDvqJcUTT9G1M0ExRdvuZg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-g2j2f
access-control-allow-credentials: false
cf-ray: 83845fc778409b8e-FRA
x-amz-cf-id: Y5KRYS2bh5mAfSoJ0erTOrTUVjr_R-zbz1TRMrS9N4Lrz73miuXePQ==

GET
H3 200 3375217.js Show response
www.reversinglabs.com/hs/scriptloader/ 3 KB
2 KB 211ms
208ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/scriptloader/3375217.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

67637724eb8e1c4f62c0365c6eb9c4fb62ad5f384d0912711f325d004db5e2a7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4c4ccc36-c3c5-4951-82e6-74147ae3151f
content-encoding: br
x-envoy-upstream-service-time: 19
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4c4ccc36-c3c5-4951-82e6-74147ae3151f
last-modified: Wed, 20 Dec 2023 01:45:34 GMT
server: cloudflare
x-trace: 2B2CF2636B9DE5DAAFE3596BCEDDFC26F6F0CEF3D7000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-k6ngs
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b7GfpN1rWCMo4XW8kiN46fkCD3iFBVIBni0MFiqed5c0g2Ykb4%2FaRQf5ddZYAeqfT52kdbBQLaemNxAgbmfBlaUGJ8WDPaA8MjT1nYWYyMqRJKdliglwkBPxNZ%2Bx%2FIHr9D9qUa2ITXb6z0V77W%2BFwRIsqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83845fc7784d9b8e-FRA
expires: Wed, 20 Dec 2023 02:15:50 GMT

GET
H3 200 index.js Show response
www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 181ms
179ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 04a40fe66992666426f66bb0ade3912a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1795473
x-amz-cf-pop: TXL50-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bYxxHOVaV7334zZ1b8B0A%2FTyVpF3oyT%2B8%2FHV1b4GFT6gJNIL99JtzLqEWkIvHgSfU8bm%2BKoNSI3ePTelNJMAWtuXTwUvExS7xHdKMxhJejkZlo%2FVO1L2Lz5pPKrSFR6ihCK%2BDJk3CCGIBcOkutruB3GcqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 83845fc7784e9b8e-FRA
x-amz-cf-id: 8NRs2Wm2ubi5t9HUvpgx9SMwAJYAnsUpgxBkSQl1rau6_0XB0E7nLw==
expires: Thu, 19 Dec 2024 02:14:50 GMT

GET
H2 200 cookieinfo.min.js Show response
cookieinfoscript.com/js/ 7 KB
4 KB 105ms
32ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookieinfoscript.com/js/cookieinfo.min.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 6RJYSPX08DGHQTE7
age: 3508
x-amz-meta-cb-modifiedtime: Mon, 03 Jul 2023 14:52:01 GMT
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 26+TfNo9h0/JBciQKN6K6HhNLIktPZJlkSPSP+aGwxvV83x8k+uFxv9+l+bqIsWXM5EjrvQ1/Bc=
last-modified: Wed, 05 Jul 2023 10:39:27 GMT
server: cloudflare
etag: W/"d15d93068c1121f63008407d339bd819"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O0r2P7y%2FzXn%2BmuxC%2FUtW%2B5nmoa2b70slbxOMfILi%2B0PrI%2BDnsbRuVQFkNHPBpFjmY58kmqrPupzonTBYsNP6msJIo9e%2FvAhu7CX50k0jniSy58ccLb7x8glwQntxbCD3L%2ByMeNN%2B8d7ZimMtuh%2BvwHxvqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=2678400
cf-ray: 83845fc7eb3dbb8f-FRA

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 5 KB
3 KB 103ms
31ms Script
application/x-javascript 65.9.65.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.65.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-65-116.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Wed, 20 Dec 2023 01:34:58 GMT
Content-Encoding: gzip
Via: 1.1 df7c0ba7857d5300ae11e7566c926f16.cloudfront.net (CloudFront)
Last-Modified: Wed, 20 Dec 2023 01:34:49 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C1
Age: 2393
ETag: W/"b7474eac210849250426a8f6a39d00f3"
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: N3hLDMpGMWxFPO2nN40x08wb2lrpbmJgv_CtWEJkrXykC4e_9hQDhg==

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1017 B 112ms
32ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/144306795402/1703003530161/Redesign_2023/css/globals/header-transition.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e40c8f9d7a3c7c71ee109b2ae4df7dd9b6e3b0cd287d77f9a98312c53392ae25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/144306795402/1703003530161/Redesign_2023/css/globals/header-transition.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 20 Dec 2023 02:14:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 20 Dec 2023 02:14:50 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
871 B 110ms
30ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,100;9..40,200;9..40,300;9..40,400;9..40,500;9..40,600&display=swap

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/144306795402/1703003530161/Redesign_2023/css/globals/header-transition.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4d6f3ace3f5adc9c94b8d15cc5e184ee98ab1f4743a04941476a99c1aee29ace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/144306795402/1703003530161/Redesign_2023/css/globals/header-transition.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 20 Dec 2023 02:14:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 20 Dec 2023 02:14:50 GMT

GET
H2 200 hotjar-3176008.js Show response
static.hotjar.com/c/ 9 KB
4 KB 137ms
39ms Script
application/javascript 18.66.97.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3176008.js?sv=6

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-53.fra56.r.cloudfront.net

Software

Resource Hash

654addb521083268ea5c6d1e4ae5c6f8d26d43a6429c96d05c285362a73dfd23

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/833b2d3beb8a1165c41742df0af82946
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: vNVCS7n472ynJi_7MUqdgnr6fvIq4MlhmUrU6i9rDdVYarz-4kcEQg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 292 KB
95 KB 117ms
51ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3ad18adbeea16ce6ae9bb5a31c632b37a3f8f1d944736884c1c4e30199ff1d76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96986
x-xss-protection: 0
last-modified: Wed, 20 Dec 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 20 Dec 2023 02:14:50 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 69ms
21ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 20 Dec 2023 02:14:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: wnbhj0sCKoX0D/J8aSKgm/vnsC5a5isBdkCW4Ewi6M9d3TOtkkJWqEtgF155oXJKbjWHaPqHfX5xeRTllTeIAw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 116ms
52ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 08:53:59 GMT
x-content-type-options: nosniff
age: 62451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 08:53:59 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 104ms
40ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 09:10:14 GMT
x-content-type-options: nosniff
age: 61476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 09:10:14 GMT

GET
H2 200 rl-icons.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/ 4 KB
5 KB 126ms
84ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/rl-icons.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1701691743766/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9103cd19fa0db417520474c8682d15529708804e7d5dcee981c8a19a7c083875

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
x-amz-version-id: 7Fg3.Df2IKZXcjymNQNOrpeZRI7DlXZ.
age: 686076
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: D6DBARCY5JV28ZHM
edge-cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-id-2: ha/T5xTZSo2KUvz8BcYAVaYFSkZHVqndwl7iSt2RNBFm3EKss1zKMdZKJzW9Jjo1HIgIm3dXQdkPaIj4uIk+Eg==
last-modified: Fri, 24 Apr 2020 14:40:36 GMT
server: cloudflare
etag: W/"97ca286c0b94878b6b2adf44559b6265"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 83845fc7eb484d52-FRA
x-amz-cf-id: pO_HqGy_qJRCzYJIQlYdaDU8t0yTHQal6pM3l_iRN__3WVU2O9nmeg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 154ms
90ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 17:28:03 GMT
x-content-type-options: nosniff
age: 118007
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Dec 2024 17:28:03 GMT

GET
H2 200 rP2Hp2ywxg089UriCZOIHQ.woff2
fonts.gstatic.com/s/dmsans/v14/ 61 KB
61 KB 151ms
88ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v14/rP2Hp2ywxg089UriCZOIHQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,100;9..40,200;9..40,300;9..40,400;9..40,500;9..40,600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef3e7e94fc36d961b807c8fa6c2bbbd5cf60a746a95c0d01f331d847156b198c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 10:43:37 GMT
x-content-type-options: nosniff
age: 142273
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62704
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 22:05:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Dec 2024 10:43:37 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 92ms
30ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 00:08:38 GMT
x-content-type-options: nosniff
age: 93972
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 00:08:38 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 140ms
78ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb8007225d94a099cddbade7ea904667c0dd0b68d5e30778e5c6257589ab94d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 09:02:11 GMT
x-content-type-options: nosniff
age: 61959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17508
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 09:02:11 GMT

GET
H3 200 Blog-Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise.webp
www.reversinglabs.com/hs-fs/hubfs/Blog/ 68 KB
69 KB 73ms
72ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Blog-Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise.webp?width=1400&height=732&name=Blog-Malware-leveraging-public-infrastructure-like-GitHub-on-the-rise.webp

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c94ca565fdf634b00d636a4f3d61caea9f3e0b057df52cb90b6e6a2f5ebf7c5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-150430601642,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 69846
cf-resized: internal=ok/h q=0 n=15+0 c=10+0 v=2023.9.8 l=69846
last-modified: Mon, 18 Dec 2023 14:22:17 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfagNjwUYxBtfzxpgDAnNf3nLpsvDsvdffkG1yWKzcDQ:eedc81684f42d961d4df79ec6c7bac57"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yGmuunoAEgXcb2QI8zszGy4p1lcijHeenrJei8M4lk4uQQDzjF%2FT%2B2jUS5uxZe%2FHs4TUybZI7SoquN3okSnE45uakUsQujzA0%2FQsRkGQRQvejxXYYEk2M5Q91%2FTHaOzEPWe3eojaENQJtDZD6D3JY7vqXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 83845fc838949b8e-FRA

GET
H2 200 v4.js Show response
play.vidyard.com/embed/ 70 KB
23 KB 21ms
18ms Script
application/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/embed/v4.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e492e5bd630a86a679a9ead911fc5e1e155d75098344c375131c40470e97396d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-cache-hits: 2
date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 633
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 23031
x-served-by: cache-fra-eddf8230123-FRA
x-china: 0
last-modified: Mon, 28 Aug 2023 17:07:01 GMT
etag: "d22850d6ed493dad3ff1a51479d730cc"
vary: X-China, accept-language, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 rl-icons.ttf
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/raw_assets/public/Redesign_2023/icons/fonts/ 9 KB
7 KB 31ms
29ms Font
font/ttf 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/raw_assets/public/Redesign_2023/icons/fonts/rl-icons.ttf
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/144306795402/1703003530161/Redesign_2023/css/globals/header-transition.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb5f5771f12f1cd58ca2833743b76908f15386906e2fe3a92162916abf330223

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-139510720360,FD-139508672619,P-3375217,FLS-ALL
age: 1719370
x-amz-request-id: WW7STP0RDHHCVFEG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-139510720360,FD-139508672619,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"a6bf7e777a4f05b1563afd9e29655b45"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/ttf
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1696946198131
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:51 GMT
via: 1.1 c888f786e25e6e3c7dbb7e9da462d714.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: Ytup1LNZt2CXZhRoewHMLyTI808qBCYh
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-139510720360,FD-139508672619,P-3375217,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: tBusbOcyZpSIdQku5FSpHTnDnTIP9rLmvryjONH0NQzDs2f78t9u6FntPtUzFFQ5GzE8sSPM92I=
last-modified: Sat, 11 Nov 2023 20:00:21 GMT
server: cloudflare
cf-ray: 83845fc94c144d52-FRA
x-amz-cf-id: JVJ1TTzV582ia8u59fZrff0sSItRW1COO7-xq00F9AqxA4GclBjEzw==

GET
H3 200 json Show response
www.reversinglabs.com/_hcms/forms/embed/v3/form/3375217/24abef2a-a2f4-4889-8899-dd4026584fa9/ 16 KB
4 KB 153ms
152ms XHR
application/json 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/forms/embed/v3/form/3375217/24abef2a-a2f4-4889-8899-dd4026584fa9/json?hs_static_app=forms-embed&hs_static_app_version=1.4270&X-HubSpot-Static-App-Info=forms-embed-1.4270

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72c4fea1ac00482b27b37e3c50f3622ea1362d7f4c4695ff427df2f11f08e7bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-origin-hublet: na1
date: Wed, 20 Dec 2023 02:14:51 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5eaf2b11-ab52-45cb-ae16-c81185da446d
content-encoding: br
x-envoy-upstream-service-time: 21
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5eaf2b11-ab52-45cb-ae16-c81185da446d
server: cloudflare
x-trace: 2B125F7A350BA3BDEF34168A79A043031DF60A46CD000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-9qntj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZV2IlKIkQ20cUrvjFwgLXJlY2Rm6QS7lJQY4VeoZYmw6NNQJSF0ynURPNJxZomH2nSNxFvcEqu2XIQhmgR3JnAHPhyKZOrHhDrsWHfLky6MaNL0eRy3afYwADFEWRtMQbFdlKPo8oYZdHKFrGdDKn7PayA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83845fc979279b8e-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 JrRu3vUM8j33QSR7Bwxw Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 277ms
232ms Script
text/javascript 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/JrRu3vUM8j33QSR7Bwxw

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9aee213b009036d492c1ae5c6fffbbd21f505fa35d403e813eac73057a0e11c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 83845fca08526922-FRA

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

81c823e63afc55c1ce9d184a4cb05b22bdf86a29ce9f9756e3a58b5e645aa329

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 20 Dec 2023 02:14:51 GMT
content-md5: Jzr+pgHGHUXVlpzYx3dBHg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
reporting-endpoints
x-fb-debug: eMxnrlOR2GFmgVR7OAXJe4w2e80hQ3wNVwdsk4BAeG7S4hlYZlwCLvuKbZF+t7BXfdVcw48vfN+2NXOl5LumSw==
x-fb-content-md5: 1f241d2c8428c2683557abf071c838cb
cross-origin-opener-policy: same-origin-allow-popups
etag: "ae0e298376b7e9612b2f8704f5297ab1"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Wed, 20 Dec 2023 02:23:31 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 64ms
9ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E0) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Wed, 20 Dec 2023 02:14:51 GMT
Content-Encoding: gzip
Age: 196
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/67E0)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H3 200 1076912843267184 Show response
connect.facebook.net/signals/config/ 135 KB
35 KB 87ms
87ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1076912843267184?v=2.9.138&r=stable&domain=www.reversinglabs.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aca49b9e052e3e1e7b6795a8db67fa24054d904b3a147423c063abc7dfda6e0d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 20 Dec 2023 02:14:51 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: FWcXyqr4SutTgGR9BID/T8QPCgHxrYATXtHMej34cHTNZ0h/HvlG0CM/ttSCMr+66lS7Y07FTAFNa0SaaCtqvA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 3375217.js Show response
js.hs-analytics.net/analytics/1703038200000/ 66 KB
21 KB 189ms
163ms Script
text/javascript 2606:4700::6810:50ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1703038200000/3375217.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:50ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2f9f218c12fca0483e52d64d1001ea2d9c1fa3075b9a1fc6b3479c4e4431d60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 07FRJHE4FCMSPESB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 3f73abc9-1d85-414f-8169-3d202e498055
x-envoy-upstream-service-time: 35
x-amz-id-2: vQj/0jYi03u5m5IqCGEd/Cq/j+4hXopDQW2lxP0mm+y5SX4nVj1nlNzRvGFqgseaw3ebNEQEQuM=
x-evy-trace-listener: listener_https
x-request-id: 3f73abc9-1d85-414f-8169-3d202e498055
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 13 Dec 2023 15:53:02 GMT
server: cloudflare
etag: W/"99633b69935d99794ec7b3cea725109a"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-5k9n2
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 83845fca0a0837eb-FRA
expires: Wed, 20 Dec 2023 02:19:51 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/3375217/ 62 KB
20 KB 349ms
324ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/3375217/banner.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc5ac8beebb7091b4d0574214a501c6e2ff1ded017f9da00935ee102c3343bca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-amz-version-id: AuBAQJi0gx7WqL_tLcYznHSitRi0NfgL
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 5HB8MSA26B0X98CE
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 86e033a1-e7d4-499b-bb50-90094ce76f9d
x-envoy-upstream-service-time: 41
x-amz-id-2: ioMZDiyRpfXbhxR9dOAluwT8atISd9A1iZyx5TiQ8JG+7qfLw+5thrdt8OF7H7bU/p6dGgtngUs=
x-evy-trace-listener: listener_https
x-request-id: 86e033a1-e7d4-499b-bb50-90094ce76f9d
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 13 Dec 2023 13:56:13 GMT
server: cloudflare
etag: W/"ce55cb37f04ee879562e1b4fa4177400"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://paid.outbrain.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-z9bm5
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 83845fca0e9dbbef-FRA
expires: Wed, 20 Dec 2023 02:19:51 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 74ms
16ms Script
application/javascript 2606:4700::6811:e4a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e4a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72e8aa11120d22eddafdee660ecc72d141bff2ab7c42c04bbf50399b83e1645c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-amz-version-id: xhcuv40vMhop9D9LE0Ufg_3zdYpVKT_8
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 255
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.504/bundles/pixels-release.js&cfRay=8384598dd9af9bb9-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 41a83e66-a6b0-4c8e-9079-4f52bf654808
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 41a83e66-a6b0-4c8e-9079-4f52bf654808
last-modified: Mon, 18 Dec 2023 17:07:06 UTC
server: cloudflare
etag: W/"8d0d43ba9e333894d9c5e9471d2657d0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-962bg
cf-ray: 83845fca3e2f03dc-FRA
x-amz-cf-id: 2MOh80fcRrd8zjymWtVFD_KoTx-oWmd7IMnyXoWsVN3kZ3pZQgMHDg==
x-hs-target-asset: adsscriptloaderstatic/static-1.504/bundles/pixels-release.js

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 79 KB
24 KB 169ms
132ms Script
application/javascript 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916ef06328b6e74b440f0aef1fc8d30d49642d57271a75eb16ace7221886c750

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.741/bundles/project.js&cfRay=83845fca2b493a66-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"4d3963f698043154a61b93b00178e4d4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.741/bundles/project.js
date: Wed, 20 Dec 2023 02:14:51 GMT
x-amz-version-id: TsJtwIHQI7wvCD1941cHVlmo3LxhctR1
via: 1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: e023fd1c-861a-47d3-ad28-09e582ab3b6a
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-evy-trace-route-configuration: listener_https/all
x-request-id: e023fd1c-861a-47d3-ad28-09e582ab3b6a
last-modified: Wed, 13 Dec 2023 12:13:14 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FjhpcQDWnCwVWL73kNBwbktjB4wGSn8fpqwodPZcS4zH1eT1xMiQR%2FV2maONJnZMvFoin0A43ID%2BSgXbi66m7%2BgrNpDiEdi%2BVb1KMGunE4w0X%2F7QcSjWDJgOEqUm%2B2gle7pTq9Tdli43xHNf"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-4shmr
cf-ray: 83845fca2b493a66-FRA
x-amz-cf-id: hFCpHCEofVDuvBudonr2IoqxvELCOVx_SkJ6NebtUf5UpWU2PDuCsg==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 145ms
115ms Script
application/javascript 2606:4700::6811:589a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:589a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ad17c7d661733bbf1cfe9bc6e85033bfed43c87c94cb72ba02f484adf1593c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-amz-version-id: qOShuUL.zI.RMIWwukZE0taADNX_1wuf
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 15fd832a-2c64-4df0-b274-fef71caa9e6c
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.444/bundles/project.js&cfRay=83845fca1c962bdf-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 15fd832a-2c64-4df0-b274-fef71caa9e6c
last-modified: Mon, 04 Dec 2023 12:10:50 UTC
server: cloudflare
etag: W/"109b7665e389a0b17fbf732bf7a02089"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-bw7pg
cf-ray: 83845fca1c962bdf-FRA
x-amz-cf-id: Csr8yqOlLhjFsiMthqDIvnbaQoY-W_VSKNsRnVxQnXi6_aqsZ0vPVg==
x-hs-target-asset: collected-forms-embed-js/static-1.444/bundles/project.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 50ms
19ms Script
application/javascript 2606:4700::6812:7a0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7a0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a59a536f6a35976c81d050cc1f734740643674e9736ae066f85213a5535e7a0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 49914
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1291/bundle/main/lead-flows-release.js&cfRay=837f9d30bfb75493-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"c314aa317d74a89c787c3c4a9d2fd97c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1291/bundle/main/lead-flows-release.js
date: Wed, 20 Dec 2023 02:14:51 GMT
x-amz-version-id: QUNwK0xemzsIqupWMH2b5phjsLRnkTKD
via: 1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 79de2717-ad6b-4b20-ae72-106f14665c40
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-request-id: 79de2717-ad6b-4b20-ae72-106f14665c40
last-modified: Mon, 04 Dec 2023 12:11:15 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-rdh4x
cf-ray: 83845fca19ed2c6b-FRA
x-amz-cf-id: gP_qjJ8MDg7qyrqrxq6saskwt3re1Ew7g0-AVI1yUzTk4GbQNJLh9A==

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 84 KB
24 KB 56ms
19ms Script
application/javascript 2606:4700::6811:fba8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:fba8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5011ec31226165c8656b2f206bd2bd65b2d413f3b33950adf866bd6e6f0ae69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-amz-version-id: ok2TxwPi_t9XdJby93ybtk_7g5B.btE6
via: 1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 167
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.15014/bundles/project.js&cfRay=83845bb6acd1380d-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: a47b7d51-df0e-48af-87e3-59462f2ae92c
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a47b7d51-df0e-48af-87e3-59462f2ae92c
last-modified: Mon, 18 Dec 2023 21:58:58 UTC
server: cloudflare
etag: W/"fe01700275ea5cbba8c0f431df7bd8b3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-h8t9m
cf-ray: 83845fca1f9937ce-FRA
x-amz-cf-id: a7wkUfmGiIiAg892C2V1mN01whkZLnsLgO3O1Ke2gqgcSDaFpbPy1g==
x-hs-target-asset: conversations-embed/static-1.15014/bundles/project.js

GET
H2 200 modules.f8398e1fcf749800c3fc.js Show response
script.hotjar.com/ 220 KB
55 KB 81ms
15ms Script
application/javascript 13.32.27.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.f8398e1fcf749800c3fc.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3176008.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-21.fra56.r.cloudfront.net

Software

Resource Hash

fc1f36d89ddb377187edd50e7e1cbb9511baa256f6c57711f02601edab716361

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 12:03:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 483105
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55732
last-modified: Thu, 14 Dec 2023 12:02:27 GMT
etag: "ce5f5f2327c7562166cfcaad455b7a17"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: n3fVwj5E7slj_qGiRjgHK-966MmPDnApc6l75bce47mg88bYf9kktg==

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 286ms
233ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3375217&callback=jsonpHandler

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: cadeb4a9-d59c-4c9e-b9e1-e3fa5d3504fa
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=83845fca8c9e30f9&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: cadeb4a9-d59c-4c9e-b9e1-e3fa5d3504fa
server: cloudflare
x-trace: 2BA6CF737379FFC9238E7781EB9A8BB78237F4632A000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-h8t9m
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 83845fca8c9e30f9-FRA

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 290 KB
98 KB 36ms
32ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14a53d8ab27fbe9d5477b3a1d7c7e0d9475e44080242e90f850ad24e45b70fdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 100380
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Dec 2023 02:14:51 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 63 KB
17 KB 88ms
20ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

d670233ca601ed8dd1f500ecd0a0ba5760ff7259e9409ff4c8adf8c4351fcd3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 15 Dec 2023 19:24:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "657ca7d5-fdbc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17422
expires: Wed, 20 Dec 2023 02:14:51 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 26 KB
9 KB 66ms
8ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 12 Dec 2023 19:56:38 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "ead4fccfb1bebd02138cf2dcadd7dcba"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8123

GET
H2 200 qevents.js Show response
a.quora.com/ 41 KB
14 KB 62ms
17ms Script
text/plain 162.159.152.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.152.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2a101f313f27c267a744088e44664a87d2ec7dc2a3464bf1319a95094dc76db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-amz-version-id: DENAuZi5jc6G3XAf0_byr8vJzUcVnf.F
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 5K57PBR2A0025GG8
age: 3364435
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: rvPsThAgQkJShQQ2J7UMgDJ+mUUBMPz6v4o52Qjy3F2U8CcHm7z1WCN2wGkAgqOAkDHbpFzSZ2Y=
last-modified: Tue, 17 Oct 2023 18:57:21 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: md5:5defc3f1c55a0cb9cbca8c06fbabaf65
etag: W/"5defc3f1c55a0cb9cbca8c06fbabaf65"
vary: Accept-Encoding
content-type: text/plain
cache-control: public, max-age=14400
cf-ray: 83845fcaad58bb5c-FRA
expires: Wed, 20 Dec 2023 06:14:51 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 42 KB
15 KB 84ms
20ms Script
application/javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Dec 2023 13:09:33 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=65293
accept-ranges: bytes
content-length: 15541

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/ 3 KB
2 KB 92ms
39ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/?random=1703038491242&cv=11&fst=1703038491242&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v856083864&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&hn=www.googleadservices.com&frm=0&tiba=Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise&auid=1603070295.1703038491&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e899bd2df48b20b554a4660145a7892710e0478a878934b7bd486bd6cef6d598

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1303
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 request.js Show response
script.anura.io/ 55 KB
20 KB 192ms
109ms Script
application/javascript 3.9.65.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/request.js?instance=1480878102&1703038491249

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.65.245 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-65-245.eu-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

d2eb7093513140ab10afe728fa024ba59e13dab8423a8a5db8ca9aa0e16bde74

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
expires: Sun, 28 Dec 1980 18:57:00 EST

GET
H2 200 site-script.js Show response
cdn.metadata.io/ 7 KB
2 KB 106ms
12ms Script
application/javascript 2600:9000:223c:3600:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-script.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:3600:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2e8ac193dd69f6561479a2c46c7089f5b1c66c4afa36ec74958be270e25e3db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: mWfr8wxku1ozz3DdYlV.O4nCQVFUqKXx
content-encoding: br
via: 1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
date: Tue, 19 Dec 2023 07:29:20 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-P2
age: 67532
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Dec 2023 16:47:45 GMT
server: AmazonS3
etag: W/"4c08eb9605ac986944978f7081c30a96"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: U7LL-tb8gPdaNxbYavmD3H7CqQwFjRbgHEwOSG1-MkWbrLkXN7Dr5g==

GET
H2 200 8423336.js Show response
snid.snitcher.com/ 24 KB
25 KB 318ms
231ms Script
application/javascript 3.67.234.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/8423336.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.67.234.21 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-234-21.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bef3bce37bdb43f038b3759ace84d180c77b1121c6cd7f8fab8c5ccd393261e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
x-vapor-base64-encode: True
date: Wed, 20 Dec 2023 02:14:51 GMT
cache-control: max-age=1800, private
content-length: 24862
apigw-requestid: QOEkViQgliAEPOw=
content-type: application/javascript

GET
H2 200 site-insights.js Show response
cdn.metadata.io/ 3 KB
2 KB 82ms
11ms Script
application/javascript 2600:9000:223c:3600:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-insights.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:3600:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f277f68dfdfd292d90cb8024420897e6915ab570803af77f6e2118dea071a7c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: ODluRCoRelOVkyhnmrpOHlRTG26H_cXE
content-encoding: gzip
via: 1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
date: Tue, 19 Dec 2023 10:30:39 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-P2
age: 56653
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 01 Nov 2023 18:22:38 GMT
server: AmazonS3
etag: W/"fdaf99c1cb788098c0c033d7296cacf5"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: kkCAFF3GIxoLsmlh9B9fgiJuSRLPVttZwEv4Dd99OMqNnmjOSZCfpQ==

GET
H2 200 1010075.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 960 B
2 KB 431ms
376ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010075.js?p=https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise&e=

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99422095a0a321c15136d54e3c37b3aed5675895480781218f738496eb60f96a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: e4db8ef0-50ec-44aa-8dd2-a070a1567632
x-runtime: 0.003323
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"99422095a0a321c15136d54e3c37b3ae"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 83845fcb6ec1bbc1-FRA

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/91aab57be1f94ec2a2ef647592767813/ 43 B
424 B 467ms
110ms Image
image/gif 52.55.198.1
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/91aab57be1f94ec2a2ef647592767813/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.55.198.1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-55-198-1.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Wed, 20 Dec 2023 02:14:51 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Server: nginx
Connection: keep-alive
Content-Length: 43
X-Q-Stat: ,60a2afa454cee2a20ce323077c288cee,10.0.0.177,50632,178.162.209.131,,188295099192,1,1703038491.783,0.002,,.,0,0,0.000,0.000,-,0,0,203,155,77,10,34729,,,,,,-,
Content-Type: image/gif

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1016 B 169ms
133ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Wed, 20 Dec 2023 02:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 5e154059-41a5-4c9e-aed7-3db5cee0519c
x-envoy-upstream-service-time: 7
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5e154059-41a5-4c9e-aed7-3db5cee0519c
Server: cloudflare
X-Trace: 2B88F14574BD35F93F9005740A56C9CEB845AFD1F3000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-vgtws
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 83845fcbac991db0-FRA

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 304 KB
86 KB 40ms
27ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=e5b520b28feab39b15b930281da67bea

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0a25ed0673ac124291602fea660540c3c07e031b2671480ee9070faf25144407

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 20 Dec 2023 02:14:51 GMT
content-md5: jscmxeX7i1kkShLt3+oecg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87814
reporting-endpoints
x-fb-debug: msEj/6f8LAW1vTwxI7xRD4/0Fmy5dEKPw617M9/TWWG56eWwEcGselWxYa62MqdFvsPsZi4wt+tVccEwe0hWLA==
x-fb-content-md5: 9fa5cc09b147dd93a83a75cf480819c3
cross-origin-opener-policy: same-origin-allow-popups
etag: "459c351fde9d91ec61c39251455976ad"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 19 Dec 2024 01:17:01 GMT

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 126ms
42ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_51f0eda1_1ee9_472b_9dd8_4798aa90dcb0&render=explicit&hl=en

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c997ad6f4c3e4db29863ce905780a5c27351e25e597729a066732c0971ba7933

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 20 Dec 2023 02:14:51 GMT

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html Show response
platform.twitter.com/widgets/ Frame 09F8 319 KB
104 KB 22ms
21ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6712) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 723192
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Wed, 20 Dec 2023 02:14:51 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6712)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 widget Show response
www.reversinglabs.com/_hcms/livechat/ 333 B
2 KB 159ms
158ms XHR
application/json 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/livechat/widget?portalId=3375217&conversations-embed=static-1.15014&mobile=false&messagesUtk=b80834ab6c0e41a9959adc8fe41e7cb4&traceId=b80834ab6c0e41a9959adc8fe41e7cb4

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

26b0fcec3a00809d69d480b663351d6fbf6d5425dee471c4e24d8d29f8c07d83

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 097cec12-7d30-4f3d-886b-23acb5fc5a58
x-envoy-upstream-service-time: 12
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 097cec12-7d30-4f3d-886b-23acb5fc5a58
server: cloudflare
x-trace: 2BE7C3CBC136FE7B99435FBB197251A919D96278B0000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-k6ngs
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e80luFn7TeuuvtMv1D2%2B3xAnyNfps35A8ZwsQ%2BjP42%2FIZjcI8u2LwpY1Ltw37jlLN3QydLSmjmX5dgYl6cNLNtj%2FTdccdmlOGS0nJz5Aqy7MPC1qpMPXtDkxTU1YlAy%2B7eU9Tc9PdZZU5DaGxRW4twR3xw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83845fcb4a3b9b8e-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 43ms
9ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1076912843267184&ev=Lead&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&rl=&if=false&ts=1703038491421&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1703038491418.497959117&ler=empty&it=1703038491176&coo=false&rqm=GET

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 20 Dec 2023 02:14:51 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 44ms
10ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1076912843267184&ev=PageView&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&rl=&if=false&ts=1703038491424&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmgoogletagmanager&ec=1&o=4126&fbp=fb.1.1703038491418.497959117&ler=empty&it=1703038491176&coo=false&rqm=GET

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 20 Dec 2023 02:14:51 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1016 B 399ms
123ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Wed, 20 Dec 2023 02:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 0ae7da02-9bac-4e2f-8ad5-57e1ce9e2923
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0ae7da02-9bac-4e2f-8ad5-57e1ce9e2923
Server: cloudflare
X-Trace: 2B0C4BB17A4C7EE3B43C5A4434BB8A15151F449E30000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-thwp8
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 83845fcd78c237da-FRA

GET
H2 200 browser-perf.28a8c6b22b3c0474c577.js Show response
script.hotjar.com/ 4 KB
2 KB 16ms
15ms Script
application/javascript 13.32.27.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/browser-perf.28a8c6b22b3c0474c577.js

Requested by

Host: script.hotjar.com
URL: https://script.hotjar.com/modules.f8398e1fcf749800c3fc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-21.fra56.r.cloudfront.net

Software

Resource Hash

f0682c5bcb9a2e1a7a27212c0fcebe713d653ad64e32742d4a4dbea937bb6bb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 13:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 2031632
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1589
last-modified: Thu, 23 Nov 2023 14:00:23 GMT
etag: "d065ec1659ab8dbb93042fdf9a225634"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 5bvj-AJbHt8z14LvlxLohlhi4KvmJ5IYNmX-1EzV1TNkLbS5nlB6lQ==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/ 3 KB
2 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/?random=1703038491583&cv=11&fst=1703038491583&bg=ffffff&guid=ON&async=1&gtm=45je3bt0v867824530z8856083864&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&hn=www.googleadservices.com&frm=0&tiba=Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise&auid=1603070295.1703038491&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

507795fa1ede9be367f8bf452206bab2cccc5bdf9e581e815c734dafdb23de90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1349
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
258 B 55ms
19ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3bt0v867824530z8856083864&_p=1703038490760&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=986589282.1703038492&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1703038491&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&dt=Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1719
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
258 B 65ms
22ms Ping
text/plain 2a00:1450:400c:c1f::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JVM9Z1XQPL&cid=986589282.1703038492&gtm=45je3bt0v867824530z8856083864&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1f::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 130ms
62ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-JVM9Z1XQPL&cid=986589282.1703038492&gtm=45je3bt0v867824530z8856083864&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1246206742

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 42ms
8ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1703038491614&id=t2_neftrm6a&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=639ac5ce-4544-4a94-abfd-edeb5e5824b9&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3549b422&dpm=&dpcc=&dprc=
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 09F8 869 B
658 B 159ms
123ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=9de15827901d7d0d928a6da930ddbbed25560573

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.reversinglabs.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-response-time: 114
date: Wed, 20 Dec 2023 02:14:50 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Wed, 20 Dec 2023 02:14:51 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 306e453564819758
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7469935968
x-connection-hash: 1b119f8e2a664dc2921a42e1367659f57f8fa1ac4e5eb88f843714f1a472c79a
content-length: 337

GET
H2 200 / Show response
c.6sc.co/ 7 B
197 B 56ms
43ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.reversinglabs.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 23 B
319 B 73ms
9ms XHR
text/html 2a02:26f0:7100::210:172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 131196ee656b5b8a789a1d317d426fa1061e385dcfe7430645319a9e19adbe86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.reversinglabs.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a00:c98:2050:a007:2::2
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1703038491706_34603374_537061798_15_830_10_25_219";dur=1
content-length: 23
expires: Wed, 20 Dec 2023 02:14:51 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 201ms
186ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=68f2a038-821a-4f72-8dbb-c38e96248996&session=6bdb1e48-6e9a-448f-853c-994f03b5ded5&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A51%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22RL%20researchers%20have%20uncovered%20two%20novel%20techniques%20running%20on%20GitHub%20%E2%80%94%20one%20abusing%20GitHub%20Gists%2C%20another%20issuing%20commands%20through%20git%20commit%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&pageViewId=eb62b252-38c2-4521-8802-8ab10e610982&v=1.1.13

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 231ms
216ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=68f2a038-821a-4f72-8dbb-c38e96248996&session=6bdb1e48-6e9a-448f-853c-994f03b5ded5&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2020%20Dec%202023%2002%3A14%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22125cf4892bae30e8b53458235ef53f8d%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2020%20Dec%202023%2002%3A14%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2020%20Dec%202023%2002%3A14%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22RL%20researchers%20have%20uncovered%20two%20novel%20techniques%20running%20on%20GitHub%20%E2%80%94%20one%20abusing%20GitHub%20Gists%2C%20another%20issuing%20commands%20through%20git%20commit%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&pageViewId=eb62b252-38c2-4521-8802-8ab10e610982&v=1.1.13

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 1 KB
2 KB 200ms
180ms Fetch
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=3375217&currentUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&contentId=150420029995

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

495f0255c5a98d47f7ffefdb2a1978fdee6a5db28938bbca891cc435f63101c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: fcc1da58-9a51-4cfe-a3e0-c5500a36a205
content-encoding: br
x-envoy-upstream-service-time: 60
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fcc1da58-9a51-4cfe-a3e0-c5500a36a205
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SsBgRFCQQvArI38jXvHB9U2H6znDbOwmt5AcVfZ4IPhTh1m0q8vwBpy%2Bkijvk7fvwqPRBZqWcgtHI2NrF6VfqvE%2BKi2MnsrizRrEELGDJccQW%2FRyppyI4zp5ruR0jqZOOGknMaS2k2NoZy%2BKkYTqpOqNXMgm0uwKQH8%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 83845fcd3d013a66-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-gwtjq

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
701 B 159ms
110ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D6E952427B1F4711A93B250B3BF08C7D Ref B: FRAEDGE2013 Ref C: 2023-12-20T02:14:51Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.reversinglabs.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYM54xXrnF66EeG+2YgKQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1703038491703&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1703038491703&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&tm=gtm...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1703038491703&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&tm=gt...

0
267 B

752ms
670ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1703038491703&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&tm=gtmv2&cookiesTest=true&e_ipv6=AQIpYq_A9oa5_gAAAYyFAR16Ew-YNXBNs5QQXgyvgc7tlesd2JPCMm3DlvslNJG0EgOBMMq8R4Qk
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: DE9D55D2D6FF47C9AA6F715EC66C9E06 Ref B: AMS04EDGE3618 Ref C: 2023-12-20T02:14:52Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYM54xmcZ2bRyDEXy2fUQ==

Redirect headers

date: Wed, 20 Dec 2023 02:14:51 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: F0BD4A5FA4734DF3B6FF1145DFC6D05E Ref B: FRAEDGE2013 Ref C: 2023-12-20T02:14:51Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1703038491703&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&tm=gtmv2&cookiesTest=true&e_ipv6=AQIpYq_A9oa5_gAAAYyFAR16Ew-YNXBNs5QQXgyvgc7tlesd2JPCMm3DlvslNJG0EgOBMMq8R4Qk
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYM54xbCDsrv1Cv7y4oCQ==

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
435 B 125ms
120ms XHR
application/json 2606:4700::6811:589a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3375217&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:589a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb71e0d749623b7c583b86934740d866e5f6fc000204c6b3cb7dfe25a888cc60

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: fd3a89d9-dd1e-4e3a-a124-fa6dba3b8d68
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fd3a89d9-dd1e-4e3a-a124-fa6dba3b8d68
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-ntwkx
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 83845fcd4e282bdf-FRA

GET
H2 200 /
www.google.com/pagead/1p-user-list/970567826/ 42 B
327 B 38ms
35ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970567826/?random=1703038491242&cv=11&fst=1703037600000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v856083864&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&frm=0&tiba=Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_8BBGD5dF9-4d2mzgz7tMTJxbBu0rwA&random=985815741&rmt_tld=0&ipr=y

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/970567826/ 42 B
154 B 41ms
40ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/970567826/?random=1703038491242&cv=11&fst=1703037600000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v856083864&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&frm=0&tiba=Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_8BBGD5dF9-4d2mzgz7tMTJxbBu0rwA&random=985815741&rmt_tld=1&ipr=y

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 202 traffic
api-gw.metadata.io/ 0
0 200ms
198ms Fetch
application/json 52.88.188.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-gw.metadata.io/traffic
Requested by: Host: cdn.metadata.io
URL: https://cdn.metadata.io/site-insights.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.88.188.95 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-188-95.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
x-amzn-remapped-content-length: 0
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 87332788-0269-4702-a1db-d2ad166c03ae
access-control-max-age: 1728000
access-control-allow-methods: OPTIONS,POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
content-length: 0
x-amzn-remapped-date: Wed, 20 Dec 2023 02:14:52 GMT
x-amz-apigw-id: QOEkfGUPPHcEJOw=

GET
H2 204 cs
a.usbrowserspeed.com/ 0
0 647ms
216ms Fetch 54.189.55.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.usbrowserspeed.com/cs?pid=5de38576d91fe7ac65e01de48078379caf9e72e979b06a5762372b0c12e930ef&puid=lqd55aaic7m0wca6c4u
Requested by: Host: cdn.metadata.io
URL: https://cdn.metadata.io/site-insights.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.189.55.164 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-189-55-164.us-west-2.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
server: awselb/2.0

OPTIONS
H2 200 traffic
api-gw.metadata.io/ Frame 0
0 581ms
186ms Preflight
application/json 52.88.188.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-gw.metadata.io/traffic
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.88.188.95 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-188-95.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Wed, 20 Dec 2023 02:14:52 GMT
x-amz-apigw-id: QOEkdGxkPHcEEiw=
x-amzn-requestid: a1fcb350-4da3-4a21-991c-bf2b4564ec60

GET
H2 200 showads.js Show response
ads.anura.io/ 0
352 B 200ms
13ms XHR
application/javascript 18.66.147.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.anura.io/showads.js?832084183205
Requested by: Host: script.anura.io
URL: https://script.anura.io/request.js?instance=1480878102&1703038491249
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-34.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 20:37:01 GMT
content-encoding: gzip
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P4
age: 20270
vary: Accept-Encoding
x-cache: Hit from cloudfront
access-control-allow-methods: GET
access-control-allow-origin: *
content-type: application/javascript; charset=utf-8
x-amz-cf-id: OFtMP5Cbd48nmrnpWXti53EOi0twU8-Jvu22Mgv9gLFNCE7CekzFCg==

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 115 B
1 KB 315ms
141ms XHR
application/json 2606:4700::6811:cbcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=3375217

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816360b9246cc268283dad1c2dae8f48e40df1cee8b234412201f4a03541e4a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d0ec166a-4fd9-4f4f-8903-613370cdb483
content-encoding: br
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d0ec166a-4fd9-4f4f-8903-613370cdb483
server: cloudflare
x-trace: 2B2F58DB4D1972225B7E4E8B0A88BA57AF9F245EA3000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-mqb6q
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y6hs%2FuX47n3KTfH%2BHwxMWzCLH70loHALKxcvwg4gpqgrVQwepPfdAvq0aQP5xZJ6OR8M3iFHeqdcII6iBPb7yMizlEVgDzcmnJLVEjLTw2BysUDh7YmyyQh6DKGnT9MT%2BMf4tXngPVKyOLBi"}],"group":"cf-nel","max_age":604800}
cf-ray: 83845fceff152bdf-FRA
access-control-allow-headers: *

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 266ms
266ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=68f2a038-821a-4f72-8dbb-c38e96248996&session=6bdb1e48-6e9a-448f-853c-994f03b5ded5&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2050%3Aa007%3A2%3A%3A2%22%7D&isIframe=false&m=%7B%22description%22%3A%22RL%20researchers%20have%20uncovered%20two%20novel%20techniques%20running%20on%20GitHub%20%E2%80%94%20one%20abusing%20GitHub%20Gists%2C%20another%20issuing%20commands%20through%20git%20commit%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&pageViewId=eb62b252-38c2-4521-8802-8ab10e610982&v=1.1.13

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ 503 KB
202 KB 189ms
19ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_51f0eda1_1ee9_472b_9dd8_4798aa90dcb0&render=explicit&hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 21:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 21:23:41 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/970567826/ 42 B
64 B 29ms
28ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970567826/?random=1703038491583&cv=11&fst=1703037600000&bg=ffffff&guid=ON&async=1&gtm=45je3bt0v867824530z8856083864&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&frm=0&tiba=Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_Z8QUIOHIW41CRYy6jKcsc6RygV39WwYYDxtglj6F5plgsPDT&random=1557980864&rmt_tld=0&ipr=y

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/970567826/ 42 B
108 B 41ms
41ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/970567826/?random=1703038491583&cv=11&fst=1703037600000&bg=ffffff&guid=ON&async=1&gtm=45je3bt0v867824530z8856083864&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&frm=0&tiba=Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_Z8QUIOHIW41CRYy6jKcsc6RygV39WwYYDxtglj6F5plgsPDT&random=1557980864&rmt_tld=1&ipr=y

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:51 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 verify Show response
snid.snitcher.com/ 6 B
148 B 219ms
219ms XHR
application/json 3.67.234.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Requested by: Host: snid.snitcher.com
URL: https://snid.snitcher.com/8423336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.67.234.21 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-234-21.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Wed, 20 Dec 2023 02:14:52 GMT
cache-control: no-cache, private
content-length: 6
apigw-requestid: QOEkagUoliAEPng=
content-type: application/json

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
626 B 452ms
309ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f29b3947-e6ce-4e31-bcf7-8c67ef9d1c19
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f29b3947-e6ce-4e31-bcf7-8c67ef9d1c19
server: cloudflare
x-trace: 2B471C4CE636E61EDD404EC02B93A57530D36925D7000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-sbwb7
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 83845fcefb75bba7-FRA

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 214ms
128ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Wed, 20 Dec 2023 02:14:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: c1a08067-0eab-4504-bbcd-d3fa24a2870b
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c1a08067-0eab-4504-bbcd-d3fa24a2870b
Last-Modified: Wed, 20 Dec 2023 02:14:52 GMT
Server: cloudflare
X-Trace: 2B1136C79668CD289A02B07610CEB703C7D4FA2510000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-98629
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 83845fcef92e995a-FRA

GET
H2 200 hs-web-interactive-3375217-148772891797 Show response
3375217.hs-sites.com/ Frame AA29 20 KB
7 KB 239ms
191ms Document
text/html 2606:4700::6811:b05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://3375217.hs-sites.com/hs-web-interactive-3375217-148772891797

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4b6df4862a485f0f5640216f25211c7604dd2e7576b908499b4c423e3729362

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-148772891797,P-3375217,PGS-ALL,SW-1
cf-cache-status: HIT
cf-ray: 83845fcf3bed6973-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Wed, 20 Dec 2023 02:14:52 GMT
edge-cache-tag: CT-148772891797,P-3375217,PGS-ALL,SW-1
last-modified: Wed, 20 Dec 2023 00:16:30 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
server: cloudflare
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 34
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-bots-td/envoy-proxy-777d4cc4cb-9qhgb
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-campaign-id: 4a1d6be3-c45a-4a52-ae11-71b94c842a02
x-hs-content-id: 148772891797
x-hs-hub-id: 3375217
x-hubspot-correlation-id: 46516eb9-b1ef-452c-b7cd-a43577f89cde
x-request-id: 46516eb9-b1ef-452c-b7cd-a43577f89cde
x-robots-tag: none
x-trace: 2BF50EA3E4748BD0CF0003C46ACD649116B3FC5F0C000000000000000000

OPTIONS
H2 204 verify
snid.snitcher.com/ Frame 0
0 58ms
38ms Preflight 3.67.234.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.67.234.21 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-234-21.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: QOEkZiQ-FiAEPOw=
cache-control: no-cache, private
date: Wed, 20 Dec 2023 02:14:51 GMT
vary: Access-Control-Request-Method, Access-Control-Request-Headers

GET
H3 200 anchor Show response
www.google.com/recaptcha/enterprise/ Frame B1E7 42 KB
26 KB 36ms
36ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cucmV2ZXJzaW5nbGFicy5jb206NDQz&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=invisible&badge=inline&cb=tte3bjxjifgj

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

62fd5772453ddc3932c3d39794ee431c656d04e0b3553751f652a0f6d214f35e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2lWQJ-yZ4N7b01kXYWEXfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-2lWQJ-yZ4N7b01kXYWEXfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 20 Dec 2023 02:14:52 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame B1E7 55 KB
55 KB 80ms
18ms Stylesheet
text/css 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cucmV2ZXJzaW5nbGFicy5jb206NDQz&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=invisible&badge=inline&cb=tte3bjxjifgj

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 19:20:16 GMT
x-content-type-options: nosniff
age: 24876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56398
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 19:20:16 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame B1E7 503 KB
201 KB 79ms
17ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 21:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 21:23:41 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 290 KB
98 KB 39ms
39ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-970567826

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42f2eb626b5020f9045484bd2c6759faefdb159c8e06085b83629f0b97139bb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 100419
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Dec 2023 02:14:52 GMT

POST
H2 200 response.json Show response
script.anura.io/ 52 B
405 B 142ms
90ms XHR
application/json 3.9.65.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/response.json

Requested by

Host: script.anura.io
URL: https://script.anura.io/request.js?instance=1480878102&1703038491249

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.65.245 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-65-245.eu-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

05cbedcdeffcf17d98d61b6b0185bf433cba4f005cc361086d6bd636e18b7876

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 20 Dec 2023 02:14:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
access-control-allow-methods: POST
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
expires: Sun, 28 Dec 1980 18:57:00 EST

GET
H2 200 project.js Show response
3375217.hs-sites.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ Frame AA29 1 KB
952 B 37ms
35ms Script
application/javascript 2606:4700::6811:b05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://3375217.hs-sites.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3375217.hs-sites.com/hs-web-interactive-3375217-148772891797
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 3089504
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 83845fd07c7a6973-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Thu, 19 Dec 2024 02:14:52 GMT

GET
H2 200 web-interactives-container.js Show response
js.hubspot.com/ Frame AA29 26 KB
9 KB 26ms
25ms Script
application/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-container.js

Requested by

Host: 3375217.hs-sites.com
URL: https://3375217.hs-sites.com/hs-web-interactive-3375217-148772891797

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da5e1118c02170472deee61a79fcffab50bd849f2a8e8aa987ee200e910dc9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3375217.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 69
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-container/static-2.741/bundles/project.js&cfRay=83845e21eda9bb43-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"5b8580e845ec5ba44a4188bdb2494daf"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-container/static-2.741/bundles/project.js
date: Wed, 20 Dec 2023 02:14:52 GMT
x-amz-version-id: IsKp0EJgfJRYljH_xMuv5S.o7e5WLCJ7
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: effa40b8-f588-461d-be7e-40f1e9ac31d3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-container-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-evy-trace-route-configuration: listener_https/all
x-request-id: effa40b8-f588-461d-be7e-40f1e9ac31d3
last-modified: Wed, 13 Dec 2023 12:13:14 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2BdtLaHfKBqvS2nHwVmEfEEwV07hUltH%2Bwr2iuT6XUXzhS%2BXSu88K49z7wZE97MVWLeZi9f5L33Qsv6VwrZNRR8tqNegsiNzxhurN9YXTG566BE86VrXBMgpaigW1nLxM0WqAbgaTtXdRDrj"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-4shmr
cf-ray: 83845fd078ff30f9-FRA
x-amz-cf-id: TjtJu809JW94c-NABLOQhkGcfBB7alIEN9ESB0EcucmVYVLQMufYRg==

GET
H2 200 Pop%20up%20Gartner-02.jpg
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/ Frame AA29 60 KB
61 KB 32ms
31ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Pop%20up%20Gartner-02.jpg
Requested by: Host: 3375217.hs-sites.com
URL: https://3375217.hs-sites.com/hs-web-interactive-3375217-148772891797
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 910465ba58ce39b768770efbb1b98002e133fbff2a9939cb016037d486fcf4c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3375217.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-148770049367,P-3375217,FLS-ALL
age: 479693
x-amz-request-id: QMFVY75EB2XM9TKB
x-amz-server-side-encryption: AES256
edge-cache-tag: F-148770049367,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Pop%20up%20Gartner-02.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "efc5e9e829e334af8ca556757a380695"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1701878454831
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 20 Dec 2023 02:14:52 GMT
via: 1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: 1fniCYa.6yrBWNc65tvgN1AJ.MnhUUJM
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=316252
x-cache: RefreshHit from cloudfront
cache-tag: F-148770049367,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 61138
x-amz-id-2: uCdlvNco7dt6L/fO8wmUe8K9TRijySfacNU+v3iMbgnlUtfNYx1siRvVCJIs9UQhaeTtXSW5KQD5NT4ngs/y5oQCgJQVhOws
last-modified: Wed, 06 Dec 2023 16:00:55 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 83845fd07d793a9e-FRA
x-amz-cf-id: YAi1_pS_1GjJXd4GLQeDRAWJd6UDwMtJu1Li-8qvPxefaOYqNgCGAA==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ Frame AA29 14 KB
5 KB 20ms
19ms Script
application/javascript 2606:4700::6811:c060
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: 3375217.hs-sites.com
URL: https://3375217.hs-sites.com/hs-web-interactive-3375217-148772891797

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3375217.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 bc3ecf5f025b0be9b8c39c5dd2dace2e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 1899569
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVo1v%2BL6hcjCcNv0GEKgYFMH7%2BhBnTzSfYma%2BQMqMqfGDTa7%2B1ALvUAn7JdnXmTx4liF0vfQkgFqTkB1WB1Wop6t%2BLwUWL4nD03iCZsyd3jbyMoZpxmLQODGTI3%2F1V%2Bk9WGUFWsbG%2B08zJxZZLNpej4ZTqc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 83845fd0ad0719a0-FRA
x-amz-cf-id: rhXOpYCNrMtoy20ZREGupaV1U7uo-Bc8S9EIj4CITWJ1slMr_M8V4A==
expires: Thu, 19 Dec 2024 02:14:52 GMT

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
632 B 129ms
129ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=interactive-shown&value=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0a4d1697-2110-4739-a522-07416c63889c
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0a4d1697-2110-4739-a522-07416c63889c
last-modified: Wed, 20 Dec 2023 02:14:52 GMT
server: cloudflare
x-trace: 2B29A360B47FFABF2FF9C8D2766189734B77286761000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-b9wb8
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 83845fd0ccbfbba7-FRA

GET
H3 200 kn2owPU74JTsOwTGty0aoUlXRSKSJihCWxBMzE3aLQs.js Show response
www.google.com/js/bg/ Frame B1E7 17 KB
7 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/kn2owPU74JTsOwTGty0aoUlXRSKSJihCWxBMzE3aLQs.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

927da8c0f53be094ec3b04c6b72d1aa149574522922628425b104ccc4dda2d0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cucmV2ZXJzaW5nbGFicy5jb206NDQz&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=invisible&badge=inline&cb=tte3bjxjifgj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 15:24:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 125442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6851
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Dec 2024 15:24:10 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame B1E7 2 KB
2 KB 24ms
21ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 19:56:54 GMT
x-content-type-options: nosniff
age: 109078
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 25 Dec 2023 19:56:54 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B1E7 15 KB
15 KB 34ms
17ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 05:31:50 GMT
x-content-type-options: nosniff
age: 160982
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Dec 2024 05:31:50 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B1E7 15 KB
15 KB 34ms
19ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 09:09:14 GMT
x-content-type-options: nosniff
age: 61538
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 09:09:14 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/enterprise/ Frame B1E7 102 B
135 B 32ms
29ms Other
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cucmV2ZXJzaW5nbGFicy5jb206NDQz&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=invisible&badge=inline&cb=tte3bjxjifgj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 20 Dec 2023 02:14:52 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/enterprise/ Frame 9009 7 KB
1 KB 29ms
27ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

adeb1346d5753fd7bff8a484755c5936189114313ad412bc63996d8094a1b1f2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-op7-A114xMVQR-PEXzl51Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-op7-A114xMVQR-PEXzl51Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 20 Dec 2023 02:14:52 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 9009 55 KB
55 KB 18ms
18ms Stylesheet
text/css 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 19:20:16 GMT
x-content-type-options: nosniff
age: 24876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56398
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 19:20:16 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 9009 503 KB
201 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 21:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205927
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 21:23:41 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 192ms
191ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=68f2a038-821a-4f72-8dbb-c38e96248996&session=6bdb1e48-6e9a-448f-853c-994f03b5ded5&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A51%20GMT%22%2C%22timeSpent%22%3A%221018%22%2C%22totalTimeSpent%22%3A%221018%22%7D&isIframe=false&m=%7B%22description%22%3A%22RL%20researchers%20have%20uncovered%20two%20novel%20techniques%20running%20on%20GitHub%20%E2%80%94%20one%20abusing%20GitHub%20Gists%2C%20another%20issuing%20commands%20through%20git%20commit%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&pageViewId=eb62b252-38c2-4521-8802-8ab10e610982&v=1.1.13

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame 9009 21 KB
15 KB 67ms
67ms XHR
application/json 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ca9d815b8d60e1950cecf92297c258dbe3bf49f9375c12271639cf6b6f124c70

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 20 Dec 2023 02:14:52 GMT

GET
H3 200 canonical_car.png
www.gstatic.com/recaptcha/api2/ Frame 9009 11 KB
11 KB 15ms
14ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/canonical_car.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 21:16:51 GMT
x-content-type-options: nosniff
age: 104281
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11174
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 25 Dec 2023 21:16:51 GMT

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 9009 600 B
624 B 17ms
15ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 23:35:24 GMT
x-content-type-options: nosniff
age: 95968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 25 Dec 2023 23:35:24 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 9009 530 B
554 B 18ms
17ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 09:05:07 GMT
x-content-type-options: nosniff
age: 61785
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 26 Dec 2023 09:05:07 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 9009 665 B
689 B 18ms
16ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 10:00:32 GMT
x-content-type-options: nosniff
age: 317660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sat, 23 Dec 2023 10:00:32 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9009 15 KB
15 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 05:31:50 GMT
x-content-type-options: nosniff
age: 160982
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Dec 2024 05:31:50 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9009 15 KB
15 KB 18ms
17ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 00:11:32 GMT
x-content-type-options: nosniff
age: 353000
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 15 Dec 2024 00:11:32 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9009 15 KB
15 KB 24ms
23ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 09:09:14 GMT
x-content-type-options: nosniff
age: 61538
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 09:09:14 GMT

GET
H3 200 kn2owPU74JTsOwTGty0aoUlXRSKSJihCWxBMzE3aLQs.js Show response
www.google.com/js/bg/ Frame 9009 17 KB
7 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/kn2owPU74JTsOwTGty0aoUlXRSKSJihCWxBMzE3aLQs.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

927da8c0f53be094ec3b04c6b72d1aa149574522922628425b104ccc4dda2d0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 15:24:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 125442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6851
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Dec 2024 15:24:10 GMT

GET
H3 200 payload
www.google.com/recaptcha/api2/ Frame 9009 37 KB
37 KB 23ms
23ms Image
image/jpeg 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/api2/payload?p=06AFcWeA61p6a93viKl-zKIbPpu2b8EwCd6hTojrLofcZvNOw7HajyzbSPrz2zzpkuiI3zwrXZrLtsSNUwvDCbN2RCONYmP6L8G8VRR9wqVYMhdFTLG_9FRWPYKFFpg2LCRquZzMSkBJhr9MZynx6zU_eLw7TqSMaj8fsMmUzOvRMPr0S-PAqRF_JYBR02EksQzbL7UGNGlU0BUca7_aeB_piZ2PyVBz2PrQ&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

90a87400465db393a05a97d469f4df7751994ac2ac4490ce081111fdd5efd387

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:52 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 20 Dec 2023 02:14:52 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 8CB7 0
60 B 109ms
35ms Document
text/html 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&upid=8t4axvj&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
content-type: text/html
date: Wed, 20 Dec 2023 02:14:52 GMT
server: Kestrel

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
440 B 166ms
165ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=166273013&v=1.1&a=3375217&pi=150420029995&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&cpi=150420029995&cgi=5901382633&lpi=150420029995&lvi=150420029995&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&t=Malware+leveraging+public+infrastructure+like+GitHub+on+the+rise&cts=1703038492911&vi=9109941e46ce69ef5139275cf7048895&nc=true&u=60854195.9109941e46ce69ef5139275cf7048895.1703038492907.1703038492907.1703038492907.1&b=60854195.1.1703038492908&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 32b8d4d5-22ac-4b93-bcf0-be0bfe6c4aa8
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 27
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 32b8d4d5-22ac-4b93-bcf0-be0bfe6c4aa8
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=epi7mUJBSbFq2XueApaOB4prefJn7uhjINqXkm6i0HIgHPv5rlBXVW9vKSnClIoDe9lZjMHD8%2B04fzar3B0WL77lbwBQqa0rF%2FzmS0VnQJZlQM%2BiqJdgeQkvGCKer%2F6LohHNdDk48c8tBXCl87v3"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7484b4bf59-2tcbn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 83845fd4bb7330f9-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
444 B 149ms
148ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=24abef2a-a2f4-4889-8899-dd4026584fa9&fci=51f0eda1-1ee9-472b-9dd8-4798aa90dcb0&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=166273013&v=1.1&a=3375217&pi=150420029995&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&cpi=150420029995&cgi=5901382633&lpi=150420029995&lvi=150420029995&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&t=Malware+leveraging+public+infrastructure+like+GitHub+on+the+rise&cts=1703038492913&vi=9109941e46ce69ef5139275cf7048895&nc=true&u=60854195.9109941e46ce69ef5139275cf7048895.1703038492907.1703038492907.1703038492907.1&b=60854195.1.1703038492908&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9da33694-e6cc-4e0a-b245-f891b9304801
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 11
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9da33694-e6cc-4e0a-b245-f891b9304801
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rDae8CbAlPEe8zUeLZk%2BsbmXtHx6OwNaLDK5ngP%2Bb%2FR9850zX50x%2BaokwK0TGz2BOCLGjqk8F6URdHFDlBSuBB6N1TbL8IgpV98qtSBRk0xy3YGcNwC0nuR%2BX3X01hQM%2BKA%2B4rZkqpG7tNGfN8Ka"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7484b4bf59-xgqx5
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 83845fd4cb7730f9-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
730 B 148ms
148ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=24abef2a-a2f4-4889-8899-dd4026584fa9&fci=51f0eda1-1ee9-472b-9dd8-4798aa90dcb0&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=166273013&v=1.1&a=3375217&pi=150420029995&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&cpi=150420029995&cgi=5901382633&lpi=150420029995&lvi=150420029995&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&t=Malware+leveraging+public+infrastructure+like+GitHub+on+the+rise&cts=1703038492914&vi=9109941e46ce69ef5139275cf7048895&nc=true&u=60854195.9109941e46ce69ef5139275cf7048895.1703038492907.1703038492907.1703038492907.1&b=60854195.1.1703038492908&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 85a1a004-9c2b-4451-a19b-641b8f38c04e
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 17
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 85a1a004-9c2b-4451-a19b-641b8f38c04e
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CC9rwqNVVxiTjf0fFa9iMlxVmhyfhkW2%2Bt8p9E59%2BTTWGeefMsdP4bxxUVImdgSnUVW9zPERPEdQjHrzbrnqlpcC8AtJnwLszNLa8w7ClYlyODOBo8siTQ6aEq7Dh8KUbTkjFFZEeavBSkiLdyb%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7484b4bf59-7cpf7
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 83845fd4cb7930f9-FRA
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 157ms
156ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3375217&utk=9109941e46ce69ef5139275cf7048895&__hstc=60854195.9109941e46ce69ef5139275cf7048895.1703038492907.1703038492907.1703038492907.1&__hssc=60854195.1.1703038492908&contentId=150420029995&currentUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73b12d4fbf9d5e38e9e054415292156c644e34540e11cbadb58d3c9a3cf9f370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7a66799c-99bf-4e0d-82d9-049f12863a7b
content-encoding: br
x-envoy-upstream-service-time: 25
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7a66799c-99bf-4e0d-82d9-049f12863a7b
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I55uBdVEf33eoXF80o%2FotPAMbZ%2F1G%2BYjnAAYuTxG8rD0MxAJnoos6rmapVl8Lr1dUQeeYF5sKRpj4WxDzv7NycCnYtCZMl6vLQuZVI%2Bo5iYGjV2q4HLq7SQBXNhJyA3wvvqnXCJxvO%2BpTrB05Dho"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 83845fd4e9213a66-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-98629

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 187ms
186ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=68f2a038-821a-4f72-8dbb-c38e96248996&session=6bdb1e48-6e9a-448f-853c-994f03b5ded5&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A52%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222020%22%7D&isIframe=false&m=%7B%22description%22%3A%22RL%20researchers%20have%20uncovered%20two%20novel%20techniques%20running%20on%20GitHub%20%E2%80%94%20one%20abusing%20GitHub%20Gists%2C%20another%20issuing%20commands%20through%20git%20commit%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&pageViewId=eb62b252-38c2-4521-8802-8ab10e610982&v=1.1.13

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3

200

blank001.gif
static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/
Redirect Chain

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/view?webInteractiveId=281158198618&containerType=SLIDE_IN&portalId=3375217&campaignId=4a1d6be3-c45a-4a52-ae11-71b94c842a02&isLo...
https://static.hubspot.com/img/trackers/blank001.gif
https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

43 B
964 B

17ms
17ms

Image
image/gif

2606:4700::6811:c060
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

Protocol

Server

2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

115c7f3cf61e4ec19070b9e59e20e78756d39d193eb9b544065059b9935d2491

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:54 GMT
via: 1.1 1c3c1c03f4bbd4e68725363918cb3454.cloudfront.net (CloudFront)
x-amz-version-id: MFfZlkR4U8_6aknbgflTSIqo4fNbniK3
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1715677
x-amz-cf-pop: FRA60-P6
cf-polished: origSize=49, status=webp_bigger
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
content-length: 43
cf-bgj: imgq:85,h2pri
last-modified: Thu, 15 Apr 2021 16:47:19 GMT
server: cloudflare
etag: "51416c7ff0b9d7efc8c9b16d84052fab"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BMq8WvBO5Ek6tf8jGDiAnehT9KefoSXxO7sRHT9%2B01wb4UnDkUy6KeGyOMLBS4EL4wL8k9w96YNCSVc70mcqjlKQckO%2FtWBtGkbOLlbiQCAPcPF%2BhwiZpLTZFnwqlxBjj5nrRt9IyXgzoaco672Ewlq0zuk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 83845fdc1896697b-FRA
x-amz-cf-id: cm7lpA7_7ls5f-iU6yyDHAL_a4zUJWgI-T9N4arvGbyfStaZjDkPVw==
expires: Thu, 19 Dec 2024 02:14:54 GMT

Redirect headers

date: Wed, 20 Dec 2023 02:14:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gbBQrmu4OoB7%2FYUPc3amPt7d2jwU%2FdFqferkSU62OnbtYObWx9tq6e%2B%2FnnvF%2Fk0atodvBgMbpYE8G8UI7BfgOd8uIjtY1tKlKz4bx%2F9ki6%2FYlljEOA907R%2F0%2BNtTCfVFUggSyYhAI5ZJOjQUNr6lwg%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif
cache-control: max-age=3600
cf-ray: 83845fdc0fa530f9-FRA
expires: Wed, 20 Dec 2023 03:14:54 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 191ms
191ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=68f2a038-821a-4f72-8dbb-c38e96248996&session=6bdb1e48-6e9a-448f-853c-994f03b5ded5&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A53%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223022%22%7D&isIframe=false&m=%7B%22description%22%3A%22RL%20researchers%20have%20uncovered%20two%20novel%20techniques%20running%20on%20GitHub%20%E2%80%94%20one%20abusing%20GitHub%20Gists%2C%20another%20issuing%20commands%20through%20git%20commit%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&pageViewId=eb62b252-38c2-4521-8802-8ab10e610982&v=1.1.13

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 211ms
211ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=68f2a038-821a-4f72-8dbb-c38e96248996&session=6bdb1e48-6e9a-448f-853c-994f03b5ded5&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A54%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224023%22%7D&isIframe=false&m=%7B%22description%22%3A%22RL%20researchers%20have%20uncovered%20two%20novel%20techniques%20running%20on%20GitHub%20%E2%80%94%20one%20abusing%20GitHub%20Gists%2C%20another%20issuing%20commands%20through%20git%20commit%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&pageViewId=eb62b252-38c2-4521-8802-8ab10e610982&v=1.1.13

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 185ms
185ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=68f2a038-821a-4f72-8dbb-c38e96248996&session=6bdb1e48-6e9a-448f-853c-994f03b5ded5&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2020%20Dec%202023%2002%3A14%3A55%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225024%22%7D&isIframe=false&m=%7B%22description%22%3A%22RL%20researchers%20have%20uncovered%20two%20novel%20techniques%20running%20on%20GitHub%20%E2%80%94%20one%20abusing%20GitHub%20Gists%2C%20another%20issuing%20commands%20through%20git%20commit%20messages.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20leveraging%20public%20infrastructure%20like%20GitHub%20on%20the%20rise%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-leveraging-public-infrastructure-like-github-on-the-rise&pageViewId=eb62b252-38c2-4521-8802-8ab10e610982&v=1.1.13

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 02:14:56 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

145 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 21:23:10	Name: _GRECAPTCHA Value: 09AFVEQSe2xPDzXWJ2O-o19MkzYeUzxXrhCXVvwGsHUHIIonmPhdC366Pijrz1NMUnaeZAaxy8vR_givRudeKGVDg
.www.reversinglabs.com/	1970-01-20 17:04:00	Name: __cf_bm Value: 4pElxHhixwY8yRx.11P5nF36F9jeYTcE8p3vVxU23Xg-1703038490-1-AcyaqoAcQJRuF4UD7GWrlfLtIFGyuu/Ox2DUCSJDE+X5KgCfqTP9TjT65e7HyOL/DsrMJrtJbpuOYGs0Yzk6rT4=
.www.reversinglabs.com/	1969-12-31 23:59:59	Name: __cfruid Value: 3a6911b204c1a6d492e33a3e37a845940e674784-1703038490
.reversinglabs.com/	1970-01-20 19:13:34	Name: _gcl_au Value: 1.1.1603070295.1703038491
.reversinglabs.com/	1970-01-20 19:13:34	Name: _fbp Value: fb.1.1703038491418.497959117
.ws.zoominfo.com/	1970-01-21 01:49:34	Name: visitorId Value: b2ebad197d201e7112ded19a9c3218c4f4467e694dff95d43f7d012f6976ec4b
.zoominfo.com/	1970-01-20 17:04:00	Name: __cf_bm Value: FD5pjkurRZ38SM0bYW3yM4.pNobc.xE0JQn3Gkhhyug-1703038491-1-AW2eMUGZX6ogdZy98QKKCCQ18oDZQeLKqbzimMsg7iwGmRr+PmSAO7g3f9jDRYlMZ9JrhMff0Yb9mK42tW6rlps=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Ax23tt3ZEKqI4COwb1UcT973afRcHmHEiaJ9z6sZUmM-1703038491429-0-604800000
.hubspot.com/	1970-01-20 17:04:00	Name: __cf_bm Value: UNZX4.ZcKlpDU1j.wK0.ai7MFyuf7CVK..RyDk_EyBg-1703038491-1-ASsnm/CRDn9OTHfeCzIrfzRsxVNSsvoaaswNjWzK9rhKgCqMjKkAOiPxhjaCDRuq9WbCxod6HFYSKc2R5vppT+s=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: cbaynY4EzI2Y9x99Q_YZwNAocTqT1G4B67pNDf1ShQU-1703038491485-0-604800000
.reversinglabs.com/	1970-01-21 01:49:34	Name: _hjSessionUser_3176008 Value: eyJpZCI6ImIzNjZkOWZlLTQyODctNTEyZS04M2VmLWQzYjI3YjA2OGZhMiIsImNyZWF0ZWQiOjE3MDMwMzg0OTE1MTcsImV4aXN0aW5nIjpmYWxzZX0=
.reversinglabs.com/	1970-01-20 17:04:00	Name: _hjFirstSeen Value: 1
.reversinglabs.com/	1970-01-20 17:04:00	Name: _hjIncludedInSessionSample_3176008 Value: 0
.reversinglabs.com/	1970-01-20 17:04:00	Name: _hjSession_3176008 Value: eyJpZCI6IjdmN2JkZjc3LTAxYTUtNGUxMC1iZjU0LTNkN2VhYTMwZTM4OCIsImMiOjE3MDMwMzg0OTE1MjAsInMiOjAsInIiOjAsInNiIjowfQ==
.reversinglabs.com/	1970-01-20 17:04:00	Name: _hjAbsoluteSessionInProgress Value: 0
.reversinglabs.com/	1970-01-21 02:39:58	Name: _ga_JVM9Z1XQPL Value: GS1.1.1703038491.1.0.1703038491.60.0.0
.reversinglabs.com/	1970-01-21 02:39:58	Name: _ga Value: GA1.1.986589282.1703038492
.reversinglabs.com/	1970-01-20 19:13:34	Name: _rdt_uuid Value: 1703038491613.639ac5ce-4544-4a94-abfd-edeb5e5824b9
.doubleclick.net/	1970-01-21 02:25:34	Name: IDE Value: AHWqTUnOmxiWd6EbRU1VgcIwdAG2TjT_FqIIpEnXgmkQJnt2B5IYC0EF4iUVA35v
snid.snitcher.com/	1970-01-21 02:39:58	Name: SNID Value: eyJpdiI6InA4clBtaTkvZ2tKSDArWWJ1TlMrS0E9PSIsInZhbHVlIjoiUXI1TzhYL0VZOUJDNkcvN2wwd2R4UXBNM1dqVTE0K2gxM3hyZlZBSU56RDZaYXlOV21CR09LWDhDbHFYamR6MCtHSXZmT3NGbkpVOG04VjIxMVEzcXJUdDY4VnJPSkllZFhvL0YyRzZxb253ZDV3Q21hK2g2RkNEYnJDQmt6b0oiLCJtYWMiOiI0ZjM4OWEzZjQyNzMyZDcyNjU1NThhMThhZDM2ODg5MjgzYjZjMjRlYzU3ZjZhMjgyY2QyZThlNzZiODk2OWJmIiwidGFnIjoiIn0%3D
www.reversinglabs.com/	1970-01-21 02:39:58	Name: _gd_visitor Value: 68f2a038-821a-4f72-8dbb-c38e96248996
www.reversinglabs.com/	1970-01-20 17:04:12	Name: _gd_session Value: 6bdb1e48-6e9a-448f-853c-994f03b5ded5
www.reversinglabs.com/	1970-01-21 01:49:34	Name: Metadata_visitor_id Value: lqd55aaic7m0wca6c4u
www.reversinglabs.com/	1970-01-20 17:04:00	Name: Metadata_session_id Value: lqd55aaii7hcjh9985b
tracking.g2crowd.com/	1970-01-20 17:24:08	Name: _session_id Value: 97dfadc353e5fa7a311a491ab3fe309c
.g2crowd.com/	1970-01-20 17:04:00	Name: __cf_bm Value: 2d4PpBh1Pm.6dSFdyhfTSs3DNilbc2G5j4EQZIBZ5rk-1703038491-1-ASFrT8HZ3gfwuKjZwHcAfK1qUeyIbJcms631Od8jc9kcCoQVJ4xOISqu9JekrKAsE12e8EO1nI6n4JEdAgZjcnc=
.linkedin.com/	1970-01-20 19:13:34	Name: li_sugr Value: f5e9dd96-920f-4094-85b3-b0b8abb90861
.linkedin.com/	1970-01-21 01:49:34	Name: bcookie Value: "v=2&920a8269-e3cd-4100-8f51-66bc12b5c1ff"
.linkedin.com/	1970-01-20 17:05:24	Name: lidc Value: "b=OGST06:s=O:r=O:a=O:p=O:g=2818:u=1:x=1:i=1703038491:t=1703124891:v=2:sig=AQG2zUeU269GflRg_m2CNQ1uzVP9lrxz"
.6sc.co/	1970-01-21 02:39:58	Name: 6suuid Value: bd641102cd2c01001c4e826550000000d345ac00
.linkedin.com/	1970-01-20 21:23:10	Name: li_gc Value: MTswOzE3MDMwMzg0OTI7MjswMjFhzKJTOZhI4OVVxjB7b80RrcOWWbcyeYx/IbCzJ3m1SA==
.hs-sites.com/	1969-12-31 23:59:59	Name: __cfruid Value: 801dc6824732068f8797799bfde5bc78c0c7b7d3-1703038492
.a.usbrowserspeed.com/	1970-01-21 01:49:34	Name: tuid Value: 1bed7919-0e62-4d4e-8852-cf26c42fdfce
.reversinglabs.com/	1970-01-20 21:23:10	Name: __hstc Value: 60854195.9109941e46ce69ef5139275cf7048895.1703038492907.1703038492907.1703038492907.1
.reversinglabs.com/	1970-01-20 21:23:10	Name: hubspotutk Value: 9109941e46ce69ef5139275cf7048895
.reversinglabs.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.reversinglabs.com/	1970-01-20 17:04:00	Name: __hssc Value: 60854195.1.1703038492908

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://connect.facebook.net/signals/config/1076912843267184?v=2.9.138&r=stable&domain=www.reversinglabs.com(Line 132) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3375217.fs1.hubspotusercontent-na1.net
3375217.hs-sites.com
a.quora.com
a.usbrowserspeed.com
ads.anura.io
alb.reddit.com
api-gw.metadata.io
api.hubapi.com
app.hubspot.com
b.6sc.co
c.6sc.co
cdn.metadata.io
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
cookieinfoscript.com
cta-service-cms2.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
perf-na1.hsforms.com
platform.linkedin.com
platform.twitter.com
play.vidyard.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
region1.analytics.google.com
script.anura.io
script.hotjar.com
snap.licdn.com
snid.snitcher.com
static.hotjar.com
static.hsappstatic.net
static.hubspot.com
stats.g.doubleclick.net
syndication.twitter.com
track.hubspot.com
tracking.g2crowd.com
ws.zoominfo.com
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.redditstatic.com
www.reversinglabs.com
104.244.42.72
13.107.42.14
13.32.27.21
15.197.193.217
151.101.193.181
151.101.65.140
162.159.152.17
18.66.147.34
18.66.97.53
2.17.100.193
2001:4860:4802:34::36
2600:9000:223c:3600:9:d7d4:1380:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:671f
2606:4700:4400::6812:22e5
2606:4700:4400::6812:297c
2606:4700:4400::6812:2b1f
2606:4700::6810:50ba
2606:4700::6810:70d1
2606:4700::6810:890f
2606:4700::6811:180e
2606:4700::6811:589a
2606:4700::6811:b05d
2606:4700::6811:c060
2606:4700::6811:cbcc
2606:4700::6811:e4a3
2606:4700::6811:fba8
2606:4700::6812:7a0c
2606:4700::6812:a07d
2606:4700::6812:b07d
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:802::2003
2a00:1450:4001:802::2008
2a00:1450:4001:808::2003
2a00:1450:4001:813::2003
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2004
2a00:1450:400c:c1f::9c
2a02:26f0:3500:16::215:148d
2a02:26f0:7100::210:172
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42:600::396
2a06:98c1:3120::3
3.67.234.21
3.9.65.245
52.55.198.1
52.88.188.95
54.189.55.164
65.9.65.116
05cbedcdeffcf17d98d61b6b0185bf433cba4f005cc361086d6bd636e18b7876
09d01a00c23781420e6623249a514a995ea7dd8417159f308ca5391078243928
0a25ed0673ac124291602fea660540c3c07e031b2671480ee9070faf25144407
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f
0ad17c7d661733bbf1cfe9bc6e85033bfed43c87c94cb72ba02f484adf1593c0
0da5e1118c02170472deee61a79fcffab50bd849f2a8e8aa987ee200e910dc9d
115c7f3cf61e4ec19070b9e59e20e78756d39d193eb9b544065059b9935d2491
131196ee656b5b8a789a1d317d426fa1061e385dcfe7430645319a9e19adbe86
14a53d8ab27fbe9d5477b3a1d7c7e0d9475e44080242e90f850ad24e45b70fdb
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1819475257f8d4b324cdaa49e87bf54eed785c53dea112a68bbd51658d88f574
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
262c51d03e4bdb5c91511e2df131b608a522b7a96c6a89048ceb90084b3402dc
26b0fcec3a00809d69d480b663351d6fbf6d5425dee471c4e24d8d29f8c07d83
2b55385b7906037735336c7f18346a16a71febbf4779422ec1bb07cc539a1bae
2e0e46665e34d5b09152a1ab9be9e89802f26f40b6e1a29780bf07ae94bc2376
2e8ac193dd69f6561479a2c46c7089f5b1c66c4afa36ec74958be270e25e3db3
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
350dfd290fcaf704accd61883b7d6dd6e2fcb8d6f10c747ba96707c20bddc000
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c
3ad18adbeea16ce6ae9bb5a31c632b37a3f8f1d944736884c1c4e30199ff1d76
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3ff534c713bd742f17f5666981a9a02a9c4c4831e3ba481412ae395c4d141c42
42f2eb626b5020f9045484bd2c6759faefdb159c8e06085b83629f0b97139bb5
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
46c40fb973de87b70f9c738df7e9dc501f85fda35e5aac8aead035ee6957a625
495f0255c5a98d47f7ffefdb2a1978fdee6a5db28938bbca891cc435f63101c8
49ccd6ef67a5506a1c8ae4ca61d9bcc2d3fcd8b70dc6ce7ef7ee8977a49856ff
4bc7148ba69c82eccc86c4a9b90d4cf456d9129c9503ad143c8005735f3fb8ba
4c42962a901819fd2c6b69555f1e115b90f3adbb7900c15b74d9685dd7a039ff
4d6f3ace3f5adc9c94b8d15cc5e184ee98ab1f4743a04941476a99c1aee29ace
4e0a199d8c63738136f6932b2875fa8a39c8ac810410bf6522d2100d1cd7d0ea
5011ec31226165c8656b2f206bd2bd65b2d413f3b33950adf866bd6e6f0ae69b
507795fa1ede9be367f8bf452206bab2cccc5bdf9e581e815c734dafdb23de90
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5601de4161ffa6ce27ab6c133e4a918b3cf6ebd3f9195509ab998398aa5b8e4a
582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6
589ec6096d83ed322d2e1cf7b85f978ecfe80dc19aab6ac106ef5e2352e32269
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
61a6be0215d1b05c92be6e24d60efd13b37c7e44ddb3b4038271979298c0e14e
62fd5772453ddc3932c3d39794ee431c656d04e0b3553751f652a0f6d214f35e
654addb521083268ea5c6d1e4ae5c6f8d26d43a6429c96d05c285362a73dfd23
67637724eb8e1c4f62c0365c6eb9c4fb62ad5f384d0912711f325d004db5e2a7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ba44383bc980179d0772e2785fdb088c71034b7c54607e739bc56c0e1002250
6f8061fd33763925745e4349b693b994f563f17587b9505d76f4f6c70361b18a
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
72c4fea1ac00482b27b37e3c50f3622ea1362d7f4c4695ff427df2f11f08e7bd
72e8aa11120d22eddafdee660ecc72d141bff2ab7c42c04bbf50399b83e1645c
73b12d4fbf9d5e38e9e054415292156c644e34540e11cbadb58d3c9a3cf9f370
77af0a963d2016e3165d4e70050e60f0054e70ed0dba5ae5c2be14bcccbff207
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
7a94e1fd7de26b8bd3e63fc666c3d79bbe010fcbc98732cd4c617f99d413b99d
7b1ecc91aa14b48acb2f7655cc2f4285d7839ab8d239982d4473b02917cd55db
7c94ca565fdf634b00d636a4f3d61caea9f3e0b057df52cb90b6e6a2f5ebf7c5
7cee1b21307178bb125fae02192bc67bbecb5fc74f585aee39299e43a1d3c3ba
816360b9246cc268283dad1c2dae8f48e40df1cee8b234412201f4a03541e4a2
81c823e63afc55c1ce9d184a4cb05b22bdf86a29ce9f9756e3a58b5e645aa329
8241cded06db0303212b505a16fe00ced734ccdfa01d114845813ec58c14ea0f
87c6ad7fecd2610fd2d6074be70803d99f2f043d410501633e3147b40c692d1d
88f4bc01ba7b5b0405602c4a7a421599c3a82c23adbc0bc78f7e3ac16cfa93c0
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
89f1a01bdefa7a1d5ce3632bf7ac23bd6c16ee252987e78320895ecc43a9e43d
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8dc97419c862f91c4279fb9e2d9a0b7b9b63982ae1d3700a351ea1950c46f564
90a87400465db393a05a97d469f4df7751994ac2ac4490ce081111fdd5efd387
9103cd19fa0db417520474c8682d15529708804e7d5dcee981c8a19a7c083875
910465ba58ce39b768770efbb1b98002e133fbff2a9939cb016037d486fcf4c8
916ef06328b6e74b440f0aef1fc8d30d49642d57271a75eb16ace7221886c750
927da8c0f53be094ec3b04c6b72d1aa149574522922628425b104ccc4dda2d0b
94e9a5e460eda83b3532d27cbb92a176ac95f1429ae89f9164d47a29d3370ee2
96012ea1e665f4555d84592c02ed5ee2ae06ae12e7869c7878a9fb15cf2bd729
99422095a0a321c15136d54e3c37b3aed5675895480781218f738496eb60f96a
9aee213b009036d492c1ae5c6fffbbd21f505fa35d403e813eac73057a0e11c0
9c63c167d6ff0aa2edead131abb184ea39ee633ccbdedb7e7605d79c2d647e24
a59a536f6a35976c81d050cc1f734740643674e9736ae066f85213a5535e7a0a
aca49b9e052e3e1e7b6795a8db67fa24054d904b3a147423c063abc7dfda6e0d
adeb1346d5753fd7bff8a484755c5936189114313ad412bc63996d8094a1b1f2
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b94cd1a7c0ac73f67afea3ccb51f73d83769169d7cb705cb6acaa3341192485e
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb8007225d94a099cddbade7ea904667c0dd0b68d5e30778e5c6257589ab94d1
bc5ac8beebb7091b4d0574214a501c6e2ff1ded017f9da00935ee102c3343bca
be806513bf84af0e310b27e6d4c7eaa56119e06690c7b0bc50d728b7e82b3c9f
bec065ae320fed4bb93d09440a473e82958293c8daf9371354588ece80588d15
bef3bce37bdb43f038b3759ace84d180c77b1121c6cd7f8fab8c5ccd393261e0
c2a101f313f27c267a744088e44664a87d2ec7dc2a3464bf1319a95094dc76db
c44bc92eb78d7b1596789095812e8c24f5c3f9b4835318cf329204d1efc37abb
c6294344ebba9d58c69a39884ec289f2256f0ccc846bc9dbc8762511802f19d2
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805
c997ad6f4c3e4db29863ce905780a5c27351e25e597729a066732c0971ba7933
ca9d815b8d60e1950cecf92297c258dbe3bf49f9375c12271639cf6b6f124c70
cc1f11d398f826f3855f31d210b79d416b02e7f8201dd574625c1358224d26bc
ceca34a6609e849c64f553866eded7c217469d377e78d3fc21ff1c5cce67b388
d2eb7093513140ab10afe728fa024ba59e13dab8423a8a5db8ca9aa0e16bde74
d670233ca601ed8dd1f500ecd0a0ba5760ff7259e9409ff4c8adf8c4351fcd3f
d6dc97993d7e4803aeb35d0e9a24f0393eceb43de5f7ff0f0e437f1b05aea4e2
d79d912be2056b61d11fd88345b688c2a559277e4a567285d2918e129ccc423e
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4
da0183f97db8d8d2af9a74abfdf38270689dec5cc34c7b0ec229ba69e9bcc756
daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de2dde7256d42741ff6251d13c22f4540931d947619e1ee55ff8965445b7002a
e2f9f218c12fca0483e52d64d1001ea2d9c1fa3075b9a1fc6b3479c4e4431d60
e32ccb321369017de7c6d1f41e2d5aeac8497abd91f55446a7ef31fdd6c739f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40c8f9d7a3c7c71ee109b2ae4df7dd9b6e3b0cd287d77f9a98312c53392ae25
e492e5bd630a86a679a9ead911fc5e1e155d75098344c375131c40470e97396d
e4b6df4862a485f0f5640216f25211c7604dd2e7576b908499b4c423e3729362
e899bd2df48b20b554a4660145a7892710e0478a878934b7bd486bd6cef6d598
e9b8906a8b7540b8accfd2a491c0821d6bd6d8ccbd4ab53a56da8906ff028423
e9f3dd042bf1796ea7b2921bf72f593b94e9dffec3ac744661e3a0d0dd2b5210
eb5f5771f12f1cd58ca2833743b76908f15386906e2fe3a92162916abf330223
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3e7e94fc36d961b807c8fa6c2bbbd5cf60a746a95c0d01f331d847156b198c
f0682c5bcb9a2e1a7a27212c0fcebe713d653ad64e32742d4a4dbea937bb6bb7
f277f68dfdfd292d90cb8024420897e6915ab570803af77f6e2118dea071a7c7
f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fb71e0d749623b7c583b86934740d866e5f6fc000204c6b3cb7dfe25a888cc60
fc1f36d89ddb377187edd50e7e1cbb9511baa256f6c57711f02601edab716361
fc2fab7ad17829305a9146a6a0db45bf46dba8b104548a2777c5583c0aff059d
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.reversinglabs.com Open in urlscan Pro 2606:2c40::c73c:671f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

175 Requests

99 %HTTPS

70 %IPv6

40 Domains

62 Subdomains

55 IPs

5 Countries

3395 kBTransfer

7886 kBSize

37 Cookies

18 Outgoing links

Redirected requests

175 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.reversinglabs.com Open in urlscan Pro
2606:2c40::c73c:671f Public Scan

Screenshot
Live screenshot

Full Image

175
Requests

99 %
HTTPS

70 %
IPv6

40
Domains

62
Subdomains

55
IPs

5
Countries

3395 kB
Transfer

7886 kB
Size

37
Cookies

175 HTTP transactions
1 data transactions