www.cadosecurity.com Open in urlscan Pro
188.114.97.3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Submission: On December 18 via api (December 18th 2024, 12:26:52 pm UTC) from RU — Scanned from DE

Summary HTTP 104 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 26 IPs in 4 countries across 24 domains to perform 104 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is www.cadosecurity.com.
TLS certificate: Issued by WE1 on November 25th 2024. Valid for: 3 months.

This is the only time www.cadosecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.64.147.188 172.64.147.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
44	104.18.41.124 104.18.41.124	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	172.217.16.200 172.217.16.200	15169 (GOOGLE) (GOOGLE)
5	104.16.118.116 104.16.118.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.87.62 104.18.87.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.181.234 142.250.181.234	15169 (GOOGLE) (GOOGLE)
1	18.66.102.106 18.66.102.106	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.99 142.250.185.99	15169 (GOOGLE) (GOOGLE)
1	13.33.187.19 13.33.187.19	16509 (AMAZON-02) (AMAZON-02)
4	172.64.147.16 172.64.147.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.223.152 104.17.223.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.107.254 104.16.107.254	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.117.116 104.16.117.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.160.168 104.16.160.168	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.112.79 18.66.112.79	16509 (AMAZON-02) (AMAZON-02)
5	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.244.108 104.18.244.108	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2.18.64.212 2.18.64.212	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	150.171.29.10 150.171.29.10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
2	157.240.251.35 157.240.251.35	32934 (FACEBOOK) (FACEBOOK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	204.79.197.237 204.79.197.237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE)
1	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
104	26

9 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

www.cadosecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.147.188 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

pro.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 104.18.41.124 (None, )

ASN13335 (CLOUDFLARENET, US)

14518100.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
302335.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f200.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.118.116 (None, )

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.87.62 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-106.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.187.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-19.fra60.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.147.16 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.223.152 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.107.254 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.117.116 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.160.168 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-79.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.244.108 (None, )

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.64.212 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a2-18-64-212.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 150.171.29.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.251.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.79.197.237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	hubspotusercontent-na1.net 14518100.fs1.hubspotusercontent-na1.net 302335.fs1.hubspotusercontent-na1.net — Cisco Umbrella Rank: 124261	3 MB
9	cadosecurity.com www.cadosecurity.com	66 KB
7	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 14744 app.hubspot.com — Cisco Umbrella Rank: 5921 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3677 js.hubspot.com — Cisco Umbrella Rank: 3653 track.hubspot.com — Cisco Umbrella Rank: 2477	31 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	498 KB
5	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 16907 forms.hsforms.com — Cisco Umbrella Rank: 4839 perf-na1.hsforms.com — Cisco Umbrella Rank: 3819	4 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	29 KB
2	bing.net bat.bing.net — Cisco Umbrella Rank: 8327	464 B
2	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 333	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	218 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	75 KB
2	bing.com bat.bing.com — Cisco Umbrella Rank: 359	15 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	22 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4811 forms.hscollectedforms.net — Cisco Umbrella Rank: 4960	26 KB
2	gstatic.com fonts.gstatic.com	70 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 888 script.hotjar.com — Cisco Umbrella Rank: 1185	61 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
2	fontawesome.com pro.fontawesome.com — Cisco Umbrella Rank: 5846	171 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3353
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3690	1022 B
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 3181	232 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	25 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3341	4 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 10169	2 KB
104	24

	Domain	Requested by
33	14518100.fs1.hubspotusercontent-na1.net	www.cadosecurity.com 14518100.fs1.hubspotusercontent-na1.net
11	302335.fs1.hubspotusercontent-na1.net	www.cadosecurity.com
9	www.cadosecurity.com	www.cadosecurity.com
6	www.googletagmanager.com	www.cadosecurity.com www.googletagmanager.com js.hsadspixel.net
4	js.hs-banner.com	www.cadosecurity.com js.hs-banner.com
3	perf.hsforms.com	www.cadosecurity.com
2	track.hubspot.com
2	bat.bing.net	bat.bing.com www.cadosecurity.com
2	px.ads.linkedin.com	snap.licdn.com www.cadosecurity.com
2	www.facebook.com	www.cadosecurity.com
2	connect.facebook.net	www.cadosecurity.com connect.facebook.net
2	bat.bing.com	www.googletagmanager.com bat.bing.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	cta-service-cms2.hubspot.com	www.cadosecurity.com js.hubspot.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	14518100.fs1.hubspotusercontent-na1.net js.hs-banner.com
2	pro.fontawesome.com	www.cadosecurity.com pro.fontawesome.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	perf-na1.hsforms.com	www.cadosecurity.com
1	forms.hsforms.com	www.cadosecurity.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	api.hubapi.com	js.hsadspixel.net
1	vc.hotjar.io	script.hotjar.com
1	js.hs-analytics.net	www.cadosecurity.com
1	js.hubspot.com	www.cadosecurity.com
1	js.hscollectedforms.net	www.cadosecurity.com
1	js.hsadspixel.net	www.cadosecurity.com
1	app.hubspot.com	www.cadosecurity.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.cadosecurity.com
1	cdn2.hubspot.net	www.cadosecurity.com
1	no-cache.hubspot.com	www.cadosecurity.com
104	33

This site contains links to these domains. Also see Links.

Domain
docs.cadosecurity.com
cta-service-cms2.hubspot.com
twitter.com
www.linkedin.com
aws.amazon.com
github.com
azuremarketplace.microsoft.com
console.cloud.google.com

Subject Issuer	Validity	Valid
cc40886c.sni.cloudflaressl.com WE1	`2024-11-25` - `2025-02-23`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-01-27`	6 months	crt.sh
hubspotusercontent-na1.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
*.google-analytics.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
hubspot.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
*.gstatic.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hsadspixel.net WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
hscollectedforms.net WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
hs-analytics.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-02-07` - `2025-03-08`	a year	crt.sh
hsforms.com WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
hubapi.com WE1	`2024-11-07` - `2025-02-05`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 08	`2024-12-15` - `2025-06-13`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-26` - `2024-12-25`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
bat.bing.net Microsoft Azure RSA TLS Issuing CA 07	`2024-10-27` - `2025-04-25`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Frame ID: ED33E32D565B5A3B14E32310F5E46743
Requests: 102 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.cadosecurity.com
Frame ID: 1B61A1340AA8155BA77EEAE064BBE71E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

104
Requests

100 %
HTTPS

0 %
IPv6

24
Domains

33
Subdomains

26
IPs

4
Countries

4660 kB
Transfer

8230 kB
Size

21
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://docs.cadosecurity.com/cado-response/intro
Title: Documentation Technical documentation on how to best leverage the Cado platform.

Search URL Search Domain Scan URL

URL: https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=92904fd2-b110-4436-a892-9e399d0cabe2&signature=AAH58kEBBMYXkZM_7S1VMvgMSwvc8atsPA&portal_id=14518100&pageId=null&placement_guid=a51b72aa-daa5-4df8-a061-1902834ccdb0&click=d434cdd2-0cdc-4841-9a16-832413152b7d&redirect_url=APefjpGzSHLe75bW9Rbr_n2k_UU8Lwax7t0uxJ79CbFU_U1tkGybuysV4w6TQu0sCYxMAds1H20asLRcszPIfSjlbyk1dwqP7JB31mDQlIMBB74z2R4_oE38Ro2g5mvAkiJKm5NJfN3F&hsutk=7da8e6ae11968dc5d3baf4168007988e&canon=https%3A%2F%2Fwww.cadosecurity.com%2F404&ts=1734524807658&__hstc=185812470.7da8e6ae11968dc5d3baf4168007988e.1734524808556.1734524808556.1734524808556.1&__hssc=185812470.1.1734524808556&__hsfp=930271884&contentType=standard-page
Title: Get a Demo

Search URL Search Domain Scan URL

URL: https://twitter.com/CadoSecurity

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cado-security/

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/seller-profile?id=38874fd2-b585-412f-992a-cf111bbca38a

Search URL Search Domain Scan URL

URL: https://github.com/cado-security

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/cadosecurityltd1626856705534.cado-response?tab=Overview

Search URL Search Domain Scan URL

URL: https://console.cloud.google.com/marketplace/product/cado-public/cado-response?pli=1

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

104 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 404 Primary Request spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Show response
www.cadosecurity.com/blog/ 54 KB
9 KB 340ms
316ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72df999e71586cc7d8e9b6945f74f286d0dec270394a0de450cba1ace66ab1a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=5,max-age=5
cf-cache-status: EXPIRED
cf-ray: 8f3f24ab5c58dc85-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Wed, 18 Dec 2024 12:26:47 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yBT7Bmt0oFBuwR9ZgQv%2FFiOcTXxU3vRAvJwbcypJtjnqnG%2BnFnfXFVmpW0SD5nJUmgka%2Bmlabn1LqbRAgkBva4aA50PnZbaiO5hQgLARXkCNt9wJeROFIYmgn8xQCWSkbv8oU1LW"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfExtPri
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 153
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-0-9-td/envoy-proxy-5675bf5846-wlbsx
x-evy-trace-virtual-host: all
x-hs-reason: No view mapper found to handle request
x-hubspot-correlation-id: 159daa61-571f-48a1-9ad0-82fa2c5eada5
x-hubspot-notfound: true
x-request-id: 159daa61-571f-48a1-9ad0-82fa2c5eada5

GET
H2 200 all.css
pro.fontawesome.com/releases/v5.13.0/css/ 170 KB
32 KB 70ms
32ms Stylesheet
text/css 172.64.147.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.13.0/css/all.css
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.188 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e36d48c48ae338b5cccef7dedc545d736dff75042f4ecf272c7061a4fd92a4b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cadosecurity.com
Referer: https://www.cadosecurity.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"e889f00c68ceb105b6680ca5c96b3eae"
age: 1759240
access-control-allow-methods: GET
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: text/css
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 28 Jun 2021 17:09:16 GMT
x-amz-id-2: cBBIwIoIWdWkcSGexCgk5l3YiTUq4rkINy5li+Ba3BjAB4iPoDoWZcuoKSzhrS+A91CnkpbjskKywh+CKP3B23KLcEHw+Etf
cache-control: max-age=31556926
x-amz-request-id: NP3VDHEV1PA8BWPP
cf-ray: 8f3f24ada9b0d281-FRA
access-control-allow-origin: *
server: cloudflare

GET
H2 200 styles.min.css
14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/template_assets/156178194464/1728675369609/cado-unified4-srw/css/ 308 KB
34 KB 77ms
42ms Stylesheet
text/css 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/template_assets/156178194464/1728675369609/cado-unified4-srw/css/styles.min.css
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85631ac7bcdf6b849bdd99d1aa1bea99067e4ac640706e6d59edf98b4edae360

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-request-id: cb15d079-be43-4698-9d54-1c431df5ce79
content-encoding: gzip
cf-cache-status: HIT
etag: W/"695c235cffa5d22a9f270ec2e84adf36"
age: 657893
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: cb15d079-be43-4698-9d54-1c431df5ce79
content-type: text/css
last-modified: Fri, 11 Oct 2024 19:36:12 GMT
vary: Accept-Encoding
x-amz-replication-status: PENDING
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6dc5b9b5cd-cltqb
x-envoy-upstream-service-time: 182
cf-ray: 8f3f24ad9dcdd298-FRA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-meta-created-unix-time-millis: 1728675371289
x-amz-server-side-encryption: AES256

GET
H2 200 module_156175596464_u4m-header.min.css
14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675368615/ 21 KB
4 KB 75ms
40ms Stylesheet
text/css 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675368615/module_156175596464_u4m-header.min.css
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7798dc167b0321ffd040e4f665db503e3037ba907ec059af874dcf4191be06e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-request-id: c9fe183e-19fc-469c-853d-c6802e227cab
content-encoding: gzip
cf-cache-status: HIT
etag: W/"4abc61d3bb5e456d1d206de9e853cc24"
age: 657893
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: c9fe183e-19fc-469c-853d-c6802e227cab
content-type: text/css
last-modified: Fri, 11 Oct 2024 19:36:09 GMT
vary: Accept-Encoding
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6dc5b9b5cd-tfwpd
x-envoy-upstream-service-time: 170
cf-ray: 8f3f24ad9dc9d298-FRA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-meta-created-unix-time-millis: 1728675368615
x-amz-server-side-encryption: AES256

GET
H2 200 module_156174794365_u4m-footer.min.css
14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156174794365/1728675367442/ 5 KB
2 KB 74ms
40ms Stylesheet
text/css 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156174794365/1728675367442/module_156174794365_u4m-footer.min.css
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93f97df970c96fc8220de21b8a903081bef952c3883dd56e298955d8ea8c49e3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-request-id: ed4b3170-2518-4654-a52b-084b299d23fb
content-encoding: gzip
cf-cache-status: HIT
etag: W/"7b94171f5ef0680e01626150356cd055"
age: 640946
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: ed4b3170-2518-4654-a52b-084b299d23fb
content-type: text/css
last-modified: Fri, 11 Oct 2024 19:36:08 GMT
vary: Accept-Encoding
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6dc5b9b5cd-cltqb
x-envoy-upstream-service-time: 169
cf-ray: 8f3f24ad9dced298-FRA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-meta-created-unix-time-millis: 1728675367442
x-amz-server-side-encryption: AES256

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 364 KB
122 KB 87ms
47ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S0BZ30LS47

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f200.1e100.net

Software

Google Tag Manager /

Resource Hash

128b57e5dec420f0aa44cf53c881d4c2b0326551fe2ab4da4c10c93595bb9d3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 18 Dec 2024 12:26:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 124223
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 footer-logo.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/ 3 KB
2 KB 40ms
33ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/footer-logo.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75b27571ceafa6560289a62df52861afcfd4eb9d78307fa2f25951173ba3edb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"400bc1ae77f8cc0213af7956c70e759e"
age: 658182
cache-tag: F-156298795658,FD-156298948201,P-14518100,FLS-ALL
x-amz-version-id: IeitFlB2dlq52o92sK5wF4Yk9QcxEM4R
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 6hB38MQU-OKQ6JzzpBRpy7q8dQWVQ5JIWVtznNDb5g7NLTLAKoB4gw==
content-type: image/svg+xml
last-modified: Fri, 09 Feb 2024 16:38:19 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156298795658,FD-156298948201,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 3MMBV52JSW8HA9AB
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-156298795658,FD-156298948201,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: 0mOTP5BziZdxWbzFEbAYSSdrhUn8qB7ySdHIjrzq2HQPwCmu2KiIp9+0CsB40catVvMNRrNtz7xCYFoG8cn6JXhUUmSkLXncAKHjZZFhx4k=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5fc7d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1707496698739

GET
H2 200 Icon-Platform.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 5 KB
3 KB 44ms
37ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Platform.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac41eb7a5b856d49f9c8845313325be66c4bfd221163e4b492b7c338286845bf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"0eaa39fb1179edc94d1abd732ef5a61f"
age: 1561999
cache-tag: F-158908370499,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: ip2hSiupg079rNfElCK.QaZ7q9Dcdvw6
x-cache: RefreshHit from cloudfront
x-amz-cf-id: j_wfNsU6VBIxSzo_qtsy31qUjnkPOMSUjaeiw4zot4XAVp6joCMCTQ==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158908370499,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: PDCPE06FK6GJXGZG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158908370499,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: U18+rohTFh7QHzCJjLn+ft3mbVPMfdq7Rxwp2+/6a61uHtHmSHSBdTqmFU6E/RpeRVXgAuhsa69eYEpMedPusg==
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 dc929648f0c936ae1fcea0675ad0382c.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5fc8d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092659

GET
H2 200 Icon-Environments.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 9 KB
3 KB 47ms
41ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Environments.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e35f8ff087c3b5bed43bfab3509d5a93813d5015d9088f7e3fb2d7c195450ae4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"01e43610f0380ba6fd382b6810bda5f7"
age: 1597788
cache-tag: F-158908415831,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: Kmex14K3m5YINymWb1JSjyfREHrvmz07
x-cache: RefreshHit from cloudfront
x-amz-cf-id: OaG_Qixnoh6SX36csEnpxZKoPXUC26hoxhzC_S0MIuGbNryc62dMwA==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158908415831,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: PDCS22MXNQ7QGT47
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158908415831,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: rrdbbfS1koACqJbT+DL6aYzU9dE0m8LUnjHGBs7vU/9BVKM+aES4PKO/B+hZpjzw38RUlfcDuwM=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 134eef7df83fe066fda8a86e722c33dc.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5fcbd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092686

GET
H2 200 Icon-Integrations.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 5 KB
2 KB 46ms
40ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Integrations.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83b431b794a9395cb27b2b781106fff5f24653f0a57813212911c5e2fa517d02

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fb90cdd06dd3fcdc24df99b85b98bc88"
age: 640945
cache-tag: F-158910116173,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: HUiHbwUAuxNlr_KbxqNtaUXRKJmD7f3j
x-cache: RefreshHit from cloudfront
x-amz-cf-id: ob4XYpg9t4vZyvUG3G9IDShlCWvSy97xLzpXvW4nhOjjmdrscnurmg==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910116173,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: C60FDQCA4BWJ1R3S
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910116173,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: 0AdyGx6jsO0eEaE1lSS1Rc7MALEkHukMTMI8HEwpdzKRsFce+qHKWGRquiEf6Q8jVB6UtlknpFOH0iyc9Y1yfQ==
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 6dcc6937cfa978a65f9d5d75296b24a6.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5fccd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092682

GET
H2 200 Icon-Cross-Cloud%20Investigations.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 5 KB
3 KB 44ms
38ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Cross-Cloud%20Investigations.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b032cf763e3e7982adca76421524d0f8ddc93b1ff64c96aa8baeb4d19242d7c3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"ab77efa24fbcc948a87d2acf5bb60afd"
age: 1470009
cache-tag: F-158910756427,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: 8_kF1hKnzx189VWn.rkzYtM8kA.rY3MC
x-cache: RefreshHit from cloudfront
x-amz-cf-id: iywUS_-Q8Tx3YduZoFZLkGL9oQEYTdxFhdxLTfa1Q8YEcYSvkkvOsA==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910756427,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: MBJ12QKXRQ7F7GVH
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910756427,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: NX96ui9XnuY0Um+PaawvR3JpReFRxV0jnnPnlBt2nHAvW24Xs02dwSSgCfY7natl8nhdP/JIHGk=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 6dcc6937cfa978a65f9d5d75296b24a6.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5fcdd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092704

GET
H2 200 Icon-Container-Investigations.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 7 KB
3 KB 39ms
33ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Container-Investigations.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6f440cef04de6967acfca12b29f5c95e1d5b863245f8568d201813f6f5c4c4a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"5d09bd0a454e9061de781faf40b91493"
age: 1655351
cache-tag: F-158910600962,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: xoTMmO36YN7vDNZKxmbI8eWL6AwdxElT
x-cache: RefreshHit from cloudfront
x-amz-cf-id: EBK7RC9lPSIQ7U1CQHqXZXQmqn_KL00BWnmh3qEgAJxyk5KUL8R11A==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910600962,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: BXAV4P1KXV8RZ4SJ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910600962,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: 0SLK/uH8tHyKgieaIo1ooateXy0qzxnVLAjVkUsSD7z8Ef1RxTtPLOcsJQLr15ubFM9zlNlGhTY=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5fced298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092740

GET
H2 200 Icon-Endpoint-Triage.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 10 KB
4 KB 57ms
51ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Endpoint-Triage.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbdec799787b9ffc82fcb355b28fc38bf804634cb280f2e7f5b048b9b869a26d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"101e39b7d085ca7de93d81596f7c40a0"
age: 1775410
cache-tag: F-162430631742,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: b0Lb4VjtEcKY2AgktbTmqeHbB6NgFS7M
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 0rODb0L5GtN-A4pOyqTIjqX_sCs0LaVFP5CKoK4YjUrd4mJt_ByjFg==
content-type: image/svg+xml
last-modified: Thu, 28 Mar 2024 13:41:24 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-162430631742,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: EVVX5CW9YYSG987Q
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-162430631742,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: W9mXZmFKyVIxffJgZfh2eK+ncE2mq5s7tx4EXwfb+aPPl7Zo3WreOUKlMcKQq0hpN2NAwAdYFej+XCNz3D2nN9vl6QTzz2D6euFF4V1MKog=
x-amz-meta-access-tag: public-indexable
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5fd0d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1711633283487

GET
H2 200 Icon-BEC-Compromise.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 6 KB
2 KB 41ms
36ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-BEC-Compromise.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd3d6deb8e39740eeba36153d322933f8e1a4c29d6b1432a863d7b4a68497687

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"4f84134308d96b4e8c6690f3a07375c2"
age: 966177
cache-tag: F-162431186303,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: oRF7sWwMrlGjWXHV5TJS1e0O6XpU0C2K
x-cache: RefreshHit from cloudfront
x-amz-cf-id: qYBaD6elNTScGMZjKXlnN2w9dVSgivx2qODnjPk75Kpb69sSSCqvmQ==
content-type: image/svg+xml
last-modified: Thu, 28 Mar 2024 13:41:16 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-162431186303,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 030XD3SMADMK0WA1
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-162431186303,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: Ve8tn3DwkKi/GcW3VyKzHymjg/kmjaFIkb0KV6dH+qosPznZhNJYPbNeqIwRrINRd3NH8+eRJ5Q=
x-amz-meta-access-tag: public-indexable
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 4f2a14569b371893f3851a804b6ae8dc.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5fd1d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1711633275622

GET
H2 200 Icon-Incident-Containment.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 3 KB
2 KB 39ms
34ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Incident-Containment.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00fea8990ea6f50671a381300028e0fb4428d6851e54e9180d69cfe5d4c5ecad

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"c0576e3b9e4bb8c477d1f85bb7e6a202"
age: 1750084
cache-tag: F-158910854217,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: PaC1v0fMaVwNq67YijEsn_9SGzMNCoSa
x-cache: RefreshHit from cloudfront
x-amz-cf-id: qTtWEAHBNsL4l5oke1E9EkyabBli27wGOrdNKU_vAqPwNbADN0B3sA==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910854217,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 3M7FVRW6F73JCX8N
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910854217,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: 2vtjTGpRRArgllvjp6M7LxDlrBi2U+dilk8sF4tCU6FjpL0Er95lR6u12h+Qulwqmimjpgc4MrU=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 dc929648f0c936ae1fcea0675ad0382c.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5fd2d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092713

GET
H2 200 Icon-Evidence-Preservation.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 9 KB
3 KB 46ms
41ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Evidence-Preservation.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2fbfa4a756b9d7428291fa36194f2db713a5cd2a0e8242dc53915a1578d32f9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"c93fdaf7820fe09111626ef79f0e53a9"
age: 880348
cache-tag: F-158910854216,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: PdGF9LpQxle.sxFJ7N3fpd6L9byErz2Y
x-cache: RefreshHit from cloudfront
x-amz-cf-id: QeznuZxJ9SapnXolbDMbfK2RdstP70h9MKReUuYIMc8MgAW7qZmHug==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910854216,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: T7AX33DDKYJA0225
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910854216,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: qO8ud0K6w8VVNj7A/7pNeNX2EX99WKyX9UsgiCsmJbqbFB3Xw9+FQPQQFVzoUG546hVImiMcAEo=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fd7d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092687

GET
H2 200 Icon-Report.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 2 KB
1 KB 45ms
40ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Report.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e0ea050eb4c1d08b619be28958d97596caef07ec9908855a04e3d0378c3696d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"4404762544d0990dc6d44a8e72f4bb17"
age: 1470009
cache-tag: F-158908182135,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: 6Xn5sPJfydZc4cHPwsj8xIjhEPdmJ.Eo
x-cache: Miss from cloudfront
x-amz-cf-id: 9CmN8E71RrxVvQBXBUd97-IxAFC1Zoa2l5WT9jaFM9LWp7u5o8OapQ==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158908182135,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: WTGD5T109WGQ3RM4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158908182135,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: qiTlxiQeXWO9ZD+F0kV/MpUYcV6/NHQ07EnwE1cM2GM0StiCDhFM9ka0gJ6WY/uZ3O6IIiKmkhQ=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 4f2a14569b371893f3851a804b6ae8dc.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fdad298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092699

GET
H2 200 Icon-Blog.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 5 KB
2 KB 45ms
40ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Blog.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 974a198793d723425fe7023528fb24da16a52c132b10f81a1510eb6978228bd9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"4c4ca0a79751b03ca42fef114540257a"
age: 1758389
cache-tag: F-158910600961,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: FEMsnEVBK1nvjz33gRodz8MPzM2rAipI
x-cache: RefreshHit from cloudfront
x-amz-cf-id: loBkTOM6DaZyv_8WHTxq3imYyfdiSIVuHtEc04N0TvJyYw8VS1ygag==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910600961,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: NPSJDHZ1DAR1WH9H
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910600961,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: BpIQ2ywLwes5zr+uSWARBZDlwL4uYm+0CF2LPeEu8ihiH6yJQuCPAhTAZwvbPFAv6N2whLFo86Q=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 93efd892a8e99dc59164afbee331cd56.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fdbd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P7
x-amz-meta-created-unix-time-millis: 1709233092652

GET
H2 200 Icon-Playbook.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 7 KB
3 KB 40ms
35ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Playbook.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1a2ef4bc0b997dad2c90a8151e6cd98e10a644dbe55c260de97cb77f32ed47f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"09b77238d7d99462d4b30c81830fdfe6"
age: 1561997
cache-tag: F-158918452369,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: KSyK88USjO7mkANJ9ALVw4yi.DpNK8bV
x-cache: RefreshHit from cloudfront
x-amz-cf-id: CcirHI28mMuWV54QjYpdPSL1yjW2un0NdFN4d_ziqiWh2YRJs8lzlg==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158918452369,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: MQCHZTYH4DW2ST2K
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158918452369,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: dabmDoZmSNAC4o7g0WqgZ+8rH1q4Gln5wmXtUVcIKH+062bQx6wYl5K1uNWvESWPmG7xdUDs8eQ=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 21f03f5333352c6494e837ba1b3bb6ce.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fdcd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092699

GET
H2 200 Icon-Cheat-Sheet.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 4 KB
2 KB 52ms
47ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Cheat-Sheet.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 407c14430b0e1ca878f6433f10432fe6ace7860a13bd3094e36a5dc8c9559aee

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"49b54ba10bcc3f242b1556b44356624e"
age: 1026631
cache-tag: F-158910116174,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: vExu6GIEM3YgKsFzqzz1aPxreYERM10J
x-cache: RefreshHit from cloudfront
x-amz-cf-id: Up-esoxaX87tkg7N7I6b9Cph5phkOmxp6mwGiaAt_O9PbfMBN9MOtQ==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910116174,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: K0F3129P5SZR1WP4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910116174,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: vq3v9o//iDL3eejjjwGKd8Bi6uukl+AuKmEaXhl1JXgKkcVUppo9HaSASGjBZjY402F2XxviLMg=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 9ec406dc5379d974fc3d9f41dd497bf0.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fddd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092706

GET
H2 200 Icon-News.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 2 KB
1 KB 51ms
47ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-News.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78b9c28611b2f176966e3cb7efb14d6263f16cb5308fc0123a4d5586f487b8a7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"37ab788753ce603dcf150076eb19dc55"
age: 1470008
cache-tag: F-158908370501,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: PPCfQ6sv3zl3giZXjinnJtchyxxhjbMM
x-cache: RefreshHit from cloudfront
x-amz-cf-id: Gf2U0mScLfgfO7d2K6eqX5cQAsWEHjxb6iSbI-gr6yFTtN93SClUQw==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158908370501,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: NYBG6GS6XH294S3B
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158908370501,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: P1DZSmWUFZ0+MYu6i05Xf9q675k9HC6xDiZcXEkd4sBxd0yj9yzn4+WsE5rmbycSiAMLd3/Xeg0=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 69114e4ea0aa4e532a5be63a75c51e2c.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fdfd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092698

GET
H2 200 Icon-Community.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 6 KB
3 KB 77ms
73ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Community.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8f7b83a000ad96b202dc1856b5bc7e037c42202c4b13fd8513282cb3266bd98

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"da1bfaf5b9a5d5249af65e27ebb919a2"
age: 1597788
cache-tag: F-158908370500,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: VEAX9fWieMYYNhVqWCbomDTge6S9M3q1
x-cache: RefreshHit from cloudfront
x-amz-cf-id: n-jAaNP8zZ1rWOyQBoMbKdMATOdyYOhREqt_H-ySciq-DN3ftWSarA==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158908370500,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: MQCM8WPYY6Y39DFG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158908370500,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: f3hn5SmOgtG1YkHrOBOSkszN4HUllV1v3bLBtx8zm0p+WZswLzb755R/Hn1Mr2RtQuJW2xPWwJTMGOLSBpZ0pw==
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 a5607d37f6322bee208b762f730550a0.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fe0d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092693

GET
H2 200 Icon-documentation.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 3 KB
2 KB 49ms
45ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-documentation.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27fb93766c76a5d272e97fc11d3437776f027072100ed7e4ec6502e0d6cde411

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"7c12404a19418a63d35ce3940cc5c9c3"
age: 1468455
cache-tag: F-158910637345,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: 5i0UGbG_NPiYVcAJI1GnjDez4oAC8ij9
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 3hFaTpjdWQKOkF0dWUV7Xfp6tKdzi5Yr8YFqqvxpSTfq4iTzVEtnVA==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910637345,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: NYBYPAGXG83HHFFJ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910637345,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: 2Zw+XBFy+sOoetGyABslNijY/VUwK0T1fw6XWCqDhYXMB2WhW4iXBqTam8zXVYWUyrRSalAHoM0=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 c0db8c417b5a375429fc7f3c54841604.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fe2d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092700

GET
H2 200 White%20Paper%2080x80.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/Other%20Icons/ 4 KB
2 KB 42ms
38ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/Other%20Icons/White%20Paper%2080x80.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d220322b68ad1cf5917c91f69fda406575fddebaa55577a28a208edfceea6b3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"76da894daede31a4588c8d0d045228a3"
age: 1655351
cache-tag: F-161751939157,FD-158910846042,P-14518100,FLS-ALL
x-amz-version-id: YzF8.dH8TryCxEooDRL13q9Zl5E66Kz3
x-cache: RefreshHit from cloudfront
x-amz-cf-id: axt3xHGPwjn5wP68wTS4MF1mfuqBi6LgfhTvpfYXt6um4c9SnScnTg==
content-type: image/svg+xml
last-modified: Fri, 22 Mar 2024 16:48:22 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-161751939157,FD-158910846042,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5YAFHRRNZ59PJ61F
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-161751939157,FD-158910846042,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: 3CDgBbG8A7hoqX0cNG+r3q2ixQCS8tOepAM+k2dDzYBX570SHu5leUwXFkW2qRPgIOoqAEQAvt8=
x-amz-meta-access-tag: public-indexable
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fe4d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P7
x-amz-meta-created-unix-time-millis: 1711126101419

GET
H2 200 Icon-About.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 3 KB
2 KB 69ms
66ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-About.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b0bdefd03a7be29b76622769769ffa627aa3121971ca40d0bba041ab57ed0de

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"1f35994888ad53f8a2ab0751bf27a146"
age: 1525521
cache-tag: F-158910232391,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: PAfbQQ7MEpQ7wL4BqI8.ypLX8Gb7k2PT
x-cache: RefreshHit from cloudfront
x-amz-cf-id: p_Yr0Zr67SjvarJm1Vcu5STrddmr8D9Kle2_IB4maPjn9N0Bgy88YQ==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910232391,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 9TV6MEW0TSTG893E
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910232391,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: Trt9qFPub9r+tvw2GH4GQoetxGGZJaoVzZ3/bcXEblmBSnQqDUECRWAH634H7K7IRquDfPxXE5Y=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 cce339e34372cea758a4181fcf4e7c14.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6fe5d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092712

GET
H2 200 Icon-Careers.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 2 KB
1 KB 42ms
39ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Careers.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0af3b1efbf93ea2e374669840b3866368d92207c75e5ee9ba9655b644df7d424

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"d143638e05d4db8c30294cf6b230a488"
age: 1525521
cache-tag: F-158908415830,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: 4sv0XXUML9Km4LzhJGle5huKDqGiKEWk
x-cache: RefreshHit from cloudfront
x-amz-cf-id: w9HUfLLTexVEnf3dF_-fnALp9S77DrbUG9lYShBkjkp5iz32bIN9bA==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158908415830,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: T3X8CJQ31Z26SGY8
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158908415830,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: ulVL509z/ze6Gk51cgZP4cnX+Eke5t8JtuaKIKtouEci5BzZ6d2xJ4d1Gp7M4F1mp6TxoBOqDZVdPUr1GqKgJrjhPrATc50SGG+pUX3ilPg=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6febd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092656

GET
H2 200 Icon-Incidident-Response%20Preparedness-II.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/ 6 KB
3 KB 51ms
48ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Incidident-Response%20Preparedness-II.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d3007e6fac9e8e04426f7763b3f67f21d261737b970dfbeef2902d6447b9671

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"6fe0438a0b40753c149ea118d3905071"
age: 212628
cache-tag: F-158910083642,FD-158918452139,P-14518100,FLS-ALL
x-amz-version-id: JOBbW4Jlu3_7TAcdFilE12BaiT22X8p_
x-cache: RefreshHit from cloudfront
x-amz-cf-id: UpXsMMihM6SU_4GPW6ZCy4LIK9gQH3ybXBhv1GuIO-ovxLtf5vtYLg==
content-type: image/svg+xml
last-modified: Thu, 29 Feb 2024 18:58:13 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-158910083642,FD-158918452139,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: A75JWAZV6QBVHCPB
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-158910083642,FD-158918452139,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: AWgxBsqgAZi1tOWAZCZNOXKEHEshviRrY1NLl6YAlQu9qt8Y81H7W7HOAxP8AJL6jF38+++J3cE=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 444bee00bd8f759506e806be3c13fa6c.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6feed298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1709233092799

GET
H2 200 a51b72aa-daa5-4df8-a061-1902834ccdb0.png
no-cache.hubspot.com/cta/default/14518100/ 1 KB
2 KB 195ms
161ms Image
image/png 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/14518100/a51b72aa-daa5-4df8-a061-1902834ccdb0.png

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55c43f9fdacec1f0cc9f2ebf763d397115c1fe7a2e2484dae1c6a7eebfde715b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

cf-cache-status: DYNAMIC
etag: "7c95df2b911501b5dcb0b188d85805d4"
x-amz-version-id: ZKsPlvq5bT6eKKMsbru9nNCgP4LuYb8v
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FSxzpaAK1laSkoXqmvDsRqNMJvBndS75Nix9p1m4WzbFwL902tBk2v%2FEezKiuQATsCwkUuhPTWnwieZJm5bEdGs%2FAzZOZm6LsR0Yt%2FnWA2gsUxvynmGjkgevTxIvx3Z3TBNEvOtQ"}],"group":"cf-nel","max_age":604800}
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: image/png
last-modified: Thu, 28 Mar 2024 19:24:29 GMT
x-amz-id-2: yUScuKnOmzpSrnxsc1N+X6etGY3YClN57oUqcbayaixYfsd/4mnkqNb76N4NYzbZmlhAmwN6+HXc++sXHVMMa/i/G17zMgmZ
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: T7DSY03WR5KVBRN3
cf-ray: 8f3f24ad9888d38d-FRA
accept-ranges: bytes
content-length: 1333
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 current.js Show response
www.cadosecurity.com/hs/cta/cta/ 19 KB
8 KB 52ms
51ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cadosecurity.com/hs/cta/cta/current.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f6e5a772649ae72f766174a853fb5e403ea5b24f50b604ac2530475af1a8208

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Response headers

x-request-id: bc15c6e0-216c-42de-b066-79c54077429b
content-encoding: br
cf-cache-status: HIT
etag: W/"b0928abe0d4cbd5b3e6717e0b0d3ddeb"
age: 417
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-amz-version-id: XkQXV__rLSX9HsSer6izlPk_QOOoa.4F
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tr7O2qQwwqpGbfQBhZJUMJJWwSkxPURLDDAkEBNmjKJgbl7UFVY8RF4wrCxfejRCP19DFE77alIdj2n5Y3ev6n%2FIKjxZZ9vjW0GyYPOjJCwZmrXpyOTDuLSjIg1S9blLVZbziQZl"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Eano4fl8FmNJOVcKqcKHkD-lsMkKOOIDjmVdJzPaUsS3NQ5Syi_ZAQ==
x-hubspot-correlation-id: bc15c6e0-216c-42de-b066-79c54077429b
content-type: application/javascript; charset=utf-8
last-modified: Wed, 11 Dec 2024 21:00:55 UTC
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-rmctf
x-envoy-upstream-service-time: 5
x-hs-target-asset: cta-embed-js/static-1.339/bundles/current.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: MISS
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.339/bundles/current.js&cfRay=8f3f1a7dd778d39e-FRA
via: 1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
cf-ray: 8f3f24ad6974dc85-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H3 200 jquery-1.7.1.js Show response
www.cadosecurity.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
33 KB 43ms
43ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cadosecurity.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"ddb84c1587287b2df08966081ef063bf"
age: 1068495
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J0PRJ4LwsdqRv5ilrUOVdqavF9schD8Ww0P3y4icEdEfl8f6Mbo1NSpF5w2sc%2F%2BpqVCe8b8JujNx0cctADNa1itq6auv2cQbkBjAkXPcv3NPb0ahRlvdwpjLeAC0BrZKYTNP4OPD"}],"group":"cf-nel","max_age":604800}
expires: Thu, 18 Dec 2025 12:26:47 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: gCZIwj0xNL-cuBT--HPPtNV6zcPYwPtwXI-MUvVSMZ66voIuQAGNeA==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
vary: accept-encoding
priority: u=2,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 81cb77eb84eee291ebbd90b4c274c1c4.cloudfront.net (CloudFront)
cf-ray: 8f3f24adca36dc85-FRA
x-amz-cf-pop: FRA60-P6
server: cloudflare

GET
H3 200 embed.js Show response
www.cadosecurity.com/hs/hsstatic/content-cwv-embed/static-1.1293/ 13 KB
5 KB 27ms
25ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cadosecurity.com/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f667e53d5752ee2e5759f3dfaf20d330"
age: 1765239
x-amz-version-id: AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gmt83rS0Q0VBh68aIg%2BV2i4yKmMcCozQf7%2BsyULClTr2gxTXzhVYlTSCDIKl4Vfi1%2FWIJHDjRtukp7oyQBe9k7jMvG4mWpY9W0J7mQ95r5SsAtKjgL1Fc0VISJ%2BAMXRo6YdaR4qS"}],"group":"cf-nel","max_age":604800}
expires: Thu, 18 Dec 2025 12:26:47 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: ufijAdh7jZmYDIilVZNlDc-L4WPUtC58cEv67ZqC7FE0XlKOuB3J6g==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 19:59:06 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5b90dc85-FRA
x-amz-cf-pop: FRA56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 main.min.js Show response
cdn2.hubspot.net/hub/14518100/hub_generated/template_assets/156174727468/1712250848645/cado-unified4-srw/js/ 797 B
2 KB 80ms
56ms Script
application/javascript 104.18.87.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/14518100/hub_generated/template_assets/156174727468/1712250848645/cado-unified4-srw/js/main.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.87.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73d3bb666001119af2712d92dd5091fd4b0ea404d19507fd734f6c604d8326b0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-request-id: 51bd0998-3226-41b7-8eb7-655fbc04c0fb
content-encoding: br
cf-cache-status: HIT
etag: W/"ac3480bbc9357d786dddfd629ff2f2ff"
age: 1569681
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qpL0mZq690ECWdGBQ%2BiYWZxcyAakHSAg6HixpSGZH9MJH%2FLBpMitFS0Yc7yIGayABKwfzNrsGkOfoYtVcJJWUFN%2FGwJzIvIYkhJeGf%2BK8PEz0sWCQBmZbEh%2BMOvMU7pyxxM%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
x-hubspot-correlation-id: 51bd0998-3226-41b7-8eb7-655fbc04c0fb
content-type: application/javascript; charset=utf-8
last-modified: Thu, 04 Apr 2024 17:14:09 GMT
priority: u=2,i=?0
x-amz-replication-status: PENDING
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-8lkkj
x-envoy-upstream-service-time: 222
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: cdn2.hubspot.net
cf-ray: 8f3f24ae387cdb06-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1712250848824

GET
H3 200 project.js Show response
www.cadosecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 45ms
44ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cadosecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"61ca66de658cab9587e4636894680d5d"
age: 1681996
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pR3WoN1BtqPTqacDz0%2BIB4m6lvPjABNhetCAQrVG3HksfIcL02wjPKVjWRjK6TskdDizwQJiBZSzH8Lg%2FqliR8JLOZbnNegGEdKe2TAE4LxIwIcfCC0gNjzURIL5ne0qJ8WQELvs"}],"group":"cf-nel","max_age":604800}
expires: Thu, 18 Dec 2025 12:26:47 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: xM6jST1Ie3RtZqFuOuQDP013VkVmH3ZttNygVHAQOgp6ce-TmY0clA==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
vary: accept-encoding
priority: u=2,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 9eb1733bea847c3a8f4910adebcc8146.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae4b70dc85-FRA
x-amz-cf-pop: FRA56-P8
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 jquery-3.5.1.min.js Show response
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/scripts/ 87 KB
32 KB 75ms
64ms Script
text/plain 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/scripts/jquery-3.5.1.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
age: 1664802
cache-tag: F-41071988237,FD-3074793432,P-302335,FLS-ALL
x-amz-version-id: k6mVShlsCPL6Bw2.XotbK.6zOwTpniPX
x-cache: RefreshHit from cloudfront
x-amz-cf-id: wjlClTUKhWXqU7d8PbR5WhVRn_B1ARNac_gYvNKlJghKE7tEApurWg==
content-type: text/plain
last-modified: Thu, 28 Jan 2021 19:36:23 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-41071988237,FD-3074793432,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5XBXG0ZQRK1WMT0A
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-41071988237,FD-3074793432,P-302335,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: zhW10ZsqNGRW8LkUjlEvKCResK0EGFc1aX55MuLVAHbLtap2JY86FVBy8nzqPj0vRz/UZ6p64hQ=
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 cce339e34372cea758a4181fcf4e7c14.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6ff5d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1611862582133

GET
H2 200 hubspot.search.min.js Show response
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/ 2 KB
2 KB 56ms
45ms Script
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/hubspot.search.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9f1175472edef5e7be3e8125c41be38fab67c60d3edd28af1b6c757af63ab61

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
content-encoding: br
cf-cache-status: HIT
etag: W/"71afe972353ce13c3525c78fc9fa568c"
age: 1667941
cache-tag: F-5858107093,FD-5858107060,P-302335,FLS-ALL
x-amz-version-id: fetlrSUrbTD9ubDQbm0B0gXX444eAKyS
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: wkeB2sjKdXTtXDCA9_kDnJcgUBV9OprQRUdAVcdzC1TG50PIvuLO8g==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Thu, 19 Mar 2020 15:58:09 GMT
vary: Accept-Encoding
x-amz-id-2: WMe8LbgF4UCsqr8IDvGSCXsDUBDXfIcw1YLgGxE88GhJxdZbQlGnLpZXv9YwkKoct0PcMrgWTToMKLDEdBTNuQ==
edge-cache-tag: F-5858107093,FD-5858107060,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6ff0d298-FRA
x-amz-request-id: PX4WDR8QTHB11H1W
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-5858107093,FD-5858107060,P-302335,FLS-ALL
x-amz-cf-pop: FRA56-P7
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 jquery.nb.offscreenMenuToggle.min.js Show response
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/ 1 KB
748 B 75ms
65ms Script
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/jquery.nb.offscreenMenuToggle.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d3df945eaf1645c7e2a2373180e9bd95cc26ef8e085a837aef024dae1348074

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"cc23767098d49289cee3d3e999a617af"
age: 1664220
cache-tag: F-5869737518,FD-5858107060,P-302335,FLS-ALL
x-amz-version-id: KkdHhA5iO4Ni6inY61t17A60DMqiAyaW
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: LpcQOOjDd2WIhg96s2rga7zcZFNxE_E3Pn4uUNXDmOpgoSoxvY2Cmw==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Thu, 04 Oct 2018 16:20:00 GMT
vary: Accept-Encoding
x-amz-id-2: 00BxB/cu8V5a/hs23J6LHHf6rPrRdN/mEOgKdXi/zby+KENL+UKCtyKaFkA3NXYNW4FFv9sAwpg=
edge-cache-tag: F-5869737518,FD-5858107060,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 85310f8b6878a9cfaa0218e021ae364e.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6ff3d298-FRA
x-amz-request-id: SE5BRE9JBBDPH5PW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-5869737518,FD-5858107060,P-302335,FLS-ALL
x-amz-cf-pop: FRA56-P7
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3

GET
H2 200 aos3.min.js Show response
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/ 13 KB
5 KB 67ms
57ms Script
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/aos3.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd1f9acf13b12f189da475e0f23c7c505767859ab620aac636964974093c281d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"aa20b6e0418d20fb86b071e670b2b207"
age: 131638
cache-tag: F-9277021238,FD-5858107060,P-302335,FLS-ALL
x-amz-version-id: k_IhJKZGVqC3YzQ7q0m7vEPdNq2gxyxc
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: -q4UA-JT7r9md2guFxWO5mxaAPserIWVJAZJ99IHt_dxQbMrDMe1Yg==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Wed, 01 May 2019 21:50:41 GMT
vary: Accept-Encoding
x-amz-id-2: YJ6VuNyNXg9i9r83+bcIs4T2s7IIdqcH+SNcU0qWcHXbJ5lbEKslI28aK/IuzDr62z8aVxw9MP18IylBJdl7clFesFgjZx9E
edge-cache-tag: F-9277021238,FD-5858107060,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 dc929648f0c936ae1fcea0675ad0382c.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6ffcd298-FRA
x-amz-request-id: ZAXZQFB1WCDKP4RM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-9277021238,FD-5858107060,P-302335,FLS-ALL
x-amz-cf-pop: FRA60-P7
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3

GET
H2 200 lazyload.min.js Show response
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified-assets/ 7 KB
3 KB 136ms
126ms Script
text/plain 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified-assets/lazyload.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6a23e6a3399b52a5576c28b2236b48953949793fc17f2c733d35b084d7a0085

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"b0d8af1a805c07d107bf35782c007bf5"
age: 1764616
cache-tag: F-45425856614,FD-45425602351,P-302335,FLS-ALL
x-amz-version-id: qzdXDUHiY06lkuk.s3HS4mn9TkOJ6hIo
x-cache: Miss from cloudfront
x-amz-cf-id: FMHCvTWlUmDrlPoYzWt1fNZLk50VaGZ0QHqAgwuR1MPumAa1OCGRbw==
content-type: text/plain
last-modified: Mon, 19 Apr 2021 14:04:26 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-45425856614,FD-45425602351,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 1ZV127APF86D8M0K
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-45425856614,FD-45425602351,P-302335,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: RX1gkN6O3+rMqx10zREzuqTnyD82EUdurbELmirDEJaf3cBWga1Xd1dQolUox22TPCVdeHEW/gk=
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 96f7375d4633bdc30f727db82897e3b4.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6ff8d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1618839039176

GET
H2 200 js.cookie.min.js Show response
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/ 2 KB
1 KB 91ms
81ms Script
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/js.cookie.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2733c64f5330ed7809768c11e5a7319b7c597de9e7967aeb65da0accfa0a3ca5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"ac440c53ca8fc308c3146a1a4c08170b"
age: 1242814
cache-tag: F-5858584731,FD-5858107060,P-302335,FLS-ALL
x-amz-version-id: auZfhc_pHEMBe0hQ4ImHvVwJcWYZz0sp
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: _MrTBrDdlOcOLo2YkjMsVM0laRgIWTJUDDp2ctHGvo3pLFSh20_rTA==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Thu, 07 Jun 2018 12:34:34 GMT
vary: Accept-Encoding
x-amz-id-2: Nj8de71MfPaZ70LgMZLT/aUTfz/YhMih4SM4gFnkix7RKl5LCiBtitMUzNiplHY+8vzfqNIY7hM=
edge-cache-tag: F-5858584731,FD-5858107060,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae6ffad298-FRA
x-amz-request-id: MZFQPNJK7FZ3H7TY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-5858584731,FD-5858107060,P-302335,FLS-ALL
x-amz-cf-pop: FRA60-P7
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3

GET
H2 200 hc-sticky.js Show response
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/ 11 KB
5 KB 63ms
62ms Script
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/hc-sticky.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e81ec842ce9e89a5d8de9507f870b9e12dde8debab84e7897e97c66348f51d8e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
content-encoding: br
cf-cache-status: HIT
etag: W/"d1de90f78c73200a034318be55ac7142"
age: 1747489
cache-tag: F-28930413774,P-302335,FLS-ALL
x-amz-version-id: ei.WqwbNF48r08JRZ2lFb8l6EbhilFLG
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: Y78pwjY3LxZ_yJ-aorWIboCa2LENS7o2bVvDDBg9TzmzRvi1u_4rLA==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Wed, 29 Apr 2020 17:35:50 GMT
vary: Accept-Encoding
x-amz-id-2: 8o61oDAmwgdJAJHK7LujWrGjLy7nAbf8r6pcti2HafER3PT154vZAl04siZVVYFkOAgTuYWQVUI=
edge-cache-tag: F-28930413774,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-ray: 8f3f24aeb89dd298-FRA
x-amz-request-id: 95M6651T12D9B17T
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-28930413774,P-302335,FLS-ALL
x-amz-cf-pop: FRA60-P7
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 module_156175596464_u4m-header.min.js Show response
14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675367793/ 734 B
1 KB 40ms
33ms Script
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675367793/module_156175596464_u4m-header.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fae5b4778681683248b32b03a4f5b090d12debfa92545cb3779fa761ed998cad

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-request-id: 03eac0ad-8a39-44dd-8ae3-2f786729b29d
content-encoding: br
cf-cache-status: HIT
etag: W/"28e603e07a780bb1bc249a0a928b1225"
age: 656421
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: 03eac0ad-8a39-44dd-8ae3-2f786729b29d
content-type: application/javascript; charset=utf-8
last-modified: Fri, 11 Oct 2024 19:36:08 GMT
vary: Accept-Encoding
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6dc5b9b5cd-tfwpd
x-envoy-upstream-service-time: 174
cf-ray: 8f3f24ae5fc4d298-FRA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-meta-created-unix-time-millis: 1728675367793
x-amz-server-side-encryption: AES256

GET
H3 200 14518100.js Show response
www.cadosecurity.com/hs/scriptloader/ 2 KB
2 KB 192ms
189ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cadosecurity.com/hs/scriptloader/14518100.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ce08721b330886faa0dd2a1fb04cd9263fe66cfc4148d604d2fdaf2c2918b6c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fnAcvic0kcWyDJYs%2F4vjmkSQuxTS8DGaziv4VTCAkO%2B8fx8zjHtoSMsqZAPQgP%2FpJg5o6Cs3bFY0PYri8ABRxa%2FVQ1149nauvr%2BirW76V5FpSMKsflPK3%2B4cjiGFSpHuFeMEe5GT"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 18 Dec 2024 12:28:17 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: 80768f1d-00b3-4efd-8700-8fd079d0d8b1
content-type: application/javascript;charset=utf-8
last-modified: Wed, 18 Dec 2024 12:26:47 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=90
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8f3f24ae5b94dc85-FRA
accept-ranges: bytes
access-control-allow-origin: https://www.cadosecurity.com
content-length: 672
server: cloudflare

GET
H3 200 index.js Show response
www.cadosecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 34ms
32ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cadosecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3ef0deda0631561665e95645daf500a2"
age: 1766122
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LeUO2MpN3DU3zumjZBkBSktIL41sCX9F8YD8qUk%2FoaiZyZ%2BU9GhYzzFRnD%2FnoV7l%2FpyC9ASPCVpLSTjaV1HtoCYz%2BQjIGLm2PAKYKx8YPTCvY1FE%2BbdA2o0rGzaALfggkqhQMI6P"}],"group":"cf-nel","max_age":604800}
expires: Thu, 18 Dec 2025 12:26:47 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: pLHU5Mgb95F-WmxzYxsbad_vNbz8gH1Bz35y4KU3oN9epXKxOc09WA==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae5b96dc85-FRA
x-amz-cf-pop: FRA56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 css2
fonts.googleapis.com/ 10 KB
1 KB 47ms
18ms Stylesheet
text/css 142.250.181.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap

Requested by

Host: 14518100.fs1.hubspotusercontent-na1.net
URL: https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/template_assets/156178194464/1728675369609/cado-unified4-srw/css/styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f10.1e100.net

Software

ESF /

Resource Hash

dae65e43ce0ffcb9722f0ac5dc5a774548f0134883a1e046b981aed48b69dfa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://14518100.fs1.hubspotusercontent-na1.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 18 Dec 2024 12:26:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Wed, 18 Dec 2024 11:30:15 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 hotjar-5172881.js Show response
static.hotjar.com/c/ 13 KB
6 KB 92ms
57ms Script
application/javascript 18.66.102.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-5172881.js?sv=6

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-106.fra56.r.cloudfront.net

Software

Resource Hash

107c4a6a25d7beee9180e789ac410bb46c1bc2b104b70d17170513dc224b365c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/f010feb4ba96867b6716f7253b30a517
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-id: BP9roRNMRLveUt8ke5315SJg7jAbHAL4NMt4QS6cIE2eo-0vqDFbqg==
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P2

GET
H2 200 nav-arrow.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Icons/ 747 B
942 B 62ms
62ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Icons/nav-arrow.svg
Requested by: Host: 14518100.fs1.hubspotusercontent-na1.net
URL: https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675368615/module_156175596464_u4m-header.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df0f4d380d3f3768c75d4c7b7c7d4949d79664ab1ba55b6f3863a0f8a40c6eae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675368615/module_156175596464_u4m-header.min.css

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"a9d8533923bed31d8fcbb3fce76a6abc"
age: 1653307
cache-tag: F-156961486664,FD-156067523339,P-14518100,FLS-ALL
x-amz-version-id: Qet9.6yn2Y1yAkVO5ZWBhog4NMIJjMLJ
x-cache: RefreshHit from cloudfront
x-amz-cf-id: qqbLD3FUe2e7vj-kgaiJs5unuwCoxplld5Y51hjWsEDexN2U0QHQaA==
content-type: image/svg+xml
last-modified: Wed, 14 Feb 2024 23:45:30 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156961486664,FD-156067523339,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 25HDQP9RHJPBMS0C
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-156961486664,FD-156067523339,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: Kh7cMuuP0QErQdA5lG9O2Z2Mim8OXkSkpy6awogxfHJr45PdmXoQiIz1MidlSMG6fc0muAm1daI=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 d0a36dbd6f5cc87855296f2852cab3ec.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae8831d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1707954329605

GET
H3 200 UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
fonts.gstatic.com/s/inter/v18/ 47 KB
47 KB 35ms
9ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cadosecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 523929
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 12 Dec 2025 10:54:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 12 Dec 2024 10:54:38 GMT
last-modified: Mon, 29 Jul 2024 22:51:01 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48444
x-xss-protection: 0
server: sffe

GET
H2 200 fa-solid-900.woff2
pro.fontawesome.com/releases/v5.13.0/webfonts/ 138 KB
139 KB 25ms
21ms Font
font/woff2 172.64.147.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.13.0/webfonts/fa-solid-900.woff2
Requested by: Host: pro.fontawesome.com
URL: https://pro.fontawesome.com/releases/v5.13.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.188 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e77c7e1c8f859611d1200ee9a75eadbce02664f28a53b05807233e88deb82f65

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cadosecurity.com
Referer: https://pro.fontawesome.com/releases/v5.13.0/css/all.css

Response headers

access-control-max-age: 3000
cf-cache-status: HIT
etag: "16e9dbeb2afd22d5cf0e7eeb2b2879ae"
age: 1683863
access-control-allow-methods: GET
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: font/woff2
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 28 Jun 2021 17:11:03 GMT
x-amz-id-2: ixToJ/avbXeXdMwK1c3CimmzpAa/K9/+jLRlJulhj57+X73GulD7JOStWzBxvewoBCMLRyiiO1Y=
cache-control: max-age=31556926
x-amz-request-id: AGCM56QWAX64KTR0
cf-ray: 8f3f24ae8badd281-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 141600
server: cloudflare

GET
H2 200 x-icon.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/ 1022 B
1 KB 53ms
48ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/x-icon.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1599f3afb38159747321c90effb85d55a081b3ab988a6b88f2cefaf3007cbac5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"c2418937b013bba2437b41b806d24d57"
age: 80881
cache-tag: F-156299542173,FD-156298948201,P-14518100,FLS-ALL
x-amz-version-id: HKGb0iH35wUTYG7j1b3OTgyudPwsa6sj
x-cache: RefreshHit from cloudfront
x-amz-cf-id: o_kE3SqDXtuyfz6VKuMRka_4Ifv7tVD6eviEEZOBp6GLlKGscPCYpQ==
content-type: image/svg+xml
last-modified: Fri, 09 Feb 2024 16:40:14 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156299542173,FD-156298948201,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: VWCF9NSK0D6PRKXG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-156299542173,FD-156298948201,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: uFjPwHb4lJWs/skP5aYgyW7pl9xtE4E4anh3JY8wlXHXDOxVquc/ZsCbsTwdrgAq16NYCo4CkcI=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae8849d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1707496813469

GET
H2 200 LinkedIn_Logo.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/ 2 KB
2 KB 65ms
61ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/LinkedIn_Logo.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d41e5caed51366e3e46b16eaa7ce6a96e7d3eb9e56ca2e0f4c47cf17f4b58c82

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"0ca7223d62f06026168bc0a2750b847e"
age: 469022
cache-tag: F-156299539826,FD-156298948201,P-14518100,FLS-ALL
x-amz-version-id: qEWZ5S71Pe.alVjN_tZBuOKzYKCdibzB
x-cache: RefreshHit from cloudfront
x-amz-cf-id: NlsvBFw0U-3tsukZGksnKEUVD1Iqsr6Tu9O-M7e3UxCaDWIhHFHr0A==
content-type: image/svg+xml
last-modified: Fri, 09 Feb 2024 16:40:21 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156299539826,FD-156298948201,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: TWRR8XREWKZDN2M9
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-156299539826,FD-156298948201,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: Ms4VZgAV8uXe7D9NgBjWGot18FKcwwUt+Z5V8ZhjWJfNdrEBvB342VWaNjrzixVEu9AOtnl3X6Y=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 6f96bffb0fb4e0384ddc6d7ba8a95776.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae884dd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: DFW57-P8
x-amz-meta-created-unix-time-millis: 1707496820175

GET
H2 200 Amazon_icon.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/ 259 KB
146 KB 46ms
42ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/Amazon_icon.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9dd7f4c167731d38a9e903442c06cefc76d16f5c93625e6b7460c5164845c0e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"1f382e8132f0d34b8427d4f6ddfd999a"
age: 1653299
cache-tag: F-156300364455,FD-156298948201,P-14518100,FLS-ALL
x-amz-version-id: Mgc0J.c6okUIv9RsrpXFybn16KKplB7d
x-cache: Miss from cloudfront
x-amz-cf-id: n8ihInWJ74HFaU0nFRo5kucW7OI6QyWJbkgecH5WkSgnfX5HSFbAmg==
content-type: image/svg+xml
last-modified: Fri, 09 Feb 2024 16:40:28 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156300364455,FD-156298948201,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: AAR55AHCATV9TRFW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-156300364455,FD-156298948201,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: PlkIR5Jw8mT9d2BaSOX9sCPmNkQn8v3eQ9+IWFqiXmKAEgg3Tt/kM5qX4j+XdgidwLq4ujZhGIM=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae884ed298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1707496827626

GET
H2 200 github-mark.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/ 2 KB
2 KB 29ms
25ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/github-mark.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93426aa30ced1f240188e241c31e1584fc77d70693fcc35647f3044a26a9a916

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"c2907e9869a8e0fc496dc60a81e177df"
age: 454021
cache-tag: F-156298225985,FD-156298948201,P-14518100,FLS-ALL
x-amz-version-id: ufBlbRj2re9PszzKjXwBjU72enM2wosS
x-cache: Miss from cloudfront
x-amz-cf-id: K24BMsmNe7xHfkiG4ozT0gi9yW3VI5rq4zxbovcUwHJ-m2DOVsyAEA==
content-type: image/svg+xml
last-modified: Fri, 09 Feb 2024 16:40:21 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156298225985,FD-156298948201,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: PJA4F5NFMFDGHS7T
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-156298225985,FD-156298948201,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: zuJduv0U8zOOk6xvlC6r6irGn8aZ+jCcmKEvvA5hDbWun/dZlC3D+S43iwyFU0q17jyOJJjDLEmMUwLObQ0AtQ==
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 dc468f8259c800daf36aec7b41b2dac8.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae884fd298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1707496820074

GET
H2 200 azure-logo-white-circle-1-600x600.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/ 4 MB
3 MB 52ms
49ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/azure-logo-white-circle-1-600x600.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1c793ceffc96e452c70a2ed457a6ad0e824a919ab78166550f9055603527528

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"30f109734438653292ba927d452bbbd5"
age: 1758386
cache-tag: F-156298782295,FD-156298948201,P-14518100,FLS-ALL
x-amz-version-id: VnD02ne5sqbAy3nQrcylZH8EK6ed25Cc
x-cache: Miss from cloudfront
x-amz-cf-id: 7f7rq9cPrzflaZgsWql45RUIk-DMXR0vr61EIoWZ92MeH6-8VsF9Tg==
content-type: image/svg+xml
last-modified: Fri, 09 Feb 2024 16:40:33 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156298782295,FD-156298948201,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 9CEDRV82098ER78G
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-156298782295,FD-156298948201,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: qEpsT+MfE9b2T76CgSxpIHh/orPEkCCch8lYgbZh/2VmdwSPUzw31EPWXaYmcunUL3tYf84aYIo=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae8851d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P7
x-amz-meta-created-unix-time-millis: 1707496832516

GET
H2 200 google-cloud-icon-2048x1646-7admxejz.svg
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/ 222 KB
143 KB 31ms
28ms Image
image/svg+xml 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/google-cloud-icon-2048x1646-7admxejz.svg
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a066e8552c97a69b523cbde8c360f93c2861d26d6781a45a8e59f545d5686b82

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"27b3b45e1b2855ab28b3d4ec25dd1430"
age: 1468454
cache-tag: F-156294104433,FD-156298948201,P-14518100,FLS-ALL
x-amz-version-id: TCTvWY9MtVRuyYqEVoiadH83us5c7wH9
x-cache: RefreshHit from cloudfront
x-amz-cf-id: _KmFnEemu7JobiZQHwsvwSPdn5j2BlcvyUEY3H8zQUvhqedExQlgFg==
content-type: image/svg+xml
last-modified: Fri, 09 Feb 2024 16:40:21 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156294104433,FD-156298948201,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: HNQPQ0YASTQ306XQ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-156294104433,FD-156298948201,P-14518100,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Accept-Encoding
x-amz-id-2: toDS3DGypI4UzIrWCYWuvYiHf3PI48VUXdmjJiUacefH4GQveh7BUQf1hev4I4rywxtaaMBy2ng=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
cf-ray: 8f3f24ae8852d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: VIE50-P1
x-amz-meta-created-unix-time-millis: 1707496820501

GET
H2 200 modules.60031afbf51fb3e88a5b.js Show response
script.hotjar.com/ 223 KB
56 KB 66ms
14ms Script
application/javascript 13.33.187.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.60031afbf51fb3e88a5b.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-5172881.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-19.fra60.r.cloudfront.net

Software

Resource Hash

e38338484d969872e570a554c807dab4a79233b82d64a7cb7028fb459123d44a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: none
content-encoding: br
etag: "b4a1a7933e55e780894c3f39b1aca0b4"
age: 2140
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: Zd0c9BDp-lAwRuj77AGzojS774NABEvfhsgdM-L1kFW66GFVDfP7Aw==
date: Wed, 18 Dec 2024 11:51:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 18 Dec 2024 11:50:24 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 6b284415724869adc9db63c19e48e420.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56408
x-amz-cf-pop: FRA60-P9

GET
H2 200 hubspot.search.min.js
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/ 2 KB
677 B 74ms
72ms Other
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/hubspot.search.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9f1175472edef5e7be3e8125c41be38fab67c60d3edd28af1b6c757af63ab61

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: fetlrSUrbTD9ubDQbm0B0gXX444eAKyS
age: 1667941
cache-tag: F-5858107093,FD-5858107060,P-302335,FLS-ALL
etag: W/"71afe972353ce13c3525c78fc9fa568c"
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: wkeB2sjKdXTtXDCA9_kDnJcgUBV9OprQRUdAVcdzC1TG50PIvuLO8g==
date: Wed, 18 Dec 2024 12:26:47 GMT
last-modified: Thu, 19 Mar 2020 15:58:09 GMT
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: WMe8LbgF4UCsqr8IDvGSCXsDUBDXfIcw1YLgGxE88GhJxdZbQlGnLpZXv9YwkKoct0PcMrgWTToMKLDEdBTNuQ==
edge-cache-tag: F-5858107093,FD-5858107060,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
cf-ray: 8f3f24af49e8d298-FRA
x-amz-request-id: PX4WDR8QTHB11H1W
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-5858107093,FD-5858107060,P-302335,FLS-ALL
x-amz-cf-pop: FRA56-P7
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 jquery.nb.offscreenMenuToggle.min.js
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/ 1 KB
422 B 122ms
121ms Other
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/jquery.nb.offscreenMenuToggle.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d3df945eaf1645c7e2a2373180e9bd95cc26ef8e085a837aef024dae1348074

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: KkdHhA5iO4Ni6inY61t17A60DMqiAyaW
age: 1664220
cache-tag: F-5869737518,FD-5858107060,P-302335,FLS-ALL
etag: W/"cc23767098d49289cee3d3e999a617af"
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: LpcQOOjDd2WIhg96s2rga7zcZFNxE_E3Pn4uUNXDmOpgoSoxvY2Cmw==
date: Wed, 18 Dec 2024 12:26:47 GMT
last-modified: Thu, 04 Oct 2018 16:20:00 GMT
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: 00BxB/cu8V5a/hs23J6LHHf6rPrRdN/mEOgKdXi/zby+KENL+UKCtyKaFkA3NXYNW4FFv9sAwpg=
edge-cache-tag: F-5869737518,FD-5858107060,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 85310f8b6878a9cfaa0218e021ae364e.cloudfront.net (CloudFront)
cf-ray: 8f3f24af8a61d298-FRA
x-amz-request-id: SE5BRE9JBBDPH5PW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-5869737518,FD-5858107060,P-302335,FLS-ALL
x-amz-cf-pop: FRA56-P7
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3

GET
H2 200 js.cookie.min.js
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/ 2 KB
416 B 118ms
117ms Other
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/js.cookie.min.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2733c64f5330ed7809768c11e5a7319b7c597de9e7967aeb65da0accfa0a3ca5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: auZfhc_pHEMBe0hQ4ImHvVwJcWYZz0sp
age: 1242814
cache-tag: F-5858584731,FD-5858107060,P-302335,FLS-ALL
etag: W/"ac440c53ca8fc308c3146a1a4c08170b"
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: _MrTBrDdlOcOLo2YkjMsVM0laRgIWTJUDDp2ctHGvo3pLFSh20_rTA==
date: Wed, 18 Dec 2024 12:26:47 GMT
last-modified: Thu, 07 Jun 2018 12:34:34 GMT
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: Nj8de71MfPaZ70LgMZLT/aUTfz/YhMih4SM4gFnkix7RKl5LCiBtitMUzNiplHY+8vzfqNIY7hM=
edge-cache-tag: F-5858584731,FD-5858107060,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront)
cf-ray: 8f3f24af8a64d298-FRA
x-amz-request-id: MZFQPNJK7FZ3H7TY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-5858584731,FD-5858107060,P-302335,FLS-ALL
x-amz-cf-pop: FRA60-P7
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3

GET
H2 200 hc-sticky.js
302335.fs1.hubspotusercontent-na1.net/hubfs/302335/ 11 KB
394 B 117ms
117ms Other
application/javascript 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/hc-sticky.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e81ec842ce9e89a5d8de9507f870b9e12dde8debab84e7897e97c66348f51d8e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: ei.WqwbNF48r08JRZ2lFb8l6EbhilFLG
age: 1747489
cache-tag: F-28930413774,P-302335,FLS-ALL
etag: W/"d1de90f78c73200a034318be55ac7142"
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: Y78pwjY3LxZ_yJ-aorWIboCa2LENS7o2bVvDDBg9TzmzRvi1u_4rLA==
date: Wed, 18 Dec 2024 12:26:47 GMT
last-modified: Wed, 29 Apr 2020 17:35:50 GMT
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: 8o61oDAmwgdJAJHK7LujWrGjLy7nAbf8r6pcti2HafER3PT154vZAl04siZVVYFkOAgTuYWQVUI=
edge-cache-tag: F-28930413774,P-302335,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 302335.fs1.hubspotusercontent-na1.net
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-ray: 8f3f24af8a67d298-FRA
x-amz-request-id: 95M6651T12D9B17T
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-28930413774,P-302335,FLS-ALL
x-amz-cf-pop: FRA60-P7
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
378 B 161ms
153ms XHR
text/plain 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=14518100

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-request-id: 6c4c7e1d-f5a2-41d5-99a7-9baabb8ef8dc
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods: GET
x-content-type-options: no-sniff
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: 6c4c7e1d-f5a2-41d5-99a7-9baabb8ef8dc
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8f3f24af4bc8d38d&resource=unknown"
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-mglm2
x-envoy-upstream-service-time: 3
access-control-allow-credentials: true
cf-ray: 8f3f24af4bc8d38d-FRA
access-control-allow-origin: https://www.cadosecurity.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 2 KB
2 KB 130ms
121ms XHR
application/json 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.cadosecurity.com%2F404&pageId=null&pid=14518100&sv=cta-embed-js-static-1.339&rdy=1&cos=1&df=t&pg=a51b72aa-daa5-4df8-a061-1902834ccdb0&pg=a51b72aa-daa5-4df8-a061-1902834ccdb0

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42bdf17817337679f2bc3debacda2eeb47b03fd001844f66780eb4553bd8661f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: e1a3d71b-c116-4ccf-9077-04780411cf9a
access-control-expose-headers: X-Origin-Hublet
content-encoding: gzip
cf-cache-status: DYNAMIC
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wyp%2FEsL8fgD%2BmMAJvzf2aN%2BNYdS%2BRMZ8V4DrARLAcFj9vJnrbIIfBjNUfFxVqGU%2B6tWsImcpy9dLi0n0EPn9ei2Qs2GRJwfJ0Kuk1EDaCPcL%2FeU2ga7chmv%2Bup2rgg9BDMuZETdTYTQIHAtxrEI%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: e1a3d71b-c116-4ccf-9077-04780411cf9a
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-q5dzg
x-envoy-upstream-service-time: 15
access-control-allow-credentials: true
cf-ray: 8f3f24af7c04d38d-FRA
access-control-allow-origin: https://www.cadosecurity.com
x-evy-trace-route-configuration: listener_https/all
content-length: 903
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/14518100/ 76 KB
28 KB 72ms
27ms Script
text/javascript 172.64.147.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/14518100/banner.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd2a6252bf6e8bdc668078879ace479db7a570820190e026a771413288dc7047

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 7440fef0-11ec-427c-bfc2-bcdaf2014abb
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"13ff4274ed4752d2258a098ce1820797"
x-amz-version-id: x0Ol8f0S3Du9E.jhAISs_79Opdifggq4
age: 240
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Wed, 18 Dec 2024 12:27:47 GMT
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: 7440fef0-11ec-427c-bfc2-bcdaf2014abb
content-type: text/javascript; charset=UTF-8
last-modified: Thu, 24 Oct 2024 22:13:37 GMT
vary: origin, Accept-Encoding
x-amz-id-2: iUu49kLxnC7wLS87D8LOu8zj3uVX7MaHt4Y5MJnEw0ccS8YDkRCj46xC30Hdxi2L7gSN9Cyqe9E=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-ms9ss
x-envoy-upstream-service-time: 58
access-control-allow-credentials: true
x-amz-request-id: D3HHW9JPDCFVY50D
cf-ray: 8f3f24b01ca29760-FRA
access-control-allow-origin: https://www.cadosecurity.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 53ms
16ms Script
application/javascript 104.17.223.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.223.152 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6271d19b3478ba89cc7d60e6648a2342d8e206e4a0aaeed7d858c2f1878eadaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: bc5fe915-5412-4fd7-bc27-634e6d4acc4e
content-encoding: gzip
cf-cache-status: HIT
etag: W/"56c0f93a11c652a7e7fe26a6da5ccc92"
x-amz-version-id: uN2oXrhGy6PkMAvTlaVsJl.LQblHg5rY
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 347
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: ViSZTLCi29VJGE2mAAka-t0325p6-mv12-plICwZHvN2aRY0JVGrEQ==
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: bc5fe915-5412-4fd7-bc27-634e6d4acc4e
content-type: application/javascript; charset=utf-8
last-modified: Tue, 17 Dec 2024 15:08:46 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-56k8s
x-envoy-upstream-service-time: 1
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.994/bundles/pixels-release.js&cfRay=8f37e365ef5f9012-WAW
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
cf-ray: 8f3f24b00d39d269-FRA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.994/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 70 KB
25 KB 161ms
125ms Script
application/javascript 104.16.107.254
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.107.254 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1764bc84ea6abe91f1634b73a5a6c0ebff400461dfea6a4040bd0c03d86caa8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cadosecurity.com
Referer: https://www.cadosecurity.com/

Response headers

x-request-id: 43f04528-f909-4a35-805b-370e62a53010
content-encoding: gzip
cf-cache-status: EXPIRED
x-amz-version-id: 8IiNiFnnn0n9avBP.k8Mr32sZxpD8Dx_
etag: W/"ceb8bcb73e5536d8416735a3977d227a"
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ehqtyZmPxMKiFK19KeIP-XhqYoaPKTHgsEYGRjhXPctzl1aF6l_S6Q==
x-hubspot-correlation-id: 43f04528-f909-4a35-805b-370e62a53010
content-type: application/javascript; charset=utf-8
last-modified: Mon, 09 Dec 2024 13:03:17 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-fndvb
x-envoy-upstream-service-time: 9
x-hs-target-asset: collected-forms-embed-js/static-1.1112/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.1112/bundles/project.js&cfRay=8f3f24b00e919106-FRA
via: 1.1 3203c4b5504fa019a752072f0419ef6a.cloudfront.net (CloudFront)
cf-ray: 8f3f24b00e919106-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 211ms
174ms Script
application/javascript 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

674d5ab1e2c5a783115e67fabc4805ac2e8a83d48eb6a1ad3535c23a959a1801

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cadosecurity.com
Referer: https://www.cadosecurity.com/

Response headers

x-request-id: bb5af17a-3948-49e4-9297-06611589d344
content-encoding: gzip
cf-cache-status: EXPIRED
etag: W/"03686003e4860757c17ae65c11ab8ea4"
x-amz-version-id: _83IngeMtzUuERab6QgcByX86005NyG0
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NRseADU0xlny3Cm17TefQsNuuleqEQTh%2B34NnZQ26AfwQ8AyECFuAJzk2Y9pYQbUgkNQEGbnkEAKBjXyvGjOxr5RVZO9iaSDBE0ErMXzgmGmD95ryq0swaybx7zsH8lv"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: KDuGuNxsLfw6L64Kq5QvG_j9995HNtq_BWSO9GBgknUbMVD3BfAPPA==
x-hubspot-correlation-id: bb5af17a-3948-49e4-9297-06611589d344
content-type: application/javascript; charset=utf-8
last-modified: Fri, 13 Dec 2024 12:10:35 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-vd947
x-envoy-upstream-service-time: 2
x-hs-target-asset: web-interactives-embed/static-2.1996/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Wed, 18 Dec 2024 12:26:47 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1996/bundles/project.js&cfRay=8f165ebf694f18d6-WAW
via: 1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront)
cf-ray: 8f3f24b00984a06a-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 14518100.js Show response
js.hs-analytics.net/analytics/1734524700000/ 68 KB
25 KB 224ms
189ms Script
text/javascript 104.16.160.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1734524700000/14518100.js
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.160.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db8220aa806f038bc79764cf7aacc7d47848381130b9859a8aff8b346ee97126

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 4f5a4c6d-f571-4a82-9371-3961ccba0302
content-encoding: gzip
cf-cache-status: MISS
etag: W/"5ee937e834ce90a916725df4df1e2e95"
x-amz-version-id: null
expires: Wed, 18 Dec 2024 12:31:47 GMT
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: 4f5a4c6d-f571-4a82-9371-3961ccba0302
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:56:30 GMT
vary: origin, Accept-Encoding
x-amz-id-2: rbvXP7oj68WSpZrZyS3CCUwy7I7dtq0F/G15Y4wTwD2e4u70if0054xnuySPGJ7gOweZhI2Kn4Mm0XCqIBY3MH4/42U4YxH9cmzHJQdXMmw=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-ds2fh
x-envoy-upstream-service-time: 32
access-control-allow-credentials: false
x-amz-request-id: T7DKQVEB58XSQNQ7
cf-ray: 8f3f24b00da337e6-FRA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 204 5172881 Show response
vc.hotjar.io/sessions/ 0
232 B 93ms
36ms XHR
text/plain 18.66.112.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/5172881?s=0.25&r=0.03866872641909236
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.60031afbf51fb3e88a5b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-79.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

via: 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
access-control-allow-origin: *
cache-control: no-store
x-cache: Miss from cloudfront
x-amz-cf-id: FhDvIw-fKMfFkDW79QmwbJFau5kZsPqeUpP1Tg2R9PmKmUtqjJpo5g==
date: Wed, 18 Dec 2024 12:26:47 GMT
x-amz-cf-pop: FRA56-P5

GET
H3 200 cta-loaded.js Show response
www.cadosecurity.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 179ms
179ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cadosecurity.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=14518100&pg=a51b72aa-daa5-4df8-a061-1902834ccdb0&lt=1734524807407&dt=1734524807413&at=1734524807716&an=1

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Response headers

x-robots-tag: noindex, follow
x-request-id: eb4e4597-fa1c-4d46-aa7a-55b5cf254cf2
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bt74MKjWq9XOSN1F7UCsb5ykGH6RBhTFIAl1VkXJCkYaVCQo998KQGV1Rzz2XPrhiEKzEGcUqAI7F4c3HJ4SR9FoDzjJng2foFbIf85xok%2FKfUGgKHTYhQQHqU7WP%2Bg7aZXbU6XS"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: eb4e4597-fa1c-4d46-aa7a-55b5cf254cf2
content-type: application/javascript;charset=utf-8
last-modified: Wed, 18 Dec 2024 12:26:47 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-rl5ch
cf-ray: 8f3f24b0482ddc85-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
www.cadosecurity.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 135ms
134ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cadosecurity.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=14518100&pg=a51b72aa-daa5-4df8-a061-1902834ccdb0&lt=1734524807407&dt=1734524807413&at=1734524807717&an=1

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Response headers

x-robots-tag: noindex, follow
x-request-id: 13956f94-c423-4a48-ace0-700a4b152be3
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pE6ANFyIs4r3e5VlXqShGc%2BqXo39UvpllrL5f75N4gUwpaVbpQ3Mgg2EqUwixO2th%2FnyL%2BDC%2FGb7zYm%2BF5gv9arBgiiZbhABOaevBRDGS4BzwnQ5L7Ts21dHOoBWerILe0SBgZ3K"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: 13956f94-c423-4a48-ace0-700a4b152be3
content-type: application/javascript;charset=utf-8
last-modified: Wed, 18 Dec 2024 12:26:47 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 4
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-b9zv5
cf-ray: 8f3f24b04832dc85-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
921 B 136ms
114ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: none
x-request-id: 5da9298a-0b55-4a90-a652-ffe7a9d06faa
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: 5da9298a-0b55-4a90-a652-ffe7a9d06faa
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Wed, 18 Dec 2024 12:26:47 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-cs9s5
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8f3f24b06990921f-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
960 B 136ms
113ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: none
x-request-id: ee656a24-bdb6-4dd9-b59f-d637f318cdc7
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: ee656a24-bdb6-4dd9-b59f-d637f318cdc7
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Wed, 18 Dec 2024 12:26:47 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-b6qgf
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8f3f24b0698f921f-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 130ms
110ms Preflight
application/octet-stream 172.64.147.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.cadosecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.cadosecurity.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8f3f24b07d13d36e-FRA
content-length: 0
content-type: application/octet-stream
date: Wed, 18 Dec 2024 12:26:47 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-ng79d
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: eeed54eb-6dd7-4c7d-95d9-92e5a1c8ecc3
x-request-id: eeed54eb-6dd7-4c7d-95d9-92e5a1c8ecc3

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 306 KB
108 KB 28ms
27ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f200.1e100.net

Software

Google Tag Manager /

Resource Hash

41ace3817286617b33902e45d2f2daf2bb56d0a33f7a9ef6c5c5a4e5247afe14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Wed, 18 Dec 2024 12:26:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 18 Dec 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 110201
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 180 B
1022 B 192ms
156ms XHR
application/json 104.18.244.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=14518100

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.244.108 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe35cc724306eed929c50835738c21cfbf144fdb08d8fc453ea49bf161739e1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PmvaUCpFgIQ1pyFtGPHYen0Hd5R5QlQtTipoTIAmWorTD6Ye9ccki6g%2FWvsNxCyp%2BF3YGc1K%2B2XkGoEmSpypAfdKUtxJKWh%2FRs%2Fm8mqOlLpe649Chwz9mcC21x%2FHhfHS"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: 7b993101-0db3-41a9-9d3e-fed86e02cb00
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8f3f24b09ff530d8-FRA
access-control-allow-origin: https://www.cadosecurity.com
server: cloudflare

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 5 B
347 B 42ms
20ms Fetch
text/plain 172.64.147.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/14518100/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b28ae40ac9ef82a5f8426c454cf12d9186a8e6813f6244bb9dddbef59af95071

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

cache-control: private, max-age=1500
cf-ray: 8f3f24b07d0dd36e-FRA
access-control-allow-origin: *
content-length: 5
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
552 B 16ms
16ms Stylesheet
text/css 142.250.181.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/14518100/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f10.1e100.net

Software

ESF /

Resource Hash

ce1eade43de61291fb7e1708bdbe373f955aa88e54e9c894fa6ab1ed455ab1b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 18 Dec 2024 12:26:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Wed, 18 Dec 2024 11:17:32 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 176ms
175ms Fetch 172.64.147.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/14518100/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.cadosecurity.com/

Response headers

access-control-max-age: 604800
x-request-id: c2d9e354-a37f-4e37-af21-06f6e399eb55
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_http, listener_https
date: Wed, 18 Dec 2024 12:26:48 GMT
x-hubspot-correlation-id: c2d9e354-a37f-4e37-af21-06f6e399eb55
vary: origin
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-5f9df65f7b-5272v, iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-vkszw
timing-allow-origin: *
x-envoy-upstream-service-time: 29
access-control-allow-credentials: true
cf-ray: 8f3f24b13f9dd36e-FRA
access-control-allow-origin: https://www.cadosecurity.com
x-evy-trace-route-configuration: listener_http/all, listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all, all

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 8ms
8ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cadosecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 594010
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 15:26:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 15:26:37 GMT
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23580
x-xss-protection: 0
server: sffe

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 19 KB
8 KB 62ms
8ms Script
application/javascript 2.18.64.212
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.64.212 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a2-18-64-212.deploy.static.akamaitechnologies.com

Software

Resource Hash

6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

vary: Accept-Encoding
cache-control: max-age=75122
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 7404
date: Wed, 18 Dec 2024 12:26:47 GMT
last-modified: Wed, 18 Dec 2024 09:08:52 GMT
content-type: application/javascript;charset=utf-8
x-edgeconnect-midmile-rtt: 0, 0
x-edgeconnect-origin-mex-latency: 470, 470
x-amz-server-side-encryption: AES256

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 249 KB
89 KB 27ms
27ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-319182849&l=dataLayer&cx=c&gtm=45He4cc1v851948587za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f200.1e100.net

Software

Google Tag Manager /

Resource Hash

ff5eba4e745403d6889b0cd803d08c925494844e4f1dfc4be8f4a5478dd5f83e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Wed, 18 Dec 2024 12:26:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 18 Dec 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 91464
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 bat.js Show response
bat.bing.com/ 50 KB
15 KB 141ms
49ms Script
application/javascript 150.171.29.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.29.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "028e0691d20db1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 57D80F84A7DF482A9F865D475DC297A8 Ref B: LON212050703019 Ref C: 2024-12-18T12:26:47Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14570
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 22:47:44 GMT
vary: Accept-Encoding

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 22ms
8ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

9d476ce7d441875c1ae5a3ea08ab0a65652e3c386c2918add8ffe867461213bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-dUJw10iQ' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-dUJw10iQ' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=23, mss=1232, tbw=4495, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: ilEUPcHgG4FQaG99d+grQ8auAqNxCkGkdbvwkdhNEgJWg+RwUWE2QFY7eHfGLFLhXzbXTWRfb2HVNQluXt0D5g==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62287
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 135 B
641 B 131ms
119ms XHR
application/json 104.16.107.254
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=14518100&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.107.254 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21dc41f54155e059e729987b3d5863f56b54ec1c5d0eefaca16c39ed1f871b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 47db66b5-8441-42ea-a1bf-7f0c536c7df2
content-encoding: br
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:47 GMT
x-hubspot-correlation-id: 47db66b5-8441-42ea-a1bf-7f0c536c7df2
content-type: application/json;charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: *
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-zzrjc
x-envoy-upstream-service-time: 10
cf-ray: 8f3f24b11f409106-FRA
access-control-allow-origin: https://www.cadosecurity.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 265094585475702 Show response
connect.facebook.net/signals/config/ 69 KB
14 KB 9ms
9ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/265094585475702?v=2.9.179&r=stable&domain=www.cadosecurity.com&hme=b8122d5d96cd6f542162ba4f497489972d1ebe228d24c39d34f560e30ae932ce&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

0a73a4885b5bb4b7df0428b8bd59061b88f3cdb1823cefddd3c6a80bef0ea7cd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-lzbHU3gi' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-lzbHU3gi' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=73, mss=1232, tbw=71314, tp=67, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: PIWTsyTG1EZNQYl+rJkTzPrgYEhvOwFPl1qPtuaRLJDuQcF/2SdtNojZWMSNx4eOe3Bry1G3P1ABbHIge1W3yg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 14196
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1 KB 136ms
135ms Fetch
application/json 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=14518100&currentUrl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&contentId=null

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 774c7754-836b-407b-a0a8-dd09d7503be6
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZQ9cqBJ%2B8PojAEuRjnYE1QV4SMVTPJYNlZb6EUOQAMWXxc2cRdLX%2Bms5IVfPjS50R0QugxkEtXAT3X7ALaZiqjf3wdAUfKG5wbylmW0aZqpUYRHVeYXSg6vP%2FbvLcUB73FomAFDwDtlUuFDmSq0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Wed, 18 Dec 2024 12:26:48 GMT
x-hubspot-correlation-id: 774c7754-836b-407b-a0a8-dd09d7503be6
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-8gtsz
x-envoy-upstream-service-time: 18
access-control-allow-credentials: true
cf-ray: 8f3f24b16ac9a06a-FRA
access-control-allow-origin: https://www.cadosecurity.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 14ms
14ms Script
application/javascript 2.18.64.212
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.64.212 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a2-18-64-212.deploy.static.akamaitechnologies.com

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

cache-control: max-age=8646
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Wed, 18 Dec 2024 12:26:47 GMT
last-modified: Mon, 02 Dec 2024 10:13:56 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 24ms
7ms Image
text/plain 157.240.251.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=265094585475702&ev=PageView&dl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&rl=&if=false&ts=1734524807918&sw=1600&sh=1200&v=2.9.179&r=stable&ec=0&o=12318&fbp=fb.1.1734524807917.321931322606811814&ler=empty&cdl=API_unavailable&it=1734524807873&coo=false&rqm=GET

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-fra5.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4579, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
202 B 184ms
168ms Image
image/png 157.240.251.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=265094585475702&ev=PageView&dl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&rl=&if=false&ts=1734524807918&sw=1600&sh=1200&v=2.9.179&r=stable&ec=0&o=12318&fbp=fb.1.1734524807917.321931322606811814&ler=empty&cdl=API_unavailable&it=1734524807873&coo=false&rqm=FGET

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-fra5.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7449727321283681840"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 18 Dec 2024 12:26:48 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7449727321283681840", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: IjMYEnMxZR+KBlmibPVFO+0+5v2QWTWzvQOxponCfMvlcjwygdHiBZxjDRBHPByz7SBBo9gGOt9rBj7hFHmVrg==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4947, tp=13, tpl=0, uplat=156, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
1 KB 295ms
124ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3448890&time=1734524807930&url=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: gzip
x-li-fabric: prod-lva1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
access-control-allow-methods: GET, OPTIONS
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/json
access-control-allow-headers: *
x-li-pop: afd-prod-lva1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-fs-uuid: 0006298a870b60d07604b295b31c98dc
x-msedge-ref: Ref A: 5AB804CB740E40EEB2ACE36D5FF40786 Ref B: DUS30EDGE0716 Ref C: 2024-12-18T12:26:48Z
x-restli-protocol-version: 1.0.0
x-li-uuid: AAYpiocLYNB2BLKVsxyY3A==
access-control-allow-origin: *

GET
H2 200 collect
px.ads.linkedin.com/ 0
667 B 280ms
109ms Image
application/javascript 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3448890&time=1734524807930&url=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: FC5B8601C75B4268B3CA06D726374D19 Ref B: FRAEDGE1221 Ref C: 2024-12-18T12:26:48Z
x-li-fabric: prod-lva1
x-li-uuid: AAYpiocLVK4BfgfNIXMOzw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 249 KB
89 KB 32ms
31ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-319182849

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f200.1e100.net

Software

Google Tag Manager /

Resource Hash

d9d6d0180380e730d9c1c50ec982acc15a0c5dcc2e372392a272ed36140598da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 18 Dec 2024 12:26:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 18 Dec 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 91403
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 249 KB
89 KB 32ms
31ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-319182849&l=dataLayer&cx=c&gtm=45je4cc1v9129038223za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S0BZ30LS47

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f200.1e100.net

Software

Google Tag Manager /

Resource Hash

aa18714a94dae926db442213c017ed8f40d106b7f8bf67480579721862c493f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 18 Dec 2024 12:26:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 18 Dec 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 91418
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 137007554.js Show response
bat.bing.com/p/action/ 362 B
422 B 35ms
34ms Script
application/javascript 150.171.29.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/137007554.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.29.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1fc671898ad010ba690b89d83f8c813088990a6018b21818096387fe4a2c8e67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 52967E878E53416C86B111E1B24ABB4A Ref B: LON212050703019 Ref C: 2024-12-18T12:26:47Z
x-cache: CONFIG_NOCACHE
date: Wed, 18 Dec 2024 12:26:47 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
569 B 126ms
118ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: none
x-request-id: a3a248a6-f628-45b5-abc0-745b3f321e99
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 18 Dec 2024 12:26:48 GMT
x-hubspot-correlation-id: a3a248a6-f628-45b5-abc0-745b3f321e99
content-type: image/gif
vary: origin
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6w44x
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8f3f24b1fac6921f-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

POST
H2 204 0
bat.bing.net/actionp/ 0
119 B 399ms
82ms Ping
text/plain 204.79.197.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.net/actionp/0?ti=137007554&tm=gtm002&Ver=2&mid=8157d75d-8dc1-42b2-9df3-2027f7d1deb6&bo=1&evt=consent&src=enforced&cdb=AQAI&asc=D
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2C9818E607A44E9F8370E1F27DDF2F30 Ref B: FRA31EDGE0107 Ref C: 2024-12-18T12:26:48Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Wed, 18 Dec 2024 12:26:47 GMT

GET
H2 204 0
bat.bing.net/action/ 0
345 B 349ms
33ms Image
text/plain 204.79.197.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.net/action/0?ti=137007554&tm=gtm002&Ver=2&mid=8157d75d-8dc1-42b2-9df3-2027f7d1deb6&bo=2&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&r=&lt=650&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=725222
Requested by: Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 505DC415F2034218B1239D897F87F6EA Ref B: FRA31EDGE0107 Ref C: 2024-12-18T12:26:48Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Wed, 18 Dec 2024 12:26:47 GMT

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
611 B 166ms
155ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.cadosecurity.com
URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: none
x-request-id: 1316dc57-e026-46e9-867d-566a5a065d6b
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 18 Dec 2024 12:26:48 GMT
x-hubspot-correlation-id: 1316dc57-e026-46e9-867d-566a5a065d6b
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Wed, 18 Dec 2024 12:26:48 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-hqfsm
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8f3f24b35be5921f-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
605 B 125ms
117ms Image
image/gif 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=930271884&v=1.1&a=14518100&ct=standard-page&ccu=https%3A%2F%2Fwww.cadosecurity.com%2F404&lvc=en&pu=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&cts=1734524808561&vi=7da8e6ae11968dc5d3baf4168007988e&nc=true&u=185812470.7da8e6ae11968dc5d3baf4168007988e.1734524808556.1734524808556.1734524808556.1&b=185812470.1.1734524808556&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: none
x-request-id: a3908e69-4ea0-42ab-89f6-192a6dcd0668
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aPhQGF6K8uqrRdBKd5OJYqx0xsjXEInnFGhffFda9E7eg4DtnZMy2qiCXoJqHSNsbxcb8Ti%2BGUA9GF1XMRNPlaoRvXsES4%2FP35zjtGDBK5oravtpP1gdyi41v5vz9Q6Jc2Mr"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 18 Dec 2024 12:26:48 GMT
x-hubspot-correlation-id: a3908e69-4ea0-42ab-89f6-192a6dcd0668
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-rkp6r
x-envoy-upstream-service-time: 6
access-control-allow-credentials: false
cf-ray: 8f3f24b5aeb6d38d-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
610 B 170ms
170ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: none
x-request-id: 9b4a7593-f6e1-431d-9be5-9ce904770c67
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 18 Dec 2024 12:26:48 GMT
x-hubspot-correlation-id: 9b4a7593-f6e1-431d-9be5-9ce904770c67
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Wed, 18 Dec 2024 12:26:48 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-9cthp
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8f3f24b59d31921f-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
458 B 129ms
121ms Image
image/gif 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22a51b72aa-daa5-4df8-a061-1902834ccdb0%22%2C%2292904fd2-b110-4436-a892-9e399d0cabe2%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=930271884&v=1.1&a=14518100&ct=standard-page&ccu=https%3A%2F%2Fwww.cadosecurity.com%2F404&lvc=en&pu=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&cts=1734524808564&vi=7da8e6ae11968dc5d3baf4168007988e&nc=true&u=185812470.7da8e6ae11968dc5d3baf4168007988e.1734524808556.1734524808556.1734524808556.1&b=185812470.1.1734524808556&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: none
x-request-id: c25ec038-56ab-420b-b7e1-52c2bbb687e1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CWNQ7x%2FEPYqh2P1xyMcTzhdSAEuGqDx5k413JIudW0QLoHBqkCIoQrFwOC6rDVUrVloyBSHzxnbDMUQj29P%2FeTo44KSByEC8UNq4YtXm7ol5Z%2F8lUwDxrJvBxgOBqAAzyVye"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 18 Dec 2024 12:26:48 GMT
x-hubspot-correlation-id: c25ec038-56ab-420b-b7e1-52c2bbb687e1
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-59w5s
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8f3f24b59eb4d38d-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 Cado-Security-Favicon-%E2%80%93-2.png
14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/ 368 B
1 KB 25ms
25ms Other
image/webp 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Cado-Security-Favicon-%E2%80%93-2.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e278f03d5278efc073b8038bf880d791304731569fddc3f8d7a7d61cd0f50378

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "a4127864a58c71302f983571f444f114"
age: 656244
cache-tag: F-54685336068,P-14518100,FLS-ALL
x-amz-version-id: _pLUAn.20t8VzbVmtQVsGz4RDybKvXbu
x-cache: RefreshHit from cloudfront
x-amz-cf-id: -eiAABC0HMvOPuEFKfMFLvidgbZuUhW6gw2keDubX0GXp32RmJFnvA==
content-type: image/webp
content-disposition: inline; filename="Cado-Security-Favicon-%E2%80%93-2.webp"
last-modified: Tue, 07 Sep 2021 04:47:18 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-54685336068,P-14518100,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: BC0MF2Y26YMWNQCS
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-54685336068,P-14518100,FLS-ALL
content-length: 368
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
cf-polished: origFmt=png, origSize=639
date: Wed, 18 Dec 2024 12:26:48 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: 56CI8MX0Zbw1cH3YolCtxmz945+N2NVePyP2ghS4fl6y9omcz3tgLTGEs9j0YV3QsCRCa7Qpqi8=
timing-allow-origin: 14518100.fs1.hubspotusercontent-na1.net
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
cf-ray: 8f3f24b598a4d298-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1630990037290

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 50ms
18ms Fetch
text/plain 216.239.34.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-S0BZ30LS47&gtm=45je4cc1v9129038223za200&_p=1734524807404&gcs=G100&gcd=13p3pPp2p5l1&npa=1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&gdid=dZTQ1Zm&cid=75480436.1734524809&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&_s=1&sid=1734524807&sct=1&seg=0&dl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2240
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S0BZ30LS47
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.cadosecurity.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Dec 2024 12:26:49 GMT
content-type: text/plain
server: Golfe2

POST
H3 200 collect
pagead2.googlesyndication.com/ccm/ 0
0 42ms
16ms Ping
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&scrsrc=www.googletagmanager.com&frm=0&rnd=1108530485.1734524809&navt=n&npa=1&gtm=45He4cc1v851948587za200&gcs=G100&gcd=13p3p3p2p5l1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1734524809154&tfd=2244&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cadosecurity.com/

Response headers

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4cc0/ Frame 1B61 0
0 39ms
11ms Document
text/html 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.cadosecurity.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f200.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 495276
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 12 Dec 2024 18:52:13 GMT
expires: Fri, 12 Dec 2025 18:52:13 GMT
last-modified: Thu, 12 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.cadosecurity.com/	1970-01-21 01:48:46	Name: __cf_bm Value: Vn9hLmCQZas8yM60Qev_arDGAhUprvgqb2oOtzbBDMk-1734524807-1.0.1.1-XYQCtzbH4FCSZe2ck_LYJ1smkTPkIZfFIDdPB5LgcZTEcCEFH3dbGGXSLYk1h3sBYjH8sg4eP___E8c09AIaUg
.www.cadosecurity.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Fab8UloITz3zzE5ZvtJwgnRflqLG6Ljx21.08I6IIok-1734524807246-0.0.1.1-604800000
.hubspotusercontent-na1.net/	1970-01-21 01:48:46	Name: __cf_bm Value: 2pJjHe58GyEFit4NBON7N0b.aDhMTpHKw8vjRpKdI_M-1734524807-1.0.1.1-oqmWelZnpIrAOb6Slu4ZqQsvF3zVL9kGsAR9aaVfiavcHG_eHwI6euIibOU9TX8CIM4FFN6M0vkbCTDvLh0dww
.hubspot.net/	1970-01-21 01:48:46	Name: __cf_bm Value: _j9Qb2JyfNwFMB6AaMWVo1kMAkU0CmHLb8gVJNJ74DA-1734524807-1.0.1.1-BlhJrVKtfOWDuGjG4hys4_l2Hjyw2ZM5mbxdeHKJU4xTxHmSalowY_qRzmRW6QXV.yNOrDOG9_V2o50RPeC9Yw
.hubspot.com/	1970-01-21 01:48:46	Name: __cf_bm Value: cVnHJtwMMr4bZj_WFlSBtYUoGZOrzNV0d5inVpfr0Uo-1734524807-1.0.1.1-_q1yrplnGF3PG9_WatneMhV0lZPQUzKwmSWgNkdDaNSR_8HJULxk07BdCLnT3OaQhIjXwrVawSFhBsJ2f6EN3w
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: aCs4WRoMeNXQwiuQfVJ7fKdoy62NWtqXVCJH0ru0wyg-1734524807445-0.0.1.1-604800000
.cadosecurity.com/	1970-01-21 10:34:20	Name: _hjSessionUser_5172881 Value: eyJpZCI6IjUyYTgzMDk1LWU5NWMtNTdiZi1iN2I2LWQwZTY1Y2FkNDQ4ZSIsImNyZWF0ZWQiOjE3MzQ1MjQ4MDc2ODgsImV4aXN0aW5nIjpmYWxzZX0=
.cadosecurity.com/	1970-01-21 01:48:46	Name: _hjSession_5172881 Value: eyJpZCI6IjEzNGExZDVmLTlmMzAtNDQxMC04NzgyLTViMzVmZGUwNWNiYSIsImMiOjE3MzQ1MjQ4MDc2ODksInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.hsadspixel.net/	1970-01-21 01:48:46	Name: __cf_bm Value: 2eVHaiCPP0AvEbugww4ammhtxCmtJgCLBwTxASxNgRY-1734524807-1.0.1.1-AvcZV9NDoQkX_65c0GwIdxFul5hUm7sMiw_oZTr6RpmyLrUjAeLd3bwZ.FjKAQgUZq2LG4LuiTH40B6lCWTedg
.hs-banner.com/	1970-01-21 01:48:46	Name: __cf_bm Value: folBoi6TAZ1xaPYD8DtCutYC.iwv_9Kuv_5tnuo4808-1734524807-1.0.1.1-k5RecakyHxTeRVa4E.qeKzAICtSrZmik9o.XAz_xLLRgbujHn1Z98C5gFhwd6S3ce6IqTI0bGeCE6T1IYLGxJw
.hsforms.com/	1970-01-21 01:48:46	Name: __cf_bm Value: yfEvikG1VoXahSdSDWd2suitC9pui6iDjJWKYOgEKNU-1734524807-1.0.1.1-I7jcAPe_VvCb7wdJuRNLhkkQcXZdfICzP3iz.b2O5aOxmj26lQ_TFZbhgn7oKux13lGN.DpXsBFUwxRa5vu9iA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: MozZNpRY2BfTOAGMnyh1tz79miswbuH.4mxVYQGyZgs-1734524807850-0.0.1.1-604800000
.hs-analytics.net/	1970-01-21 01:48:46	Name: __cf_bm Value: 4lH4goenkoll_XXMzV2OpB.NxJLzC6nDl2kKyeBg1dE-1734524807-1.0.1.1-GiyvcMrUJRtNOqef1moAJGBaDv3C6EsiDnSvlcum2d9ubL2ET3nljbMsu_NQBM48wdXQN9LxLIH.vdYKYWdm2w
.cadosecurity.com/	1970-01-21 03:58:20	Name: _fbp Value: fb.1.1734524807917.321931322606811814
.linkedin.com/	1970-01-21 10:34:20	Name: bcookie Value: "v=2&d076ec77-bd12-452e-8a1b-d4cf6f259bc9"
.linkedin.com/	1970-01-21 06:07:56	Name: li_gc Value: MTswOzE3MzQ1MjQ4MDg7MjswMjGciRCqKyffdlMjJz9+xadu2NgtWPPy6vFvPlcWNT9F7Q==
.linkedin.com/	1970-01-21 01:50:11	Name: lidc Value: "b=VGST02:s=V:r=V:a=V:p=V:g=3403:u=1:x=1:i=1734524808:t=1734611208:v=2:sig=AQHFWHIFrXTs205iZoK_fblP-GopQTto"
.cadosecurity.com/	1970-01-21 06:07:56	Name: __hstc Value: 185812470.7da8e6ae11968dc5d3baf4168007988e.1734524808556.1734524808556.1734524808556.1
.cadosecurity.com/	1970-01-21 06:07:56	Name: hubspotutk Value: 7da8e6ae11968dc5d3baf4168007988e
.cadosecurity.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cadosecurity.com/	1970-01-21 01:48:46	Name: __hssc Value: 185812470.1.1734524808556

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

14518100.fs1.hubspotusercontent-na1.net
302335.fs1.hubspotusercontent-na1.net
api.hubapi.com
app.hubspot.com
bat.bing.com
bat.bing.net
cdn2.hubspot.net
connect.facebook.net
cta-service-cms2.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
forms.hsforms.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hubspot.com
no-cache.hubspot.com
pagead2.googlesyndication.com
perf-na1.hsforms.com
perf.hsforms.com
pro.fontawesome.com
px.ads.linkedin.com
region1.google-analytics.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
track.hubspot.com
vc.hotjar.io
www.cadosecurity.com
www.facebook.com
www.googletagmanager.com
104.16.107.254
104.16.117.116
104.16.118.116
104.16.160.168
104.17.223.152
104.18.244.108
104.18.41.124
104.18.87.62
104.19.175.188
13.107.42.14
13.33.187.19
142.250.181.234
142.250.185.162
142.250.185.99
150.171.29.10
157.240.0.6
157.240.251.35
172.217.16.200
172.64.147.16
172.64.147.188
18.66.102.106
18.66.112.79
188.114.97.3
2.18.64.212
204.79.197.237
216.239.34.36
00fea8990ea6f50671a381300028e0fb4428d6851e54e9180d69cfe5d4c5ecad
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
0a73a4885b5bb4b7df0428b8bd59061b88f3cdb1823cefddd3c6a80bef0ea7cd
0af3b1efbf93ea2e374669840b3866368d92207c75e5ee9ba9655b644df7d424
0d220322b68ad1cf5917c91f69fda406575fddebaa55577a28a208edfceea6b3
0e36d48c48ae338b5cccef7dedc545d736dff75042f4ecf272c7061a4fd92a4b
107c4a6a25d7beee9180e789ac410bb46c1bc2b104b70d17170513dc224b365c
128b57e5dec420f0aa44cf53c881d4c2b0326551fe2ab4da4c10c93595bb9d3f
1599f3afb38159747321c90effb85d55a081b3ab988a6b88f2cefaf3007cbac5
1764bc84ea6abe91f1634b73a5a6c0ebff400461dfea6a4040bd0c03d86caa8b
1fc671898ad010ba690b89d83f8c813088990a6018b21818096387fe4a2c8e67
21dc41f54155e059e729987b3d5863f56b54ec1c5d0eefaca16c39ed1f871b81
2733c64f5330ed7809768c11e5a7319b7c597de9e7967aeb65da0accfa0a3ca5
27fb93766c76a5d272e97fc11d3437776f027072100ed7e4ec6502e0d6cde411
2ce08721b330886faa0dd2a1fb04cd9263fe66cfc4148d604d2fdaf2c2918b6c
2d3007e6fac9e8e04426f7763b3f67f21d261737b970dfbeef2902d6447b9671
3b0bdefd03a7be29b76622769769ffa627aa3121971ca40d0bba041ab57ed0de
407c14430b0e1ca878f6433f10432fe6ace7860a13bd3094e36a5dc8c9559aee
41ace3817286617b33902e45d2f2daf2bb56d0a33f7a9ef6c5c5a4e5247afe14
42bdf17817337679f2bc3debacda2eeb47b03fd001844f66780eb4553bd8661f
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
55c43f9fdacec1f0cc9f2ebf763d397115c1fe7a2e2484dae1c6a7eebfde715b
5e0ea050eb4c1d08b619be28958d97596caef07ec9908855a04e3d0378c3696d
5f6e5a772649ae72f766174a853fb5e403ea5b24f50b604ac2530475af1a8208
6271d19b3478ba89cc7d60e6648a2342d8e206e4a0aaeed7d858c2f1878eadaf
674d5ab1e2c5a783115e67fabc4805ac2e8a83d48eb6a1ad3535c23a959a1801
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593
72df999e71586cc7d8e9b6945f74f286d0dec270394a0de450cba1ace66ab1a8
73d3bb666001119af2712d92dd5091fd4b0ea404d19507fd734f6c604d8326b0
75b27571ceafa6560289a62df52861afcfd4eb9d78307fa2f25951173ba3edb3
78b9c28611b2f176966e3cb7efb14d6263f16cb5308fc0123a4d5586f487b8a7
83b431b794a9395cb27b2b781106fff5f24653f0a57813212911c5e2fa517d02
85631ac7bcdf6b849bdd99d1aa1bea99067e4ac640706e6d59edf98b4edae360
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8d3df945eaf1645c7e2a2373180e9bd95cc26ef8e085a837aef024dae1348074
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
93426aa30ced1f240188e241c31e1584fc77d70693fcc35647f3044a26a9a916
93f97df970c96fc8220de21b8a903081bef952c3883dd56e298955d8ea8c49e3
974a198793d723425fe7023528fb24da16a52c132b10f81a1510eb6978228bd9
9d476ce7d441875c1ae5a3ea08ab0a65652e3c386c2918add8ffe867461213bd
a066e8552c97a69b523cbde8c360f93c2861d26d6781a45a8e59f545d5686b82
a7798dc167b0321ffd040e4f665db503e3037ba907ec059af874dcf4191be06e
a8f7b83a000ad96b202dc1856b5bc7e037c42202c4b13fd8513282cb3266bd98
aa18714a94dae926db442213c017ed8f40d106b7f8bf67480579721862c493f2
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ac41eb7a5b856d49f9c8845313325be66c4bfd221163e4b492b7c338286845bf
b032cf763e3e7982adca76421524d0f8ddc93b1ff64c96aa8baeb4d19242d7c3
b1a2ef4bc0b997dad2c90a8151e6cd98e10a644dbe55c260de97cb77f32ed47f
b28ae40ac9ef82a5f8426c454cf12d9186a8e6813f6244bb9dddbef59af95071
b2fbfa4a756b9d7428291fa36194f2db713a5cd2a0e8242dc53915a1578d32f9
bd2a6252bf6e8bdc668078879ace479db7a570820190e026a771413288dc7047
c9f1175472edef5e7be3e8125c41be38fab67c60d3edd28af1b6c757af63ab61
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
cbdec799787b9ffc82fcb355b28fc38bf804634cb280f2e7f5b048b9b869a26d
ce1eade43de61291fb7e1708bdbe373f955aa88e54e9c894fa6ab1ed455ab1b5
d41e5caed51366e3e46b16eaa7ce6a96e7d3eb9e56ca2e0f4c47cf17f4b58c82
d9d6d0180380e730d9c1c50ec982acc15a0c5dcc2e372392a272ed36140598da
dae65e43ce0ffcb9722f0ac5dc5a774548f0134883a1e046b981aed48b69dfa4
db8220aa806f038bc79764cf7aacc7d47848381130b9859a8aff8b346ee97126
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd1f9acf13b12f189da475e0f23c7c505767859ab620aac636964974093c281d
dd3d6deb8e39740eeba36153d322933f8e1a4c29d6b1432a863d7b4a68497687
df0f4d380d3f3768c75d4c7b7c7d4949d79664ab1ba55b6f3863a0f8a40c6eae
e278f03d5278efc073b8038bf880d791304731569fddc3f8d7a7d61cd0f50378
e35f8ff087c3b5bed43bfab3509d5a93813d5015d9088f7e3fb2d7c195450ae4
e38338484d969872e570a554c807dab4a79233b82d64a7cb7028fb459123d44a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a23e6a3399b52a5576c28b2236b48953949793fc17f2c733d35b084d7a0085
e77c7e1c8f859611d1200ee9a75eadbce02664f28a53b05807233e88deb82f65
e81ec842ce9e89a5d8de9507f870b9e12dde8debab84e7897e97c66348f51d8e
e9dd7f4c167731d38a9e903442c06cefc76d16f5c93625e6b7460c5164845c0e
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
f1c793ceffc96e452c70a2ed457a6ad0e824a919ab78166550f9055603527528
f6f440cef04de6967acfca12b29f5c95e1d5b863245f8568d201813f6f5c4c4a
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fae5b4778681683248b32b03a4f5b090d12debfa92545cb3779fa761ed998cad
fe35cc724306eed929c50835738c21cfbf144fdb08d8fc453ea49bf161739e1e
ff5eba4e745403d6889b0cd803d08c925494844e4f1dfc4be8f4a5478dd5f83e

www.cadosecurity.com Open in urlscan Pro 188.114.97.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

104 Requests

100 %HTTPS

0 %IPv6

24 Domains

33 Subdomains

26 IPs

4 Countries

4660 kBTransfer

8230 kBSize

21 Cookies

8 Outgoing links

Redirected requests

104 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.cadosecurity.com Open in urlscan Pro
188.114.97.3 Public Scan

Screenshot
Live screenshot

Full Image

104
Requests

100 %
HTTPS

0 %
IPv6

24
Domains

33
Subdomains

26
IPs

4
Countries

4660 kB
Transfer

8230 kB
Size

21
Cookies

104 HTTP transactions
0 data transactions