Submitted URL: http://www.thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux//
Effective URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Submission: On September 19 via api from US — Scanned from DE

Summary

This website contacted 24 IPs in 4 countries across 19 domains to perform 56 HTTP transactions. The main IP is 2606:4700:20::681a:147, located in United States and belongs to CLOUDFLARENET, US. The main domain is thenewstack.io. The Cisco Umbrella rank of the primary domain is 359182.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 15th 2024. Valid for: 6 months.
This is the only time thenewstack.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3 2606:4700:20:... 13335 (CLOUDFLAR...)
13 2606:4700:440... 13335 (CLOUDFLAR...)
6 172.67.70.57 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 142.250.185.200 15169 (GOOGLE)
2 151.101.1.44 54113 (FASTLY)
1 2001:4860:480... 15169 (GOOGLE)
1 151.101.65.44 54113 (FASTLY)
2 142.250.186.130 15169 (GOOGLE)
1 3 104.18.95.41 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2620:1ec:29:1... 8075 (MICROSOFT...)
2 2620:1ec:33:1... 8075 (MICROSOFT...)
1 146.75.120.157 54113 (FASTLY)
2 157.240.0.6 32934 (FACEBOOK)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 2a03:2880:f17... 32934 (FACEBOOK)
3 23.96.124.68 8075 (MICROSOFT...)
1 216.58.206.66 15169 (GOOGLE)
4 141.226.228.48 200478 (TABOOLA-AS)
56 24
Apex Domain
Subdomains
Transfer
13 cookiepro.com
cookie-cdn.cookiepro.com — Cisco Umbrella Rank: 8567
446 KB
9 thenewstack.io
www.thenewstack.io
thenewstack.io — Cisco Umbrella Rank: 359182
cdn.thenewstack.io — Cisco Umbrella Rank: 659027
471 KB
7 taboola.com
cdn.taboola.com — Cisco Umbrella Rank: 894
psb.taboola.com — Cisco Umbrella Rank: 6108
trc.taboola.com — Cisco Umbrella Rank: 755
trc-events.taboola.com — Cisco Umbrella Rank: 2788
24 KB
5 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 682
s.clarity.ms — Cisco Umbrella Rank: 6853
29 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 327
px4.ads.linkedin.com — Cisco Umbrella Rank: 6795
2 KB
3 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 3407
16 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 43
275 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 106
3 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 178
72 KB
2 bing.com
bat.bing.com — Cisco Umbrella Rank: 361
15 KB
2 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 213
180 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 115
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 782
14 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 875
15 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 670
7 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3310
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 491
306 B
0 twitter.com Failed
analytics.twitter.com Failed
0 t.co Failed
t.co Failed
56 19
Domain Requested by
13 cookie-cdn.cookiepro.com thenewstack.io
cookie-cdn.cookiepro.com
6 thenewstack.io 1 redirects thenewstack.io
static.cloudflareinsights.com
4 trc-events.taboola.com cdn.taboola.com
3 s.clarity.ms www.clarity.ms
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 challenges.cloudflare.com 1 redirects thenewstack.io
challenges.cloudflare.com
3 www.googletagmanager.com thenewstack.io
www.googletagmanager.com
2 www.facebook.com thenewstack.io
2 connect.facebook.net thenewstack.io
connect.facebook.net
2 bat.bing.com thenewstack.io
bat.bing.com
2 www.clarity.ms thenewstack.io
www.clarity.ms
2 securepubads.g.doubleclick.net thenewstack.io
securepubads.g.doubleclick.net
2 cdn.thenewstack.io thenewstack.io
1 pagead2.googlesyndication.com securepubads.g.doubleclick.net
1 px4.ads.linkedin.com thenewstack.io
1 snap.licdn.com thenewstack.io
1 static.ads-twitter.com thenewstack.io
1 static.cloudflareinsights.com thenewstack.io
1 trc.taboola.com cdn.taboola.com
1 psb.taboola.com cdn.taboola.com
1 region1.google-analytics.com www.googletagmanager.com
1 cdn.taboola.com www.googletagmanager.com
1 geolocation.onetrust.com cookie-cdn.cookiepro.com
1 www.thenewstack.io 1 redirects
0 analytics.twitter.com Failed thenewstack.io
0 t.co Failed thenewstack.io
56 26
Subject Issuer Validity Valid
thenewstack.io
Cloudflare Inc ECC CA-3
2024-07-15 -
2024-12-31
6 months crt.sh
cookiepro.com
E5
2024-09-14 -
2024-12-13
3 months crt.sh
*.google-analytics.com
WR2
2024-08-26 -
2024-11-18
3 months crt.sh
geolocation.onetrust.com
WE1
2024-08-13 -
2024-11-11
3 months crt.sh
*.taboola.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-30 -
2024-12-31
5 months crt.sh
*.g.doubleclick.net
WR2
2024-08-26 -
2024-11-18
3 months crt.sh
cloudflareinsights.com
WE1
2024-09-03 -
2024-12-02
3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1
2024-09-04 -
2025-09-04
a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03
2024-09-16 -
2025-03-15
6 months crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-06-25 -
2025-06-24
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-06-28 -
2024-09-26
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
challenges.cloudflare.com
WE1
2024-09-05 -
2024-12-04
3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-09-11 -
2025-03-11
6 months crt.sh
a.clarity.ms
Microsoft Azure RSA TLS Issuing CA 08
2024-06-23 -
2025-06-18
a year crt.sh

This page contains 2 frames:

Primary Page: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Frame ID: 0EA3CC741574F2D75C39E4B55E51D1C9
Requests: 53 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ahr26/0x4AAAAAAAVLuogHtE3mpzev/auto/fbE/normal/auto/
Frame ID: 36EC6E65DBC0025EBCB6E2E6439972F7
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Page not found - The New Stack

Page URL History Show full URLs

  1. http://www.thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux// HTTP 307
    https://www.thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux// HTTP 301
    https://thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux// HTTP 301
    https://thenewstack.io/-new/-malware/-program/-targeting/-linux/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • otSDKStub\.js

Page Statistics

56
Requests

93 %
HTTPS

48 %
IPv6

19
Domains

26
Subdomains

24
IPs

4
Countries

1567 kB
Transfer

5437 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux// HTTP 307
    https://www.thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux// HTTP 301
    https://thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux// HTTP 301
    https://thenewstack.io/-new/-malware/-program/-targeting/-linux/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
  • https://challenges.cloudflare.com/turnstile/v0/b/388c99dd0998/api.js
Request Chain 37
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4664394&time=1726708365438&url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4664394&time=1726708365438&url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&e_ipv6=AQJSGYtMzjUkEgAAAZIH1rjYrpWWm-rgqh_fCQHzECcyoGwIkXS1BROpwLmhzmLS

56 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
thenewstack.io/-new/-malware/-program/-targeting/-linux/
Redirect Chain
  • http://www.thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux//
  • https://www.thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux//
  • https://thenewstack.io//shikitega/-new/-malware/-program/-targeting/-linux//
  • https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
982 KB
216 KB
Document
General
Full URL
https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
411febbb45e7b04997059c3b63dfa1e554d53b4cd25de5723535fdbca7f6bc0e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=120
cf-apo-via
origin,resnok
cf-cache-status
MISS
cf-edge-cache
cache,platform=wordpress
cf-ray
8c55b58d1e329b95-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 19 Sep 2024 01:12:44 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
link
<https://thenewstack.io/wp-json/>; rel="https://api.w.org/"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UNuY5sw1fcS0D4AXxO6BVNE3M0sF2FrptXHg0CA0pgsV4%2BDL1o8%2FWav5Uuhkchz0crNsLAgffNert%2BCPQU8hQdwcSDMr6lFWIZWAp%2B8rBzKvr74sKVXfKDsPBwL92II8ca0E7v0nLyLF39RY"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-apo-via
origin,resnok
cf-cache-status
MISS
cf-edge-cache
cache,platform=wordpress
cf-ray
8c55b58afd079b95-FRA
content-type
text/html; charset=UTF-8
date
Thu, 19 Sep 2024 01:12:44 GMT
expires
Thu, 19 Sep 2024 02:12:44 GMT
location
https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7yBveE6%2F3nk5ZV3pwKd8%2BEcF6a9XSqw7LpwGRTgdi6pa7Ez%2BRmjmvVdmGm5y2Wab9XvyKMYvMYyJs2M%2BDDFJEDo4CgmIUOWG31dwbO%2BisFGm6ssapUSwwS2TmzTK%2F6QXrSk5FKdGwc%2Fs%2F7Bq"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-redirect-by
Permalink Manager
OtAutoBlock.js
cookie-cdn.cookiepro.com/consent/0c35c619-0589-4617-9377-c28b2254bcf0/
1 MB
250 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/consent/0c35c619-0589-4617-9377-c28b2254bcf0/OtAutoBlock.js
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
927afc1efaefc534b4e042ad8d3fbae83b4e307e4225eafb0357966d6e023878
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
3JlWhd9zXkW/XXkEReRSbQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC20BFBD8263C4
age
64678
x-ms-lease-status
unlocked
x-ms-version
2009-09-19
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/x-javascript
last-modified
Mon, 29 Jan 2024 11:45:07 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
c5e13e9b-d01e-0052-1865-755754000000
cf-ray
8c55b58f4ce93605-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
255655
x-ms-blob-type
BlockBlob
server
cloudflare
otSDKStub.js
cookie-cdn.cookiepro.com/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
jwlUUXc1HMPClYXMpY+NPQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCD69EA07C91B2
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
79445
expires
Fri, 20 Sep 2024 01:12:44 GMT
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/javascript
last-modified
Mon, 16 Sep 2024 22:26:36 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
ad009d18-801e-004f-6aa8-085ae8000000
cf-ray
8c55b58f4ce83605-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
6881
x-ms-blob-type
BlockBlob
server
cloudflare
347aefe9-wind-river-unveils-linux-distro-for-ai-and-critical-workloads--1024x576.jpg
cdn.thenewstack.io/media/2024/09/
104 KB
105 KB
Image
General
Full URL
https://cdn.thenewstack.io/media/2024/09/347aefe9-wind-river-unveils-linux-distro-for-ai-and-critical-workloads--1024x576.jpg
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.70.57 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8247411090aa02d445c45d4407e4e2f0f6487fd193858227e71609beb88652c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

x-goog-metageneration
2
x-goog-hash
crc32c=XBU4Ug==, md5=K+bjQhspWhx5uAckQncdGw==
cf-bgj
imgq:85,h2pri
etag
"2be6e3421b295a1c79b8072442771d1b"
age
11119
cf-cache-status
HIT
x-goog-meta-file-hash
d41d8cd98f00b204e9800998ecf8427e
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qII6DhMJ3Y%2FvuSwcvwXeSqQxsU7K86LOKfdxCpdcBFgVUcKhFv3ODk3oHNvQ4vWQJy7j6oybZVY75ALQpGIvtwkbQnEeSvGQRQ0cuxalAUT8CnksmCfWHn5h%2BQpk1lyiv5fLVA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-meta-height
576
x-goog-stored-content-encoding
identity
expires
Thu, 19 Sep 2024 08:07:25 GMT
x-goog-meta-size
large
cf-polished
degrade=85, origSize=115738, status=vary_header_present
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
115738
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
image/jpeg
last-modified
Wed, 18 Sep 2024 14:56:57 GMT
vary
Origin, Accept-Encoding
x-guploader-uploadid
AD-8lju2tmbsUr6II0AqL8mXuj4UeYT7l5cCXBKkusMs2q3dsbRMdKBnvaXNMkUBYrIv7230qwM
x-goog-meta-child-of
22759435
cache-control
public, max-age=36000, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class
STANDARD
x-goog-meta-width
1024
cf-ray
8c55b58f9e8571b8-FRA
accept-ranges
bytes
x-goog-generation
1726671416981221
content-length
106937
server
cloudflare
gtm.js
www.googletagmanager.com/
237 KB
75 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NJH9PKQS
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d6b67993d242795b1a117958ec3de153a1c341a5951153fc427daa424fe918cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-encoding
br
expires
Thu, 19 Sep 2024 01:12:44 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Thu, 19 Sep 2024 00:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
76136
x-xss-protection
0
server
Google Tag Manager
0c35c619-0589-4617-9377-c28b2254bcf0.json
cookie-cdn.cookiepro.com/consent/0c35c619-0589-4617-9377-c28b2254bcf0/
4 KB
2 KB
XHR
General
Full URL
https://cookie-cdn.cookiepro.com/consent/0c35c619-0589-4617-9377-c28b2254bcf0/0c35c619-0589-4617-9377-c28b2254bcf0.json
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e70a30a44de0883d0af3f98b157a5ebdb7a3327a9c0aee70da61bf6e215b140d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
7AS/YJCN6oJLk1fognxZZw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC20BFBD1AFB46
age
71524
x-ms-lease-status
unlocked
x-ms-version
2009-09-19
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/x-javascript
last-modified
Mon, 29 Jan 2024 11:45:06 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
54512edb-e01e-0066-1838-7d649c000000
cf-ray
8c55b58f9ad8d386-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1664
x-ms-blob-type
BlockBlob
server
cloudflare
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
68 B
306 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9433f83f20500145850d5aabddced402dcfc94e310072e9a3f545df0bdb9f96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json
Referer
https://thenewstack.io/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8c55b58fefc69764-FRA
access-control-allow-origin
*
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
otBannerSdk.js
cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/
429 KB
104 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/otBannerSdk.js
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65012dbad33bb892a9d4eebcebd61daeba685db0d4e49af74bbd1a26dbc7d61c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
/uAp/tjl0E0OrWvE5WYCuw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DE02356D42
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
29914
expires
Fri, 20 Sep 2024 01:12:44 GMT
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/javascript
last-modified
Tue, 16 Jul 2024 21:26:51 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
25c3c436-d01e-0052-0c68-d85754000000
cf-ray
8c55b5901d893605-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
106699
x-ms-blob-type
BlockBlob
server
cloudflare
js
www.googletagmanager.com/gtag/
326 KB
107 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8V0H8ZQDHJ&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJH9PKQS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
25d31c0724fb898f1b6ccf4fe538d474e010175d70d223a516a3666a338688c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
br
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Thu, 19 Sep 2024 01:12:44 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
109448
date
Thu, 19 Sep 2024 01:12:44 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
js
www.googletagmanager.com/gtag/
270 KB
93 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-625249979&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJH9PKQS
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
1e5bfa0c589f03f910b3115d1bc8b3cc7f85ac519d61fc9c7b338ac609fbd884
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-encoding
br
expires
Thu, 19 Sep 2024 01:12:44 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Thu, 19 Sep 2024 00:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
95199
x-xss-protection
0
server
Google Tag Manager
tfa.js
cdn.taboola.com/libtrc/unip/1566243/
71 KB
22 KB
Script
General
Full URL
https://cdn.taboola.com/libtrc/unip/1566243/tfa.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJH9PKQS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
24c76d2715ab45bb398b47f123697c8df5e0a6ea2dd137b6d33dfc106e4b46cb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-encoding
gzip
etag
"2b4a8af264227d29ce5aeda3f48cda99"
x-amz-version-id
729bSI7pnOLtHQQ02zfo1da6q_mxUYvC
age
98
x-cache
HIT
date
Thu, 19 Sep 2024 01:12:44 GMT
last-modified
Sun, 08 Sep 2024 11:06:09 GMT
x-served-by
cache-fra-etou8220052-FRA
x-cache-hits
0
content-type
application/javascript; charset=utf-8
x-amz-id-2
ssY6BKxVwAjtvnYCvzf7RrEZXvaqWj6zbFu/DfKlJF+q0bswWbMGRhEI0tSnOpFXtOSdyJLG0QM=
vary
Accept-Encoding
x-amz-replication-status
COMPLETED
cache-control
private,max-age=14401
x-timer
S1726708365.907905,VS0,VE1
via
1.1 varnish
x-amz-request-id
81QC70014JBE1PGE
accept-ranges
bytes
access-control-allow-origin
*
abp
0
content-length
21882
server
AmazonS3
x-amz-server-side-encryption
AES256
en.json
cookie-cdn.cookiepro.com/consent/0c35c619-0589-4617-9377-c28b2254bcf0/3f26850e-3cf2-4287-8c53-d2efdf3faa81/
116 KB
25 KB
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/consent/0c35c619-0589-4617-9377-c28b2254bcf0/3f26850e-3cf2-4287-8c53-d2efdf3faa81/en.json
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3562bb7e753edc55a99ac82a06b8f46e875c89b014de806d295b42ad52f46752
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
P/+VjLrqopLok5yxlupkMw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC20BFBFF08452
age
65763
x-ms-lease-status
unlocked
x-ms-version
2009-09-19
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/x-javascript
last-modified
Mon, 29 Jan 2024 11:45:11 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
43192eda-901e-0021-365b-750fc7000000
cf-ray
8c55b5905b8dd386-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
25195
x-ms-blob-type
BlockBlob
server
cloudflare
otFloatingRounded.json
cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/assets/
10 KB
3 KB
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/assets/otFloatingRounded.json
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef072b9ae1b3c29f94781c86bcdfdb71c1e06bbc7a2f05bc65dcfa2eefdde02c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
TPt6t2L91voGcyexwRzVwA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DDFB22FD5C
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
22129
expires
Fri, 20 Sep 2024 01:12:44 GMT
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 21:26:39 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
b54a6dfa-e01e-0004-0b72-d8a6bb000000
cf-ray
8c55b5909bd4d386-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
2644
x-ms-blob-type
BlockBlob
server
cloudflare
otPcCenter.json
cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/assets/v2/
62 KB
13 KB
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/assets/v2/otPcCenter.json
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
777b4b4a083fe36afca14edfa9de06db28dacfe106659598d9c88f576428e2d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
dOHFt43DsGfQFfw+9sW+nA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DDFCCD4756
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
65288
expires
Fri, 20 Sep 2024 01:12:44 GMT
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 21:26:42 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
db1d6249-f01e-0018-668a-d8f4db000000
cf-ray
8c55b5909bd7d386-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
12694
x-ms-blob-type
BlockBlob
server
cloudflare
otCookieSettingsButton.json
cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/assets/
5 KB
2 KB
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/assets/otCookieSettingsButton.json
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7429ba59299387d5b2445949464b6b58111c47c8363459c1dfe16a541ff0c397
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
bAy0mwbbFaEmZGzcRWHRpA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DDFC7C4E19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
67519
expires
Fri, 20 Sep 2024 01:12:44 GMT
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 21:26:42 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
da2c96ec-d01e-006d-317d-d89ff7000000
cf-ray
8c55b5909bd8d386-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1766
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/assets/otCommonStyles.css
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
c7xAZ9MSGAobGaTYg/Qtag==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
70808
content-encoding
br
expires
Fri, 20 Sep 2024 01:12:44 GMT
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
text/css
last-modified
Tue, 16 Jul 2024 21:27:01 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
d253588f-201e-0046-3e7e-d81f3b000000
cf-ray
8c55b5909bd9d386-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-8V0H8ZQDHJ&gtm=45je49h0v888108092z89170903202za200zb9170903202&_p=1726708364658&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=508840874.1726708365&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1726708364&sct=1&seg=0&dl=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&ep.user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F129.0.0.0%20Safari%2F537.36&tfd=1268
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8V0H8ZQDHJ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://thenewstack.io
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
text/plain
server
Golfe2
topics_api
psb.taboola.com/
65 B
284 B
Fetch
General
Full URL
https://psb.taboola.com/topics_api
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1566243/tfa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e7112b70eed95d42b178135728e6153e34f07001827870748de87cd7dec3538e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

cache-control
private, max-age=2592000
retry-after
0
x-timer
S1726708365.977753,VS0,VE0
observe-browsing-topics
?1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
65
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
text/html; charset=utf-8
x-served-by
cache-fra-etou8220141-FRA
server
Varnish
x-cache-hits
0
json
trc.taboola.com/1566243/trc/3/
2 KB
2 KB
Script
General
Full URL
https://trc.taboola.com/1566243/trc/3/json?tim=1726708364963&data=%7B%22id%22%3A343%2C%22ii%22%3A%22%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1726708364958%2C%22cv%22%3A%2220240905-22-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F%3F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-andrewthenewstackio%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22cbp%22%3A%22OneTrust%22%2C%22cbpv%22%3A%221%22%2C%22cbcd%22%3A%22%2CC0001%2CH21%2CH103%2CH104%2CH107%2CH88%2CH110%2CH96%2CH43%2CH79%2CH80%2CH87%2CH78%2CH83%2C%22%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1726708364962%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22it%22%3A%22JS_PIXEL%22%2C%22supv%22%3Atrue%7D%2C%22pa%22%3A%7B%22su%22%3Atrue%7D%2C%22psb%22%3Atrue%7D&pubit=i
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1566243/tfa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d5ee2edf0d61d63ab08d5687f04e895dcb51e1c5dab04e49e08e5ad83b1ae6aa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-encoding
gzip
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-log-content-encoding
gzip
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220052-FRA
x-cache-hits
0
vary
Accept-Encoding
x-fastly-to-nlb-rtt
7363
x-timer
S1726708365.977515,VS0,VE21
x-vcl-time-ms
21
access-control-allow-credentials
true
via
1.1 varnish
cpu
0.16075
accept-ranges
bytes
access-control-allow-origin
*
x-service-version
v1
server
nginx
gpt.js
securepubads.g.doubleclick.net/tag/js/
104 KB
31 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
4686962f258f3399bd41fb66b4eb54290491c13dfbd2b40d929f5088bb001edf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-encoding
br
etag
713 / 19985 / m202409130501 / config-hash: 11188666388358424679
x-content-type-options
nosniff
expires
Thu, 19 Sep 2024 01:12:45 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
32057
x-xss-protection
0
server
cafe
api.js
challenges.cloudflare.com/turnstile/v0/b/388c99dd0998/
Redirect Chain
  • https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
  • https://challenges.cloudflare.com/turnstile/v0/b/388c99dd0998/api.js
46 KB
16 KB
Script
General
Full URL
https://challenges.cloudflare.com/turnstile/v0/b/388c99dd0998/api.js
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H3
Server
104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eae5159c56bf66c17e0cb002b25fc2e343f3e009dc2a39a7e230f08b7b8c672

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

cache-control
max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
content-encoding
br
cross-origin-resource-policy
cross-origin
cf-ray
8c55b5918d209bc8-FRA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 11 Sep 2024 15:58:53 GMT
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
location
/turnstile/v0/b/388c99dd0998/api.js
cross-origin-resource-policy
cross-origin
cf-ray
8c55b5916d129bc8-FRA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
date
Thu, 19 Sep 2024 01:12:45 GMT
vary
Accept-Encoding
server
cloudflare
2b95de80-sad-pancake.png
cdn.thenewstack.io/media/2022/09/
2 KB
3 KB
Image
General
Full URL
https://cdn.thenewstack.io/media/2022/09/2b95de80-sad-pancake.png
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.70.57 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
280b8cf69ccbdfe9be2656ff010f1f75e7fa119fb3d45200238159d356c529ec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

x-goog-metageneration
2
x-goog-hash
crc32c=zJyolw==, md5=wUttfBU8IDUl2NMzhFlheA==
cf-cache-status
MISS
etag
"c14b6d7c153c203525d8d33384596178"
x-goog-meta-file-hash
c5ef51ba84f3cb0bc3869a5aecabda6f
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zu%2B98EBYx4FT4v5zC4DlwL%2FfNkE3zrcwyIZ1zM3E7n9Ldbn7KHcDNePwIDRcyAmKCN%2BpfTJ52meXhT45S4ko28Hvlmp6OXHOXvGOn6A4f4JTPMR%2BLuCLB%2BDewRCk%2BVNW13QyUg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding
identity
x-goog-meta-height
44
expires
Thu, 19 Sep 2024 11:12:45 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
2460
date
Thu, 19 Sep 2024 01:12:45 GMT
x-goog-meta-source-id
8248120ea810f3079eab219d1e3c0d2f
content-type
image/png
last-modified
Thu, 08 Sep 2022 02:01:07 GMT
x-goog-meta-object-id
22682968
vary
Origin, Accept-Encoding
x-guploader-uploadid
AD-8ljuBAkJSKFcdydCLaFd-IjLXtlWA8d7wQLuvfG8vZmwqdQx5iJ_Fs__AFOud84uW2WONF4dw0fOQxA
cache-control
public, max-age=36000, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class
STANDARD
x-goog-meta-width
44
cf-ray
8c55b591af6571b8-FRA
accept-ranges
bytes
x-goog-generation
1662602467387604
content-length
2460
server
cloudflare
frontend.min.js
thenewstack.io/wp-content/plugins/link-whisper-premium/js/
5 KB
2 KB
Script
General
Full URL
https://thenewstack.io/wp-content/plugins/link-whisper-premium/js/frontend.min.js?ver=1725421288
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.70.57 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51961b2c0bdbfaa3f8cb21e59d2ae04e029c44edd84d95e8fb4b67ca55e26b8c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/-new/-malware/-program/-targeting/-linux/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"1237-62142f30089b8-gzip"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AbFY7KPmvIihRejrbVFAB1cfpwvWKXOOXAWAAGxO%2Bf%2F59FxE2FKw8h5967hxUpAi3%2F3pvE9sutWu0c2SYN7WS78QZKgBaLqRFM5oJqVAMbSeLELPg0dDyGNp45CzHLAH"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
text/javascript
last-modified
Wed, 04 Sep 2024 03:41:28 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
max-age=120
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8c55b591c9cdd346-FRA
accept-ranges
bytes
content-length
1649
server
cloudflare
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/
19 KB
7 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://thenewstack.io
Referer
https://thenewstack.io/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
8c55b591ed40bba3-FRA
access-control-allow-origin
*
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202409130501/
477 KB
149 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202409130501/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
a2db6f5816e22bc5c271d00a5f39c5bed544219fa9ec6620e9028704c58799a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-encoding
br
etag
15411602477199946532
age
59022
x-content-type-options
nosniff
expires
Thu, 18 Sep 2025 08:49:03 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 18 Sep 2024 08:49:03 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
152107
x-xss-protection
0
server
cafe
m7s7l68is7
www.clarity.ms/tag/
716 B
971 B
Script
General
Full URL
https://www.clarity.ms/tag/m7s7l68is7
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f7b45ed116fef14be46021a4ead28e54c37cf47a41a21e1552fa24724c641616

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

cache-control
no-cache, no-store
request-context
appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
expires
-1
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
716
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
application/x-javascript
x-azure-ref
20240919T011245Z-15f966665cf8bldnnhzm37r1t000000009bg000000000exs
bat.js
bat.bing.com/
49 KB
14 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"016326a20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 1A0006A79AF445AFB485A4966192FE40 Ref B: FRA31EDGE0105 Ref C: 2024-09-19T01:12:45Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14305
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
application/javascript
last-modified
Fri, 06 Sep 2024 21:17:16 GMT
vary
Accept-Encoding
uwt.js
static.ads-twitter.com/
56 KB
15 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

vary
Accept-Encoding,Host
cache-control
no-cache
content-encoding
gzip
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
accept-ranges
bytes
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length
15412
date
Thu, 19 Sep 2024 01:12:45 GMT
x-tw-cdn
FT
last-modified
Fri, 22 Mar 2024 21:07:24 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-iad-kiad7000168-IAD, cache-fra-etou8220082-FRA
x-amz-server-side-encryption
AES256
fbevents.js
connect.facebook.net/en_US/
232 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
de4216f42e5150af4258e5df68952783bdb757229f38769e2e370110d7b63ce1
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
edge-control
cache-maxage=10m
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4411, tp=9, tpl=0, uplat=4, ullat=-1
pragma
public
x-fb-debug
5VFNNhAaUhAxF3bvuItUT57fN5F75wGnuiuuNXKr04sW/rdUn6ct4zu3lKTv3wLay5rkcxsaeLKSCMY9hDtVxA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
60373
x-xss-protection
0
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

cache-control
max-age=29093
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Thu, 19 Sep 2024 01:12:45 GMT
last-modified
Thu, 22 Aug 2024 10:43:55 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
ot_guard_logo.svg
cookie-cdn.cookiepro.com/logos/static/
497 B
552 B
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/logos/static/ot_guard_logo.svg
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
27620
content-encoding
br
expires
Fri, 20 Sep 2024 01:12:45 GMT
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
image/svg+xml
last-modified
Mon, 16 Sep 2024 22:26:39 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
4a46bffc-201e-0069-1336-0912f0000000
cf-ray
8c55b593df4cd386-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_guard_logo.svg
cookie-cdn.cookiepro.com/logos/static/
497 B
0
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/logos/static/ot_guard_logo.svg
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202401.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
27620
content-encoding
br
expires
Fri, 20 Sep 2024 01:12:45 GMT
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
image/svg+xml
last-modified
Mon, 16 Sep 2024 22:26:39 GMT
vary
Accept-Encoding
cache-control
public, max-age=86400
x-ms-request-id
4a46bffc-201e-0069-1336-0912f0000000
cf-ray
8c55b593df4cd386-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/
33 KB
33 KB
Image
General
Full URL
https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
IipuN9Einq/0wIZw6VIt/g==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
imgq:100,h2pri
etag
0x8DCD69EA3359491
x-ms-version
2009-09-19
cf-cache-status
HIT
age
80358
expires
Fri, 20 Sep 2024 01:12:45 GMT
cf-polished
origSize=36419
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
image/png
last-modified
Mon, 16 Sep 2024 22:26:41 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
6767b470-501e-004c-324c-09bb8c000000
cf-ray
8c55b593efb53605-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
33302
x-ms-blob-type
BlockBlob
server
cloudflare
poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-md5
uInNdQwuuw8s7lYl3cE7eQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
73003
content-encoding
br
expires
Fri, 20 Sep 2024 01:12:45 GMT
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
image/svg+xml
last-modified
Mon, 16 Sep 2024 22:26:40 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
065f8356-101e-005d-4b17-092138000000
cf-ray
8c55b593efb63605-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
/
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ahr26/0x4AAAAAAAVLuogHtE3mpzev/auto/fbE/normal/auto/ Frame 36EC
0
0
Document
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ahr26/0x4AAAAAAAVLuogHtE3mpzev/auto/fbE/normal/auto/
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'

Request headers

Referer
https://thenewstack.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8c55b593fc0f37f5-FRA
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
content-type
text/html; charset=UTF-8
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Thu, 19 Sep 2024 01:12:45 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
adsct
t.co/1/i/
0
0

adsct
analytics.twitter.com/1/i/
0
0

attribution_trigger
px.ads.linkedin.com/
2 B
814 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=4664394&time=1726708365438&url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Referer
https://thenewstack.io/

Response headers

x-li-pop
afd-prod-lor1-x
content-encoding
gzip
x-fs-uuid
0006226e9ec296008517cb4f1084d127
x-msedge-ref
Ref A: 19C720114A3B47218DA9BBF38BE262C7 Ref B: DUS30EDGE0417 Ref C: 2024-09-19T01:12:45Z
x-li-fabric
prod-lor1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYibp7ClgCFF8tPEITRJw==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4664394&time=1726708365438&url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4664394&time=1726708365438&url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&e_ipv6=AQJSGYtMzjUkEgAAAZIH1rjY...
0
265 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4664394&time=1726708365438&url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&e_ipv6=AQJSGYtMzjUkEgAAAZIH1rjYrpWWm-rgqh_fCQHzECcyoGwIkXS1BROpwLmhzmLS
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 894861684EEA493BAA55A3AD1D8FDFF8 Ref B: FRAEDGE1611 Ref C: 2024-09-19T01:12:45Z
x-li-fabric
prod-lva1
x-li-uuid
AAYibp7ELJGvZqzdOHW/mw==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Thu, 19 Sep 2024 01:12:44 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4664394&time=1726708365438&url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&e_ipv6=AQJSGYtMzjUkEgAAAZIH1rjYrpWWm-rgqh_fCQHzECcyoGwIkXS1BROpwLmhzmLS
x-msedge-ref
Ref A: 6CEF3F7E12FC4BFB949459556F3D0080 Ref B: FRAEDGE1215 Ref C: 2024-09-19T01:12:45Z
x-li-fabric
prod-lva1
x-li-uuid
AAYibp7B8oztS9CQd2z8WA==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Thu, 19 Sep 2024 01:12:44 GMT
1244424359562950
connect.facebook.net/signals/config/
66 KB
13 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1244424359562950?v=next&r=canary&domain=thenewstack.io&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C43%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C165%2C138%2C28%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
2c390c7e8bb1a81824e1e1c5eac88b3d51c60da815117e7b7cf6fbd11d83e013
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
edge-control
cache-maxage=10m
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=70, mss=1232, tbw=69815, tp=66, tpl=0, uplat=77, ullat=0
pragma
public
x-fb-debug
GlU1xsh8f8IIHil3Vosv6xA+gBe1mUorC7uPTKYr8c1P0cFf6IDCqltGY4adlrlb4ESYF7t7dywguKI1Xo04tg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
343097026.js
bat.bing.com/p/action/
371 B
418 B
Script
General
Full URL
https://bat.bing.com/p/action/343097026.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
01dfa8d42bf35759baf3b91c3ba7a28b83c26ab15eab56b5f0e9b5d3eb1051d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 9D8246DAEBDF4507A59BB855A60629C1 Ref B: FRA31EDGE0105 Ref C: 2024-09-19T01:12:45Z
x-cache
CONFIG_NOCACHE
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
/
www.facebook.com/tr/
0
273 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1244424359562950&ev=PageView&dl=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&rl=&if=false&ts=1726708365548&sw=1600&sh=1200&v=next&r=canary&ec=0&o=12318&fbp=fb.1.1726708365547.537255698843972649&ler=empty&cdl=API_unavailable&it=1726708365449&coo=false&uppt=0.09999990463256836&uvpt=0.09999990463256836&ttf=1212.5999999046326&bdt=30.799999713897705&bdsize=237279&btsize=60373&brbs=0&cdt=87.5&cdsize=67615&ctsize=13209&crbs=0&let=8.599999904632568&rqm=GET
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1297, tbw=2772, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1244424359562950&ev=PageView&dl=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&rl=&if=false&ts=1726708365548&sw=1600&sh=1200&v=next&r=canary&ec=0&o=12318&fbp=fb.1.1726708365547.537255698843972649&ler=empty&cdl=API_unavailable&it=1726708365449&coo=false&uppt=0.09999990463256836&uvpt=0.09999990463256836&ttf=1212.5999999046326&bdt=30.799999713897705&bdsize=237279&btsize=60373&brbs=0&cdt=87.5&cdsize=67615&ctsize=13209&crbs=0&let=8.599999904632568&rqm=FGET
Requested by
Host: thenewstack.io
URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7416155957776452359"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
pgyzraLADqQWhaQJ0CiUOFewMVPCfutSi6BI19MnC4NQxDX1VQ6B27m1m8mQCDDva5jIGJuK9opTk/l6N3dzaw==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7416155957776452359", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=11, rtx=0, c=10, mss=1297, tbw=3089, tp=-1, tpl=-1, uplat=164, ullat=0
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
clarity.js
www.clarity.ms/s/0.7.47/
64 KB
27 KB
Script
General
Full URL
https://www.clarity.ms/s/0.7.47/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/m7s7l68is7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
30adbc7e799238c336b56a1e20db67910f2a114fc3bc6ced6c550b4c873318aa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/

Response headers

x-azure-ref
20240919T011245Z-15f966665cf8bldnnhzm37r1t000000009bg000000000exy
cache-control
public, max-age=86400
x-ms-version
2018-03-28
content-encoding
br
etag
W/"0x8DCD7C9A888BF71"
x-fd-int-roxy-purgeid
51562430
x-ms-request-id
e8c51f66-401e-0078-7fc1-098d23000000
access-control-allow-origin
*
x-cache
TCP_HIT
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
last-modified
Wed, 18 Sep 2024 10:07:09 GMT
/
px.ads.linkedin.com/wa/
0
194 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thenewstack.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: B0D37DEBFDDA47438F064C6E883C36B4 Ref B: FRAEDGE1215 Ref C: 2024-09-19T01:12:45Z
x-li-fabric
prod-lva1
access-control-allow-credentials
true
x-li-uuid
AAYibp7GA0k4qPl0bTzeLw==
x-li-proto
http/2
access-control-allow-origin
https://thenewstack.io
x-cache
CONFIG_NOCACHE
date
Thu, 19 Sep 2024 01:12:44 GMT
vary
Origin
rum
thenewstack.io/cdn-cgi/
0
140 B
XHR
General
Full URL
https://thenewstack.io/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.70.57 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
application/json
Referer
https://thenewstack.io/-new/-malware/-program/-targeting/-linux/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
x-content-type-options
nosniff
cf-ray
8c55b595fe22d346-FRA
access-control-allow-origin
https://thenewstack.io
date
Thu, 19 Sep 2024 01:12:45 GMT
vary
Origin
server
cloudflare
x-frame-options
DENY
collect
s.clarity.ms/
0
278 B
XHR
General
Full URL
https://s.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.47/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://thenewstack.io/

Response headers

Request-Context
appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
Access-Control-Allow-Origin
https://thenewstack.io
Date
Thu, 19 Sep 2024 01:12:46 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
favicon.ico
thenewstack.io/
142 KB
142 KB
Other
General
Full URL
https://thenewstack.io/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.70.57 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
882a54d5b55d22045dbe95592e89bfb0f0969012c0565d5c0224b7ca0ab67af5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/-new/-malware/-program/-targeting/-linux/

Response headers

cache-control
max-age=120
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
etag
W/"23646-6153ab7b9e707"
age
2479
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tJXrW%2Br56%2F1%2Fz3tI%2BfjkF6dvgcacmKZ9PcbFAHMRhj8PhavKX51AXZLtDpN0IbknMf6H5Y%2F7yzSH%2FQU6jsgC3zuA6VcUMT3FcuTv7qvG5ZyGHDG38DLkZf%2BjCjMu%2FhxB"}],"group":"cf-nel","max_age":604800}
cf-ray
8c55b5961e3fd346-FRA
alt-svc
h3=":443"; ma=86400
date
Thu, 19 Sep 2024 01:12:45 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 04 Apr 2024 00:49:54 GMT
vary
Accept-Encoding
server
cloudflare
x-frame-options
SAMEORIGIN
favicon.ico
thenewstack.io/
142 KB
452 B
Other
General
Full URL
https://thenewstack.io/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.70.57 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
882a54d5b55d22045dbe95592e89bfb0f0969012c0565d5c0224b7ca0ab67af5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://thenewstack.io/-new/-malware/-program/-targeting/-linux/

Response headers

cache-control
max-age=120
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
etag
W/"23646-6153ab7b9e707"
age
2479
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GEonasWWVU8EwNfMUG%2B5MnXl0gJpSToYJ9M8jipBocAiMzXJ7ONRhRu8SCbkKGIA%2B%2B3usj6PmI67y3SNgc%2BzbGit5b3jMRb%2BNCB0Di4rYpVeNVmNhvNrbDVpRiaqLGj1"}],"group":"cf-nel","max_age":604800}
cf-ray
8c55b5968ea7d346-FRA
alt-svc
h3=":443"; ma=86400
date
Thu, 19 Sep 2024 01:12:45 GMT
last-modified
Thu, 04 Apr 2024 00:49:54 GMT
vary
Accept-Encoding
server
cloudflare
content-type
image/vnd.microsoft.icon
x-frame-options
SAMEORIGIN
ping
pagead2.googlesyndication.com/pagead/
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202409130501/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://thenewstack.io/

Response headers

unip
trc-events.taboola.com/1566243/log/3/
0
246 B
XHR
General
Full URL
https://trc-events.taboola.com/1566243/log/3/unip?en=pre_d_eng_tb&tos=1556&scd=0&ssd=1&est=1726708364961&ver=36&isls=true&src=i&invt=1500&msa=610&rv=1&tim=1726708366517&vi=1726708364958&ri=0f5442a97635d32ebf6a091bf57bedf7&ref=null&cv=20240905-22-RELEASE&item-url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&cbp=OneTrust&cbpv=1&cbcd=%2CC0001%2CH21%2CH103%2CH104%2CH107%2CH88%2CH110%2CH96%2CH43%2CH79%2CH80%2CH87%2CH78%2CH83%2C&it=JS_PIXEL
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1566243/tfa.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Attribution-Reporting-Eligible
trigger
Referer
https://thenewstack.io/

Response headers

access-control-allow-origin
https://thenewstack.io
cache-control
no-cache
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
date
Thu, 19 Sep 2024 01:12:46 GMT
pragma
no-cache
server
nginx
access-control-allow-credentials
true
unip
trc-events.taboola.com/1566243/log/3/ Frame
0
0
Preflight
General
Full URL
https://trc-events.taboola.com/1566243/log/3/unip?en=pre_d_eng_tb&tos=1556&scd=0&ssd=1&est=1726708364961&ver=36&isls=true&src=i&invt=1500&msa=610&rv=1&tim=1726708366517&vi=1726708364958&ri=0f5442a97635d32ebf6a091bf57bedf7&ref=null&cv=20240905-22-RELEASE&item-url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&cbp=OneTrust&cbpv=1&cbcd=%2CC0001%2CH21%2CH103%2CH104%2CH107%2CH88%2CH110%2CH96%2CH43%2CH79%2CH80%2CH87%2CH78%2CH83%2C&it=JS_PIXEL
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://thenewstack.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-origin
https://thenewstack.io
allow
GET, HEAD, POST, TRACE, OPTIONS
content-length
0
date
Thu, 19 Sep 2024 01:12:46 GMT
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server
nginx
collect
s.clarity.ms/
0
278 B
XHR
General
Full URL
https://s.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.47/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://thenewstack.io/

Response headers

Request-Context
appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
Access-Control-Allow-Origin
https://thenewstack.io
Date
Thu, 19 Sep 2024 01:12:46 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
collect
s.clarity.ms/
0
278 B
XHR
General
Full URL
https://s.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.47/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://thenewstack.io/

Response headers

Request-Context
appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
Access-Control-Allow-Origin
https://thenewstack.io
Date
Thu, 19 Sep 2024 01:12:49 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
unip
trc-events.taboola.com/1566243/log/3/
0
245 B
XHR
General
Full URL
https://trc-events.taboola.com/1566243/log/3/unip?en=pre_d_eng_tb&tos=4557&scd=0&ssd=1&est=1726708364961&ver=36&isls=true&src=i&invt=3000&msa=610&rv=1&tim=1726708369518&vi=1726708364958&ri=0f5442a97635d32ebf6a091bf57bedf7&ref=null&cv=20240905-22-RELEASE&item-url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&cbp=OneTrust&cbpv=1&cbcd=%2CC0001%2CH21%2CH103%2CH104%2CH107%2CH88%2CH110%2CH96%2CH43%2CH79%2CH80%2CH87%2CH78%2CH83%2C&it=JS_PIXEL
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1566243/tfa.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Attribution-Reporting-Eligible
trigger
Referer
https://thenewstack.io/

Response headers

access-control-allow-origin
https://thenewstack.io
cache-control
no-cache
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
date
Thu, 19 Sep 2024 01:12:49 GMT
pragma
no-cache
server
nginx
access-control-allow-credentials
true
unip
trc-events.taboola.com/1566243/log/3/ Frame
0
0
Preflight
General
Full URL
https://trc-events.taboola.com/1566243/log/3/unip?en=pre_d_eng_tb&tos=4557&scd=0&ssd=1&est=1726708364961&ver=36&isls=true&src=i&invt=3000&msa=610&rv=1&tim=1726708369518&vi=1726708364958&ri=0f5442a97635d32ebf6a091bf57bedf7&ref=null&cv=20240905-22-RELEASE&item-url=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&cbp=OneTrust&cbpv=1&cbcd=%2CC0001%2CH21%2CH103%2CH104%2CH107%2CH88%2CH110%2CH96%2CH43%2CH79%2CH80%2CH87%2CH78%2CH83%2C&it=JS_PIXEL
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://thenewstack.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-origin
https://thenewstack.io
allow
GET, HEAD, POST, TRACE, OPTIONS
content-length
0
date
Thu, 19 Sep 2024 01:12:49 GMT
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
t.co
URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=c7c8357c-2d67-43a0-b7cb-e773d4ed3e9b&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b8de0cf0-c12d-44d2-98ec-32464d50e088&tw_document_href=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&tw_iframe_status=0&txn_id=oavhb&type=javascript&version=2.3.30
Domain
analytics.twitter.com
URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=c7c8357c-2d67-43a0-b7cb-e773d4ed3e9b&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b8de0cf0-c12d-44d2-98ec-32464d50e088&tw_document_href=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&tw_iframe_status=0&txn_id=oavhb&type=javascript&version=2.3.30

Verdicts & Comments Add Verdict or Comment

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| OptanonWrapper object| dataLayer string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| google_tag_manager object| google_tag_data object| __tfa_pixel_init object| _tfa object| Optanon object| OneTrust object| googletag function| onYouTubeIframeAPIReady object| gaGlobal object| AdManager function| _typeof object| TFASC object| TRC object| _taboola number| taboola_view_id object| TRCImpl function| __trcError object| EVENT_PROPERTIES_TO_URL_PARAMS_MAP number| INVALID_ACCOUNT_ID object| CONFIGS object| VALIDATION_ERRORS object| EVENTS object| TUP_EVENT_HANDLERS_BY_EVENT_NAME object| TRK_EVENT_TO_ERROR_TYPE_MAP boolean| PUBLISHER_ID_EXISTS string| CALLBACK_PARAMETER_NAME string| LAST_EXTERNAL_REFERRER_URL_PARAM function| $ function| jQuery object| async function| moment object| validator function| Swiper function| PhotoSwipe function| PhotoSwipeLightbox function| truncateString function| stripTags function| injectAds object| wpilFrontend object| ggeac object| google_js_reporting_queue object| google_reactive_ads_global_state function| wpil_link_clicked number| newTabTries function| openLinksInNewTab function| hasParentElements function| makeAjaxCall function| callWithJquery function| callWithVanilla function| getLinkLocation function| clarity object| uetq function| twq function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk object| turnstile object| __cfBeacon function| appendUTM object| tns object| $modalScreen object| $modal object| $sponsorBlock object| $voxpopScreen object| $voxpopModal object| jQuery112408205795660728026 object| search boolean| headerExpandOnScroll function| headerCollapse function| headerExpand function| onloadTurnstileCallback object| regeneratorRuntime object| twttr boolean| _already_called_lintrk function| UET function| UET_init function| UET_push object| ueto_6d66ee3dba object| ORIBILI

10 Cookies

Domain/Path Name / Value
.thenewstack.io/ Name: _ga
Value: GA1.1.508840874.1726708365
.thenewstack.io/ Name: _ga_8V0H8ZQDHJ
Value: GS1.1.1726708364.1.0.1726708364.0.0.0
.thenewstack.io/ Name: _gcl_au
Value: 1.1.1794497255.1726708365
.thenewstack.io/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Thu+Sep+19+2024+03%3A12%3A45+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&consentId=8a4b226d-e738-4fed-b72e-7a6a36a33b80&interactionCount=0&landingPath=https%3A%2F%2Fthenewstack.io%2F-new%2F-malware%2F-program%2F-targeting%2F-linux%2F&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0&hosts=H21%3A1%2CH103%3A1%2CH104%3A1%2CH107%3A1%2CH88%3A1%2CH110%3A1%2CH96%3A1%2CH43%3A1%2CH79%3A1%2CH80%3A1%2CH87%3A1%2CH78%3A1%2CH83%3A1%2CH16%3A0%2CH22%3A0%2CH84%3A0%2CH18%3A0%2CH91%3A0%2CH26%3A0%2CH28%3A0%2CH19%3A0%2CH29%3A0%2CH30%3A0%2CH31%3A0%2CH20%3A0%2CH33%3A0%2CH41%3A0%2CH44%3A0%2CH67%3A0%2CH45%3A0%2CH106%3A0%2CH101%3A0%2CH102%3A0%2CH90%3A0%2CH48%3A0%2CH49%3A0%2CH81%3A0%2CH76%3A0%2CH17%3A0%2CH82%3A0%2CH77%3A0%2CH109%3A0%2CH32%3A0%2CH37%3A0%2CH98%3A0%2CH73%3A0%2CH1%3A0%2CH2%3A0%2CH24%3A0%2CH74%3A0%2CH25%3A0%2CH92%3A0%2CH108%3A0%2CH93%3A0%2CH4%3A0%2CH94%3A0%2CH89%3A0%2CH7%3A0%2CH35%3A0%2CH36%3A0%2CH95%3A0%2CH38%3A0%2CH40%3A0%2CH105%3A0%2CH85%3A0%2CH42%3A0%2CH46%3A0%2CH97%3A0%2CH47%3A0%2CH10%3A0%2CH86%3A0%2CH50%3A0%2CH111%3A0%2CH51%3A0%2CH53%3A0&genVendors=
.thenewstack.io/ Name: _uetsid
Value: 4710ead0762411efaf4e014621e4b63c
.thenewstack.io/ Name: _uetvid
Value: 4710ed00762411ef83d48977b6a708bf
.thenewstack.io/ Name: _fbp
Value: fb.1.1726708365547.537255698843972649
.linkedin.com/ Name: bcookie
Value: "v=2&e479e423-440f-43aa-8ac9-f5266d20791d"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MjY3MDgzNjU7MjswMjGqczHncYe//izbSGJdr3PUItB2t6lSL1bKOVlanCyIVQ==
.linkedin.com/ Name: lidc
Value: "b=VGST03:s=V:r=V:a=V:p=V:g=3304:u=1:x=1:i=1726708365:t=1726794765:v=2:sig=AQGMnNiQF_Mqo3k03m7dlRRa7pXSYaOW"

1 Console Messages

Source Level URL
Text
network error URL: https://thenewstack.io/-new/-malware/-program/-targeting/-linux/
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
bat.bing.com
cdn.taboola.com
cdn.thenewstack.io
challenges.cloudflare.com
connect.facebook.net
cookie-cdn.cookiepro.com
geolocation.onetrust.com
pagead2.googlesyndication.com
psb.taboola.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.clarity.ms
securepubads.g.doubleclick.net
snap.licdn.com
static.ads-twitter.com
static.cloudflareinsights.com
t.co
thenewstack.io
trc-events.taboola.com
trc.taboola.com
www.clarity.ms
www.facebook.com
www.googletagmanager.com
www.thenewstack.io
analytics.twitter.com
t.co
104.18.95.41
13.107.42.14
141.226.228.48
142.250.185.200
142.250.186.130
146.75.120.157
151.101.1.44
151.101.65.44
157.240.0.6
172.67.70.57
2001:4860:4802:32::36
216.58.206.66
23.96.124.68
2606:4700:20::681a:147
2606:4700:4400::6812:2089
2606:4700:4400::ac40:97a6
2606:4700::6810:4f49
2620:1ec:21::14
2620:1ec:29:1::45
2620:1ec:33:1::10
2a00:1450:4001:81d::2008
2a02:26f0:3500:10::210:a99
2a03:2880:f176:181:face:b00c:0:25de
01dfa8d42bf35759baf3b91c3ba7a28b83c26ab15eab56b5f0e9b5d3eb1051d6
1e5bfa0c589f03f910b3115d1bc8b3cc7f85ac519d61fc9c7b338ac609fbd884
24c76d2715ab45bb398b47f123697c8df5e0a6ea2dd137b6d33dfc106e4b46cb
25d31c0724fb898f1b6ccf4fe538d474e010175d70d223a516a3666a338688c9
280b8cf69ccbdfe9be2656ff010f1f75e7fa119fb3d45200238159d356c529ec
2c390c7e8bb1a81824e1e1c5eac88b3d51c60da815117e7b7cf6fbd11d83e013
30adbc7e799238c336b56a1e20db67910f2a114fc3bc6ced6c550b4c873318aa
3562bb7e753edc55a99ac82a06b8f46e875c89b014de806d295b42ad52f46752
411febbb45e7b04997059c3b63dfa1e554d53b4cd25de5723535fdbca7f6bc0e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4686962f258f3399bd41fb66b4eb54290491c13dfbd2b40d929f5088bb001edf
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
51961b2c0bdbfaa3f8cb21e59d2ae04e029c44edd84d95e8fb4b67ca55e26b8c
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
65012dbad33bb892a9d4eebcebd61daeba685db0d4e49af74bbd1a26dbc7d61c
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
7429ba59299387d5b2445949464b6b58111c47c8363459c1dfe16a541ff0c397
777b4b4a083fe36afca14edfa9de06db28dacfe106659598d9c88f576428e2d1
882a54d5b55d22045dbe95592e89bfb0f0969012c0565d5c0224b7ca0ab67af5
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447
8eae5159c56bf66c17e0cb002b25fc2e343f3e009dc2a39a7e230f08b7b8c672
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
927afc1efaefc534b4e042ad8d3fbae83b4e307e4225eafb0357966d6e023878
a2db6f5816e22bc5c271d00a5f39c5bed544219fa9ec6620e9028704c58799a1
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
c8247411090aa02d445c45d4407e4e2f0f6487fd193858227e71609beb88652c
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d5ee2edf0d61d63ab08d5687f04e895dcb51e1c5dab04e49e08e5ad83b1ae6aa
d6b67993d242795b1a117958ec3de153a1c341a5951153fc427daa424fe918cf
de4216f42e5150af4258e5df68952783bdb757229f38769e2e370110d7b63ce1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e70a30a44de0883d0af3f98b157a5ebdb7a3327a9c0aee70da61bf6e215b140d
e7112b70eed95d42b178135728e6153e34f07001827870748de87cd7dec3538e
e9433f83f20500145850d5aabddced402dcfc94e310072e9a3f545df0bdb9f96
ef072b9ae1b3c29f94781c86bcdfdb71c1e06bbc7a2f05bc65dcfa2eefdde02c
f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09
f7b45ed116fef14be46021a4ead28e54c37cf47a41a21e1552fa24724c641616