www.cadosecurity.com Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

8 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 88

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3448890&time=1734594970195&url=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3448890&time=1734594970195&url=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&e_ipv6=AQIWEmX65hu0kAAAAZPd6sLyIJ-WZK9lP_7dBMij7jbUFrgwMMdKXZXn_DAE7vAlVJa_PcBhcTqhz9cK8nfwE7d3vsW9Aw

105 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	404	Primary Request spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Show response www.cadosecurity.com/blog/	54 KB 9 KB	361ms 324ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f9e1217f87d869e99fd1731c2ecd69c687c56bc11c62f22b1885e89c00604a6d Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false alt-svc h3=":443"; ma=86400 cache-control s-maxage=5,max-age=5 cf-cache-status EXPIRED cf-ray 8f45d59c0cdadbb3-FRA content-encoding br content-security-policy upgrade-insecure-requests content-type text/html;charset=utf-8 date Thu, 19 Dec 2024 07:56:09 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2UoWuNZ4O2%2F6VldGRZHzSpgCfq%2BMZlQhwtW9jRTcyBWFQEmHkg%2BscIASPtx%2FrxEaaXWNiLCbqvjf7LZHwNrS91ObF5uiqTP3SEVGXQbnxNEFkD173QUEpTgQE5GPQHlRladrQhMFOWF93cP9%2BhvKpG%2Fz"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfExtPri strict-transport-security max-age=31536000 vary origin, Accept-Encoding x-content-type-options nosniff x-envoy-upstream-service-time 140 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/cms-0-9-td/envoy-proxy-5675bf5846-gh9zl x-evy-trace-virtual-host all x-hs-reason No view mapper found to handle request x-hubspot-correlation-id a643d800-66d9-40b8-9a82-523e69f31f31 x-hubspot-notfound true x-request-id a643d800-66d9-40b8-9a82-523e69f31f31
GET H2	200	all.css pro.fontawesome.com/releases/v5.13.0/css/	170 KB 32 KB	101ms 45ms	Stylesheet text/css	2606:4700:4400::6812:2844 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pro.fontawesome.com/releases/v5.13.0/css/all.css Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0e36d48c48ae338b5cccef7dedc545d736dff75042f4ecf272c7061a4fd92a4b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.cadosecurity.com Referer https://www.cadosecurity.com/ Response headers access-control-max-age 3000 content-encoding gzip cf-cache-status HIT etag W/"e889f00c68ceb105b6680ca5c96b3eae" age 1829402 access-control-allow-methods GET date Thu, 19 Dec 2024 07:56:09 GMT content-type text/css vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding last-modified Mon, 28 Jun 2021 17:09:16 GMT x-amz-id-2 cBBIwIoIWdWkcSGexCgk5l3YiTUq4rkINy5li+Ba3BjAB4iPoDoWZcuoKSzhrS+A91CnkpbjskKywh+CKP3B23KLcEHw+Etf cache-control max-age=31556926 x-amz-request-id NP3VDHEV1PA8BWPP cf-ray 8f45d59e7900693f-FRA access-control-allow-origin * server cloudflare
GET H2	200	styles.min.css 14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/template_assets/156178194464/1728675369609/cado-unified4-srw/css/	308 KB 35 KB	210ms 152ms	Stylesheet text/css	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/template_assets/156178194464/1728675369609/cado-unified4-srw/css/styles.min.css Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 85631ac7bcdf6b849bdd99d1aa1bea99067e4ac640706e6d59edf98b4edae360 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-evy-trace-virtual-host all x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-request-id cb15d079-be43-4698-9d54-1c431df5ce79 content-encoding gzip cf-cache-status HIT etag W/"695c235cffa5d22a9f270ec2e84adf36" age 728055 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id cb15d079-be43-4698-9d54-1c431df5ce79 content-type text/css last-modified Fri, 11 Oct 2024 19:36:12 GMT vary Accept-Encoding x-amz-replication-status PENDING x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net x-evy-trace-served-by-pod iad02/cms-cdn2-td/envoy-proxy-6dc5b9b5cd-cltqb x-envoy-upstream-service-time 182 cf-ray 8f45d59e7fd9d22f-FRA x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD89-C1 x-hs-alternate-content-type text/plain server cloudflare x-amz-meta-created-unix-time-millis 1728675371289 x-amz-server-side-encryption AES256
GET H2	200	module_156175596464_u4m-header.min.css 14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675368615/	21 KB 4 KB	212ms 154ms	Stylesheet text/css	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675368615/module_156175596464_u4m-header.min.css Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a7798dc167b0321ffd040e4f665db503e3037ba907ec059af874dcf4191be06e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-evy-trace-virtual-host all x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-request-id c9fe183e-19fc-469c-853d-c6802e227cab content-encoding gzip cf-cache-status HIT etag W/"4abc61d3bb5e456d1d206de9e853cc24" age 728055 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id c9fe183e-19fc-469c-853d-c6802e227cab content-type text/css last-modified Fri, 11 Oct 2024 19:36:09 GMT vary Accept-Encoding x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net x-evy-trace-served-by-pod iad02/cms-cdn2-td/envoy-proxy-6dc5b9b5cd-tfwpd x-envoy-upstream-service-time 170 cf-ray 8f45d59e7fdad22f-FRA x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD89-C1 x-hs-alternate-content-type text/plain server cloudflare x-amz-meta-created-unix-time-millis 1728675368615 x-amz-server-side-encryption AES256
GET H2	200	module_156174794365_u4m-footer.min.css 14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156174794365/1728675367442/	5 KB 2 KB	211ms 154ms	Stylesheet text/css	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156174794365/1728675367442/module_156174794365_u4m-footer.min.css Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 93f97df970c96fc8220de21b8a903081bef952c3883dd56e298955d8ea8c49e3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-evy-trace-virtual-host all x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-request-id ed4b3170-2518-4654-a52b-084b299d23fb content-encoding gzip cf-cache-status HIT etag W/"7b94171f5ef0680e01626150356cd055" age 18713 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id ed4b3170-2518-4654-a52b-084b299d23fb content-type text/css last-modified Fri, 11 Oct 2024 19:36:08 GMT vary Accept-Encoding x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net x-evy-trace-served-by-pod iad02/cms-cdn2-td/envoy-proxy-6dc5b9b5cd-cltqb x-envoy-upstream-service-time 169 cf-ray 8f45d59e7fdcd22f-FRA x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD89-C1 x-hs-alternate-content-type text/plain server cloudflare x-amz-meta-created-unix-time-millis 1728675367442 x-amz-server-side-encryption AES256
GET H2	200	js Show response www.googletagmanager.com/gtag/	364 KB 122 KB	106ms 41ms	Script application/javascript	2a00:1450:4001:828::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-S0BZ30LS47 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 736a470b234ec7258b2ff2176d7044fe344720b55616ee1627ddb82d56b7a8f6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Thu, 19 Dec 2024 07:56:09 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 124226 x-xss-protection 0 server Google Tag Manager
GET H2	200	footer-logo.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/	3 KB 2 KB	56ms 52ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/footer-logo.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 75b27571ceafa6560289a62df52861afcfd4eb9d78307fa2f25951173ba3edb3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"400bc1ae77f8cc0213af7956c70e759e" age 28487 cache-tag F-156298795658,FD-156298948201,P-14518100,FLS-ALL x-amz-version-id IeitFlB2dlq52o92sK5wF4Yk9QcxEM4R x-cache Miss from cloudfront x-amz-cf-id g1R0JjcA-YlB2JtrB-3Y377BHodkT8dZYSZEE7wL5BoyC2Lqx1ALZA== content-type image/svg+xml last-modified Fri, 09 Feb 2024 16:38:19 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-156298795658,FD-156298948201,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id C3XPXTD17RNEYEQ5 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-156298795658,FD-156298948201,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 VRKvC7ZsaTa5EIxAJgf9QH9kgmYkRhQz5vyYkFf/oJsHXPePIA0COU4+e0CpMW6U+H0wxybHXBBMSeK/ZKr8lM74J9g/mDu+GDfIBOrzdjY= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 56df5811b9d89103539b9b0b5fd9b262.cloudfront.net (CloudFront) cf-ray 8f45d5a01aced22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1707496698739
GET H2	200	Icon-Platform.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	5 KB 3 KB	50ms 47ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Platform.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ac41eb7a5b856d49f9c8845313325be66c4bfd221163e4b492b7c338286845bf Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"0eaa39fb1179edc94d1abd732ef5a61f" age 1632161 cache-tag F-158908370499,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id ip2hSiupg079rNfElCK.QaZ7q9Dcdvw6 x-cache RefreshHit from cloudfront x-amz-cf-id j_wfNsU6VBIxSzo_qtsy31qUjnkPOMSUjaeiw4zot4XAVp6joCMCTQ== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158908370499,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id PDCPE06FK6GJXGZG x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158908370499,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 U18+rohTFh7QHzCJjLn+ft3mbVPMfdq7Rxwp2+/6a61uHtHmSHSBdTqmFU6E/RpeRVXgAuhsa69eYEpMedPusg== timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 dc929648f0c936ae1fcea0675ad0382c.cloudfront.net (CloudFront) cf-ray 8f45d5a01acfd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092659
GET H2	200	Icon-Environments.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	9 KB 3 KB	54ms 51ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Environments.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e35f8ff087c3b5bed43bfab3509d5a93813d5015d9088f7e3fb2d7c195450ae4 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"01e43610f0380ba6fd382b6810bda5f7" age 1667950 cache-tag F-158908415831,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id Kmex14K3m5YINymWb1JSjyfREHrvmz07 x-cache RefreshHit from cloudfront x-amz-cf-id OaG_Qixnoh6SX36csEnpxZKoPXUC26hoxhzC_S0MIuGbNryc62dMwA== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158908415831,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id PDCS22MXNQ7QGT47 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158908415831,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 rrdbbfS1koACqJbT+DL6aYzU9dE0m8LUnjHGBs7vU/9BVKM+aES4PKO/B+hZpjzw38RUlfcDuwM= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 134eef7df83fe066fda8a86e722c33dc.cloudfront.net (CloudFront) cf-ray 8f45d5a01ad1d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092686
GET H2	200	Icon-Integrations.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	5 KB 2 KB	45ms 42ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Integrations.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 83b431b794a9395cb27b2b781106fff5f24653f0a57813212911c5e2fa517d02 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"fb90cdd06dd3fcdc24df99b85b98bc88" age 711107 cache-tag F-158910116173,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id HUiHbwUAuxNlr_KbxqNtaUXRKJmD7f3j x-cache RefreshHit from cloudfront x-amz-cf-id ob4XYpg9t4vZyvUG3G9IDShlCWvSy97xLzpXvW4nhOjjmdrscnurmg== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910116173,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id C60FDQCA4BWJ1R3S x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910116173,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 0AdyGx6jsO0eEaE1lSS1Rc7MALEkHukMTMI8HEwpdzKRsFce+qHKWGRquiEf6Q8jVB6UtlknpFOH0iyc9Y1yfQ== timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 6dcc6937cfa978a65f9d5d75296b24a6.cloudfront.net (CloudFront) cf-ray 8f45d5a01ad2d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092682
GET H2	200	Icon-Cross-Cloud%20Investigations.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	5 KB 3 KB	69ms 66ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Cross-Cloud%20Investigations.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b032cf763e3e7982adca76421524d0f8ddc93b1ff64c96aa8baeb4d19242d7c3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"ab77efa24fbcc948a87d2acf5bb60afd" age 1540171 cache-tag F-158910756427,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id 8_kF1hKnzx189VWn.rkzYtM8kA.rY3MC x-cache RefreshHit from cloudfront x-amz-cf-id iywUS_-Q8Tx3YduZoFZLkGL9oQEYTdxFhdxLTfa1Q8YEcYSvkkvOsA== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910756427,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id MBJ12QKXRQ7F7GVH x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910756427,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 NX96ui9XnuY0Um+PaawvR3JpReFRxV0jnnPnlBt2nHAvW24Xs02dwSSgCfY7natl8nhdP/JIHGk= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 6dcc6937cfa978a65f9d5d75296b24a6.cloudfront.net (CloudFront) cf-ray 8f45d5a02ae7d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092704
GET H2	200	Icon-Container-Investigations.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	7 KB 3 KB	64ms 61ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Container-Investigations.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f6f440cef04de6967acfca12b29f5c95e1d5b863245f8568d201813f6f5c4c4a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"5d09bd0a454e9061de781faf40b91493" age 1725513 cache-tag F-158910600962,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id xoTMmO36YN7vDNZKxmbI8eWL6AwdxElT x-cache RefreshHit from cloudfront x-amz-cf-id EBK7RC9lPSIQ7U1CQHqXZXQmqn_KL00BWnmh3qEgAJxyk5KUL8R11A== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910600962,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id BXAV4P1KXV8RZ4SJ x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910600962,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 0SLK/uH8tHyKgieaIo1ooateXy0qzxnVLAjVkUsSD7z8Ef1RxTtPLOcsJQLr15ubFM9zlNlGhTY= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront) cf-ray 8f45d5a02ae9d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092740
GET H2	200	Icon-Endpoint-Triage.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	10 KB 4 KB	92ms 89ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Endpoint-Triage.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cbdec799787b9ffc82fcb355b28fc38bf804634cb280f2e7f5b048b9b869a26d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"101e39b7d085ca7de93d81596f7c40a0" age 1845572 cache-tag F-162430631742,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id b0Lb4VjtEcKY2AgktbTmqeHbB6NgFS7M x-cache RefreshHit from cloudfront x-amz-cf-id 0rODb0L5GtN-A4pOyqTIjqX_sCs0LaVFP5CKoK4YjUrd4mJt_ByjFg== content-type image/svg+xml last-modified Thu, 28 Mar 2024 13:41:24 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-162430631742,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id EVVX5CW9YYSG987Q x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-162430631742,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 W9mXZmFKyVIxffJgZfh2eK+ncE2mq5s7tx4EXwfb+aPPl7Zo3WreOUKlMcKQq0hpN2NAwAdYFej+XCNz3D2nN9vl6QTzz2D6euFF4V1MKog= x-amz-meta-access-tag public-indexable timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront) cf-ray 8f45d5a02aead22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1711633283487
GET H2	200	Icon-BEC-Compromise.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	6 KB 2 KB	92ms 89ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-BEC-Compromise.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dd3d6deb8e39740eeba36153d322933f8e1a4c29d6b1432a863d7b4a68497687 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"4f84134308d96b4e8c6690f3a07375c2" age 1036339 cache-tag F-162431186303,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id oRF7sWwMrlGjWXHV5TJS1e0O6XpU0C2K x-cache RefreshHit from cloudfront x-amz-cf-id qYBaD6elNTScGMZjKXlnN2w9dVSgivx2qODnjPk75Kpb69sSSCqvmQ== content-type image/svg+xml last-modified Thu, 28 Mar 2024 13:41:16 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-162431186303,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id 030XD3SMADMK0WA1 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-162431186303,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 Ve8tn3DwkKi/GcW3VyKzHymjg/kmjaFIkb0KV6dH+qosPznZhNJYPbNeqIwRrINRd3NH8+eRJ5Q= x-amz-meta-access-tag public-indexable timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 4f2a14569b371893f3851a804b6ae8dc.cloudfront.net (CloudFront) cf-ray 8f45d5a02aebd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1711633275622
GET H2	200	Icon-Incident-Containment.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	3 KB 2 KB	61ms 58ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Incident-Containment.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 00fea8990ea6f50671a381300028e0fb4428d6851e54e9180d69cfe5d4c5ecad Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"c0576e3b9e4bb8c477d1f85bb7e6a202" age 1820246 cache-tag F-158910854217,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id PaC1v0fMaVwNq67YijEsn_9SGzMNCoSa x-cache RefreshHit from cloudfront x-amz-cf-id qTtWEAHBNsL4l5oke1E9EkyabBli27wGOrdNKU_vAqPwNbADN0B3sA== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910854217,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id 3M7FVRW6F73JCX8N x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910854217,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 2vtjTGpRRArgllvjp6M7LxDlrBi2U+dilk8sF4tCU6FjpL0Er95lR6u12h+Qulwqmimjpgc4MrU= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 dc929648f0c936ae1fcea0675ad0382c.cloudfront.net (CloudFront) cf-ray 8f45d5a02aecd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092713
GET H2	200	Icon-Evidence-Preservation.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	9 KB 3 KB	67ms 64ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Evidence-Preservation.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b2fbfa4a756b9d7428291fa36194f2db713a5cd2a0e8242dc53915a1578d32f9 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"c93fdaf7820fe09111626ef79f0e53a9" age 950510 cache-tag F-158910854216,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id PdGF9LpQxle.sxFJ7N3fpd6L9byErz2Y x-cache RefreshHit from cloudfront x-amz-cf-id QeznuZxJ9SapnXolbDMbfK2RdstP70h9MKReUuYIMc8MgAW7qZmHug== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910854216,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id T7AX33DDKYJA0225 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910854216,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 qO8ud0K6w8VVNj7A/7pNeNX2EX99WKyX9UsgiCsmJbqbFB3Xw9+FQPQQFVzoUG546hVImiMcAEo= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront) cf-ray 8f45d5a02aeed22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092687
GET H2	200	Icon-Report.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	2 KB 2 KB	92ms 89ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Report.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5e0ea050eb4c1d08b619be28958d97596caef07ec9908855a04e3d0378c3696d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"4404762544d0990dc6d44a8e72f4bb17" age 1540171 cache-tag F-158908182135,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id 6Xn5sPJfydZc4cHPwsj8xIjhEPdmJ.Eo x-cache Miss from cloudfront x-amz-cf-id 9CmN8E71RrxVvQBXBUd97-IxAFC1Zoa2l5WT9jaFM9LWp7u5o8OapQ== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158908182135,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id WTGD5T109WGQ3RM4 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158908182135,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 qiTlxiQeXWO9ZD+F0kV/MpUYcV6/NHQ07EnwE1cM2GM0StiCDhFM9ka0gJ6WY/uZ3O6IIiKmkhQ= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 4f2a14569b371893f3851a804b6ae8dc.cloudfront.net (CloudFront) cf-ray 8f45d5a02aefd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092699
GET H2	200	Icon-Blog.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	5 KB 2 KB	65ms 63ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Blog.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 974a198793d723425fe7023528fb24da16a52c132b10f81a1510eb6978228bd9 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"4c4ca0a79751b03ca42fef114540257a" age 1828551 cache-tag F-158910600961,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id FEMsnEVBK1nvjz33gRodz8MPzM2rAipI x-cache RefreshHit from cloudfront x-amz-cf-id loBkTOM6DaZyv_8WHTxq3imYyfdiSIVuHtEc04N0TvJyYw8VS1ygag== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910600961,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id NPSJDHZ1DAR1WH9H x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910600961,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 BpIQ2ywLwes5zr+uSWARBZDlwL4uYm+0CF2LPeEu8ihiH6yJQuCPAhTAZwvbPFAv6N2whLFo86Q= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 93efd892a8e99dc59164afbee331cd56.cloudfront.net (CloudFront) cf-ray 8f45d5a02af1d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA56-P7 x-amz-meta-created-unix-time-millis 1709233092652
GET H2	200	Icon-Playbook.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	7 KB 3 KB	60ms 58ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Playbook.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1a2ef4bc0b997dad2c90a8151e6cd98e10a644dbe55c260de97cb77f32ed47f Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"09b77238d7d99462d4b30c81830fdfe6" age 1632159 cache-tag F-158918452369,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id KSyK88USjO7mkANJ9ALVw4yi.DpNK8bV x-cache RefreshHit from cloudfront x-amz-cf-id CcirHI28mMuWV54QjYpdPSL1yjW2un0NdFN4d_ziqiWh2YRJs8lzlg== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158918452369,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id MQCHZTYH4DW2ST2K x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158918452369,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 dabmDoZmSNAC4o7g0WqgZ+8rH1q4Gln5wmXtUVcIKH+062bQx6wYl5K1uNWvESWPmG7xdUDs8eQ= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 21f03f5333352c6494e837ba1b3bb6ce.cloudfront.net (CloudFront) cf-ray 8f45d5a02af2d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092699
GET H2	200	Icon-Cheat-Sheet.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	4 KB 2 KB	59ms 57ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Cheat-Sheet.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 407c14430b0e1ca878f6433f10432fe6ace7860a13bd3094e36a5dc8c9559aee Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"49b54ba10bcc3f242b1556b44356624e" age 1096793 cache-tag F-158910116174,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id vExu6GIEM3YgKsFzqzz1aPxreYERM10J x-cache RefreshHit from cloudfront x-amz-cf-id Up-esoxaX87tkg7N7I6b9Cph5phkOmxp6mwGiaAt_O9PbfMBN9MOtQ== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910116174,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id K0F3129P5SZR1WP4 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910116174,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 vq3v9o//iDL3eejjjwGKd8Bi6uukl+AuKmEaXhl1JXgKkcVUppo9HaSASGjBZjY402F2XxviLMg= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 9ec406dc5379d974fc3d9f41dd497bf0.cloudfront.net (CloudFront) cf-ray 8f45d5a02af3d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092706
GET H2	200	Icon-News.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	2 KB 2 KB	83ms 81ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-News.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 78b9c28611b2f176966e3cb7efb14d6263f16cb5308fc0123a4d5586f487b8a7 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"37ab788753ce603dcf150076eb19dc55" age 1540170 cache-tag F-158908370501,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id PPCfQ6sv3zl3giZXjinnJtchyxxhjbMM x-cache RefreshHit from cloudfront x-amz-cf-id Gf2U0mScLfgfO7d2K6eqX5cQAsWEHjxb6iSbI-gr6yFTtN93SClUQw== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158908370501,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id NYBG6GS6XH294S3B x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158908370501,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 P1DZSmWUFZ0+MYu6i05Xf9q675k9HC6xDiZcXEkd4sBxd0yj9yzn4+WsE5rmbycSiAMLd3/Xeg0= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 69114e4ea0aa4e532a5be63a75c51e2c.cloudfront.net (CloudFront) cf-ray 8f45d5a02af4d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092698
GET H2	200	Icon-Community.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	6 KB 3 KB	83ms 81ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Community.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a8f7b83a000ad96b202dc1856b5bc7e037c42202c4b13fd8513282cb3266bd98 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"da1bfaf5b9a5d5249af65e27ebb919a2" age 1667950 cache-tag F-158908370500,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id VEAX9fWieMYYNhVqWCbomDTge6S9M3q1 x-cache RefreshHit from cloudfront x-amz-cf-id n-jAaNP8zZ1rWOyQBoMbKdMATOdyYOhREqt_H-ySciq-DN3ftWSarA== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158908370500,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id MQCM8WPYY6Y39DFG x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158908370500,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 f3hn5SmOgtG1YkHrOBOSkszN4HUllV1v3bLBtx8zm0p+WZswLzb755R/Hn1Mr2RtQuJW2xPWwJTMGOLSBpZ0pw== timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 a5607d37f6322bee208b762f730550a0.cloudfront.net (CloudFront) cf-ray 8f45d5a02af5d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092693
GET H2	200	Icon-documentation.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	3 KB 2 KB	61ms 59ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-documentation.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 27fb93766c76a5d272e97fc11d3437776f027072100ed7e4ec6502e0d6cde411 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"7c12404a19418a63d35ce3940cc5c9c3" age 1538617 cache-tag F-158910637345,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id 5i0UGbG_NPiYVcAJI1GnjDez4oAC8ij9 x-cache RefreshHit from cloudfront x-amz-cf-id 3hFaTpjdWQKOkF0dWUV7Xfp6tKdzi5Yr8YFqqvxpSTfq4iTzVEtnVA== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910637345,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id NYBYPAGXG83HHFFJ x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910637345,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 2Zw+XBFy+sOoetGyABslNijY/VUwK0T1fw6XWCqDhYXMB2WhW4iXBqTam8zXVYWUyrRSalAHoM0= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 c0db8c417b5a375429fc7f3c54841604.cloudfront.net (CloudFront) cf-ray 8f45d5a02af6d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092700
GET H2	200	White%20Paper%2080x80.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/Other%20Icons/	4 KB 2 KB	60ms 58ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/Other%20Icons/White%20Paper%2080x80.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0d220322b68ad1cf5917c91f69fda406575fddebaa55577a28a208edfceea6b3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"76da894daede31a4588c8d0d045228a3" age 16311 cache-tag F-161751939157,FD-158910846042,P-14518100,FLS-ALL x-amz-version-id YzF8.dH8TryCxEooDRL13q9Zl5E66Kz3 x-cache Miss from cloudfront x-amz-cf-id VWfUq-FuvmrAnlYITUK4juMKP-tFPT9v3EsfexJ6ohVqmoOp62qHMQ== content-type image/svg+xml last-modified Fri, 22 Mar 2024 16:48:22 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-161751939157,FD-158910846042,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id VN15CDS863TNQJJC x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-161751939157,FD-158910846042,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 GvJpRfzdOvInlOi9YBdDeb2BeOpAU9+O4kCHAkiFylFCCoxDWPxE8kbARSMs6EIXkm2F8YSySTQ= x-amz-meta-access-tag public-indexable timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 256cd380c9790a2b71d68709829caa18.cloudfront.net (CloudFront) cf-ray 8f45d5a02af7d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1711126101419
GET H2	200	Icon-About.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	3 KB 2 KB	56ms 55ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-About.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3b0bdefd03a7be29b76622769769ffa627aa3121971ca40d0bba041ab57ed0de Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"1f35994888ad53f8a2ab0751bf27a146" age 1595683 cache-tag F-158910232391,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id PAfbQQ7MEpQ7wL4BqI8.ypLX8Gb7k2PT x-cache RefreshHit from cloudfront x-amz-cf-id p_Yr0Zr67SjvarJm1Vcu5STrddmr8D9Kle2_IB4maPjn9N0Bgy88YQ== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910232391,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id 9TV6MEW0TSTG893E x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910232391,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 Trt9qFPub9r+tvw2GH4GQoetxGGZJaoVzZ3/bcXEblmBSnQqDUECRWAH634H7K7IRquDfPxXE5Y= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 cce339e34372cea758a4181fcf4e7c14.cloudfront.net (CloudFront) cf-ray 8f45d5a02af8d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092712
GET H2	200	Icon-Careers.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	2 KB 2 KB	91ms 89ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Careers.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0af3b1efbf93ea2e374669840b3866368d92207c75e5ee9ba9655b644df7d424 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"d143638e05d4db8c30294cf6b230a488" age 1595683 cache-tag F-158908415830,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id 4sv0XXUML9Km4LzhJGle5huKDqGiKEWk x-cache RefreshHit from cloudfront x-amz-cf-id w9HUfLLTexVEnf3dF_-fnALp9S77DrbUG9lYShBkjkp5iz32bIN9bA== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158908415830,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id T3X8CJQ31Z26SGY8 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158908415830,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 ulVL509z/ze6Gk51cgZP4cnX+Eke5t8JtuaKIKtouEci5BzZ6d2xJ4d1Gp7M4F1mp6TxoBOqDZVdPUr1GqKgJrjhPrATc50SGG+pUX3ilPg= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront) cf-ray 8f45d5a02afad22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092656
GET H2	200	Icon-Incidident-Response%20Preparedness-II.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/	6 KB 2 KB	99ms 98ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/SRW%20-%20General%20Images/Icons/MegaNav/Icon-Incidident-Response%20Preparedness-II.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2d3007e6fac9e8e04426f7763b3f67f21d261737b970dfbeef2902d6447b9671 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"6fe0438a0b40753c149ea118d3905071" age 282790 cache-tag F-158910083642,FD-158918452139,P-14518100,FLS-ALL x-amz-version-id JOBbW4Jlu3_7TAcdFilE12BaiT22X8p_ x-cache RefreshHit from cloudfront x-amz-cf-id UpXsMMihM6SU_4GPW6ZCy4LIK9gQH3ybXBhv1GuIO-ovxLtf5vtYLg== content-type image/svg+xml last-modified Thu, 29 Feb 2024 18:58:13 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-158910083642,FD-158918452139,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id A75JWAZV6QBVHCPB x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-158910083642,FD-158918452139,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 AWgxBsqgAZi1tOWAZCZNOXKEHEshviRrY1NLl6YAlQu9qt8Y81H7W7HOAxP8AJL6jF38+++J3cE= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 444bee00bd8f759506e806be3c13fa6c.cloudfront.net (CloudFront) cf-ray 8f45d5a02afbd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1709233092799
GET H2	200	a51b72aa-daa5-4df8-a061-1902834ccdb0.png no-cache.hubspot.com/cta/default/14518100/	1 KB 2 KB	225ms 165ms	Image image/png	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://no-cache.hubspot.com/cta/default/14518100/a51b72aa-daa5-4df8-a061-1902834ccdb0.png Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 55c43f9fdacec1f0cc9f2ebf763d397115c1fe7a2e2484dae1c6a7eebfde715b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers cf-cache-status DYNAMIC etag "7c95df2b911501b5dcb0b188d85805d4" x-amz-version-id ZKsPlvq5bT6eKKMsbru9nNCgP4LuYb8v report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Fmt2azZoIVvN3VYzO2VrLCg3DKle%2F2T72hKRr4QOQVljTrxroWH2lEyKW2iyc3nO28tCRkXkfRICYqrkvtbej%2FutI5ghKx9zEpNThesWKHE4lzyDB4XAZh03o%2Ba4Bl5Kead2NimzwwgU9fMzF5zo503"}],"group":"cf-nel","max_age":604800} date Thu, 19 Dec 2024 07:56:09 GMT content-type image/png last-modified Thu, 28 Mar 2024 19:24:29 GMT x-amz-id-2 mfQjY/8nUNLM271+ztTAYjqHby3K6Mju6lXz36ZtY18zYieQiIdQwvYL3FBdVPmp9VPY912Q/VM= strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-request-id RJ4T1KB2ZSK6V68N cf-ray 8f45d59e7d98db9f-FRA accept-ranges bytes content-length 1333 server cloudflare x-amz-server-side-encryption AES256
GET H3	200	current.js Show response www.cadosecurity.com/hs/cta/cta/	19 KB 8 KB	55ms 55ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.cadosecurity.com/hs/cta/cta/current.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f6e5a772649ae72f766174a853fb5e403ea5b24f50b604ac2530475af1a8208 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Response headers x-request-id 37b1a8a5-492b-4848-8392-6a0c0d3de119 content-encoding br cf-cache-status HIT etag W/"b0928abe0d4cbd5b3e6717e0b0d3ddeb" age 224 cache-tag staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod x-amz-version-id XkQXV__rLSX9HsSer6izlPk_QOOoa.4F report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JE4Edp7H%2FL1WHsHfS3De89oPAiAi20uIrhaEe%2BGCR%2F5hgtFsZf4%2B5ROqefOPput4g32Md4%2BclUEDZDQwMki5l0Tt7sYBhYbZxDmptTf7x6v2UBXd0iADvTbwh7TW2Zys1YZVU%2Bzhjcxfj1jDJMYrC0J0"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-evy-trace-listener listener_https x-amz-cf-id ucLJLCCa9aNkIsw56bHh9M36lDQRnbmW62VvHWg4cyyoQ-W3YNKaWg== x-hubspot-correlation-id 37b1a8a5-492b-4848-8392-6a0c0d3de119 content-type application/javascript; charset=utf-8 last-modified Wed, 11 Dec 2024 21:00:55 UTC priority u=2,i=?0 server-timing cfExtPri x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-zzrjc x-envoy-upstream-service-time 4 x-hs-target-asset cta-embed-js/static-1.339/bundles/current.js server cloudflare x-evy-trace-virtual-host all x-amz-server-side-encryption AES256 x-hs-cache-status MISS date Thu, 19 Dec 2024 07:56:09 GMT vary accept-encoding strict-transport-security max-age=31536000 nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.339/bundles/current.js&cfRay=8f45d024504d3600-FRA via 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront) cf-ray 8f45d59e1896dbb3-FRA x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD12-P3
GET H3	200	jquery-1.7.1.js Show response www.cadosecurity.com/hs/hsstatic/jquery-libs/static-1.1/jquery/	92 KB 33 KB	40ms 40ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.cadosecurity.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Response headers content-encoding gzip cf-cache-status HIT etag W/"ddb84c1587287b2df08966081ef063bf" age 1138657 x-amz-version-id null report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FaFwWZGXXRVRY5QdtcgYrl4WGndNWmvp0uiW%2FMGrU%2F5kcH%2BjNKZYrnpXfXEq5Ry%2FQ7LQbbPnGNE5cU7fLxHYETq9pHJhxozbIEYSm5iGmNp%2FKUCqu8IW894qWVdVXbRe8%2BLaK%2Bn64cZypsJQrWnROBqC"}],"group":"cf-nel","max_age":604800} expires Fri, 19 Dec 2025 07:56:09 GMT alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id gCZIwj0xNL-cuBT--HPPtNV6zcPYwPtwXI-MUvVSMZ66voIuQAGNeA== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Tue, 25 Nov 2014 17:03:30 GMT vary accept-encoding priority u=2,i=?0 server-timing cfExtPri strict-transport-security max-age=31536000 cache-control public, max-age=31536000 nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} via 1.1 81cb77eb84eee291ebbd90b4c274c1c4.cloudfront.net (CloudFront) cf-ray 8f45d59e793adbb3-FRA x-amz-cf-pop FRA60-P6 server cloudflare
GET H3	200	embed.js Show response www.cadosecurity.com/hs/hsstatic/content-cwv-embed/static-1.1293/	13 KB 5 KB	38ms 37ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.cadosecurity.com/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Response headers content-encoding gzip cf-cache-status HIT etag W/"f667e53d5752ee2e5759f3dfaf20d330" age 1835401 x-amz-version-id AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3t6fpZpph%2BzrimoFYHNf5%2FcLerV7L%2FxP9uyxbXXq7ma6tkjx1UoQgPYVBY%2BvrOK%2BJGFcoK0qqh12bus%2FQTrcHOsf%2BPVCThSJOXj71rZyQhiNdRXwweWnLSixkdgqj5JDx6zV2QptPhTwCli7xfoBoQv2"}],"group":"cf-nel","max_age":604800} expires Fri, 19 Dec 2025 07:56:09 GMT alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id ufijAdh7jZmYDIilVZNlDc-L4WPUtC58cEv67ZqC7FE0XlKOuB3J6g== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Mon, 23 Sep 2024 19:59:06 GMT vary accept-encoding priority u=3,i=?0 server-timing cfExtPri strict-transport-security max-age=31536000 x-amz-replication-status COMPLETED cache-control public, max-age=31536000 nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} via 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront) cf-ray 8f45d5a01c73dbb3-FRA x-amz-cf-pop FRA56-P2 server cloudflare x-amz-server-side-encryption AES256
GET H3	200	main.min.js Show response cdn2.hubspot.net/hub/14518100/hub_generated/template_assets/156174727468/1712250848645/cado-unified4-srw/js/	797 B 2 KB	105ms 68ms	Script application/javascript	2606:4700::6812:573e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/14518100/hub_generated/template_assets/156174727468/1712250848645/cado-unified4-srw/js/main.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:573e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 73d3bb666001119af2712d92dd5091fd4b0ea404d19507fd734f6c604d8326b0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-request-id 51bd0998-3226-41b7-8eb7-655fbc04c0fb content-encoding br cf-cache-status HIT etag W/"ac3480bbc9357d786dddfd629ff2f2ff" age 1639843 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exScOJN6P%2Bad9Op8ufX2Uq1tko4q1NqK2G2WG76lQ5OJ1v7IpAsjOsZP%2FYDIVCls38MJWEJUqUquK8bOBH4QhFm30yAzh6RjB9W%2BPMbQnzNtyUKLoRxBYgmo3sfGZ9ATa2Av%2BrzDLCNOG9NGqeI%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https server-timing cfExtPri x-hubspot-correlation-id 51bd0998-3226-41b7-8eb7-655fbc04c0fb content-type application/javascript; charset=utf-8 last-modified Thu, 04 Apr 2024 17:14:09 GMT priority u=2,i=?0 x-amz-replication-status PENDING x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-evy-trace-served-by-pod iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-8lkkj x-envoy-upstream-service-time 222 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-hs-alternate-content-type text/plain server cloudflare x-evy-trace-virtual-host all x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} timing-allow-origin cdn2.hubspot.net cf-ray 8f45d59f3ff0bba3-FRA access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD89-C1 x-amz-meta-created-unix-time-millis 1712250848824
GET H3	200	project.js Show response www.cadosecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/	1 KB 1 KB	40ms 40ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.cadosecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Response headers content-encoding gzip cf-cache-status HIT etag W/"61ca66de658cab9587e4636894680d5d" age 1752158 x-amz-version-id P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7fVqlJIniPpDM%2FPC6Zub82r3sly1SokGH375ekCLoZrkxV%2FA3GAIeJwqwE3eoKOE8pht55b5eTULH2o8gXgrcfa9VlWom1mJhXyif%2BgWKnJ1i%2B%2F28chpJ7nn%2FRtyoIfcHNHnQ%2FOReDlZEgISmbqSqoT"}],"group":"cf-nel","max_age":604800} expires Fri, 19 Dec 2025 07:56:09 GMT alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id xM6jST1Ie3RtZqFuOuQDP013VkVmH3ZttNygVHAQOgp6ce-TmY0clA== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Tue, 09 Nov 2021 16:12:42 GMT vary accept-encoding priority u=2,i=?0 server-timing cfExtPri strict-transport-security max-age=31536000 x-amz-replication-status COMPLETED cache-control public, max-age=31536000 nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} via 1.1 9eb1733bea847c3a8f4910adebcc8146.cloudfront.net (CloudFront) cf-ray 8f45d59f8b6fdbb3-FRA x-amz-cf-pop FRA56-P8 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	jquery-3.5.1.min.js Show response 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/scripts/	87 KB 32 KB	53ms 42ms	Script text/plain	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/scripts/jquery-3.5.1.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"dc5e7f18c8d36ac1d3d4753a87c98d0a" age 1734964 cache-tag F-41071988237,FD-3074793432,P-302335,FLS-ALL x-amz-version-id k6mVShlsCPL6Bw2.XotbK.6zOwTpniPX x-cache RefreshHit from cloudfront x-amz-cf-id wjlClTUKhWXqU7d8PbR5WhVRn_B1ARNac_gYvNKlJghKE7tEApurWg== content-type text/plain last-modified Thu, 28 Jan 2021 19:36:23 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-41071988237,FD-3074793432,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id 5XBXG0ZQRK1WMT0A x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-41071988237,FD-3074793432,P-302335,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 zhW10ZsqNGRW8LkUjlEvKCResK0EGFc1aX55MuLVAHbLtap2JY86FVBy8nzqPj0vRz/UZ6p64hQ= timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 cce339e34372cea758a4181fcf4e7c14.cloudfront.net (CloudFront) cf-ray 8f45d59fba46d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1611862582133
GET H2	200	hubspot.search.min.js Show response 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/	2 KB 2 KB	38ms 38ms	Script application/javascript	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/hubspot.search.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c9f1175472edef5e7be3e8125c41be38fab67c60d3edd28af1b6c757af63ab61 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-hs-cf-lambda us-east-1.EnforceAclForReads 3 content-encoding br cf-cache-status HIT etag W/"71afe972353ce13c3525c78fc9fa568c" age 1738103 cache-tag F-5858107093,FD-5858107060,P-302335,FLS-ALL x-amz-version-id fetlrSUrbTD9ubDQbm0B0gXX444eAKyS access-control-allow-methods GET x-cache RefreshHit from cloudfront x-amz-cf-id wkeB2sjKdXTtXDCA9_kDnJcgUBV9OprQRUdAVcdzC1TG50PIvuLO8g== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Thu, 19 Mar 2020 15:58:09 GMT vary Accept-Encoding x-amz-id-2 WMe8LbgF4UCsqr8IDvGSCXsDUBDXfIcw1YLgGxE88GhJxdZbQlGnLpZXv9YwkKoct0PcMrgWTToMKLDEdBTNuQ== edge-cache-tag F-5858107093,FD-5858107060,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront) cf-ray 8f45d59fca56d22f-FRA x-amz-request-id PX4WDR8QTHB11H1W x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-amz-meta-cache-tag F-5858107093,FD-5858107060,P-302335,FLS-ALL x-amz-cf-pop FRA56-P7 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	jquery.nb.offscreenMenuToggle.min.js Show response 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/	1 KB 694 B	40ms 39ms	Script application/javascript	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/jquery.nb.offscreenMenuToggle.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8d3df945eaf1645c7e2a2373180e9bd95cc26ef8e085a837aef024dae1348074 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding br cf-cache-status HIT etag W/"cc23767098d49289cee3d3e999a617af" age 1734382 cache-tag F-5869737518,FD-5858107060,P-302335,FLS-ALL x-amz-version-id KkdHhA5iO4Ni6inY61t17A60DMqiAyaW access-control-allow-methods GET x-cache RefreshHit from cloudfront x-amz-cf-id LpcQOOjDd2WIhg96s2rga7zcZFNxE_E3Pn4uUNXDmOpgoSoxvY2Cmw== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Thu, 04 Oct 2018 16:20:00 GMT vary Accept-Encoding x-amz-id-2 00BxB/cu8V5a/hs23J6LHHf6rPrRdN/mEOgKdXi/zby+KENL+UKCtyKaFkA3NXYNW4FFv9sAwpg= edge-cache-tag F-5869737518,FD-5858107060,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 85310f8b6878a9cfaa0218e021ae364e.cloudfront.net (CloudFront) cf-ray 8f45d5a00aa2d22f-FRA x-amz-request-id SE5BRE9JBBDPH5PW x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-amz-meta-cache-tag F-5869737518,FD-5858107060,P-302335,FLS-ALL x-amz-cf-pop FRA56-P7 server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3
GET H2	200	aos3.min.js Show response 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/	13 KB 5 KB	41ms 40ms	Script application/javascript	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/aos3.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dd1f9acf13b12f189da475e0f23c7c505767859ab620aac636964974093c281d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding br cf-cache-status HIT etag W/"aa20b6e0418d20fb86b071e670b2b207" age 201800 cache-tag F-9277021238,FD-5858107060,P-302335,FLS-ALL x-amz-version-id k_IhJKZGVqC3YzQ7q0m7vEPdNq2gxyxc access-control-allow-methods GET x-cache RefreshHit from cloudfront x-amz-cf-id -q4UA-JT7r9md2guFxWO5mxaAPserIWVJAZJ99IHt_dxQbMrDMe1Yg== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Wed, 01 May 2019 21:50:41 GMT vary Accept-Encoding x-amz-id-2 YJ6VuNyNXg9i9r83+bcIs4T2s7IIdqcH+SNcU0qWcHXbJ5lbEKslI28aK/IuzDr62z8aVxw9MP18IylBJdl7clFesFgjZx9E edge-cache-tag F-9277021238,FD-5858107060,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 dc929648f0c936ae1fcea0675ad0382c.cloudfront.net (CloudFront) cf-ray 8f45d5a00aa5d22f-FRA x-amz-request-id ZAXZQFB1WCDKP4RM x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-amz-meta-cache-tag F-9277021238,FD-5858107060,P-302335,FLS-ALL x-amz-cf-pop FRA60-P7 server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3
GET H2	200	lazyload.min.js Show response 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified-assets/	7 KB 3 KB	42ms 38ms	Script text/plain	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified-assets/lazyload.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e6a23e6a3399b52a5576c28b2236b48953949793fc17f2c733d35b084d7a0085 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"b0d8af1a805c07d107bf35782c007bf5" age 1834778 cache-tag F-45425856614,FD-45425602351,P-302335,FLS-ALL x-amz-version-id qzdXDUHiY06lkuk.s3HS4mn9TkOJ6hIo x-cache Miss from cloudfront x-amz-cf-id FMHCvTWlUmDrlPoYzWt1fNZLk50VaGZ0QHqAgwuR1MPumAa1OCGRbw== content-type text/plain last-modified Mon, 19 Apr 2021 14:04:26 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-45425856614,FD-45425602351,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id 1ZV127APF86D8M0K x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-45425856614,FD-45425602351,P-302335,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 RX1gkN6O3+rMqx10zREzuqTnyD82EUdurbELmirDEJaf3cBWga1Xd1dQolUox22TPCVdeHEW/gk= timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 96f7375d4633bdc30f727db82897e3b4.cloudfront.net (CloudFront) cf-ray 8f45d5a01ac6d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1618839039176
GET H2	200	js.cookie.min.js Show response 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/	2 KB 1 KB	58ms 55ms	Script application/javascript	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/js.cookie.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2733c64f5330ed7809768c11e5a7319b7c597de9e7967aeb65da0accfa0a3ca5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding br cf-cache-status HIT etag W/"ac440c53ca8fc308c3146a1a4c08170b" age 1312976 cache-tag F-5858584731,FD-5858107060,P-302335,FLS-ALL x-amz-version-id auZfhc_pHEMBe0hQ4ImHvVwJcWYZz0sp access-control-allow-methods GET x-cache RefreshHit from cloudfront x-amz-cf-id _MrTBrDdlOcOLo2YkjMsVM0laRgIWTJUDDp2ctHGvo3pLFSh20_rTA== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Thu, 07 Jun 2018 12:34:34 GMT vary Accept-Encoding x-amz-id-2 Nj8de71MfPaZ70LgMZLT/aUTfz/YhMih4SM4gFnkix7RKl5LCiBtitMUzNiplHY+8vzfqNIY7hM= edge-cache-tag F-5858584731,FD-5858107060,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront) cf-ray 8f45d5a01ac7d22f-FRA x-amz-request-id MZFQPNJK7FZ3H7TY x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-amz-meta-cache-tag F-5858584731,FD-5858107060,P-302335,FLS-ALL x-amz-cf-pop FRA60-P7 server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3
GET H2	200	hc-sticky.js Show response 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/	11 KB 5 KB	48ms 44ms	Script application/javascript	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/hc-sticky.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e81ec842ce9e89a5d8de9507f870b9e12dde8debab84e7897e97c66348f51d8e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-hs-cf-lambda us-east-1.EnforceAclForReads 3 content-encoding br cf-cache-status HIT etag W/"d1de90f78c73200a034318be55ac7142" age 1817651 cache-tag F-28930413774,P-302335,FLS-ALL x-amz-version-id ei.WqwbNF48r08JRZ2lFb8l6EbhilFLG access-control-allow-methods GET x-cache RefreshHit from cloudfront x-amz-cf-id Y78pwjY3LxZ_yJ-aorWIboCa2LENS7o2bVvDDBg9TzmzRvi1u_4rLA== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Wed, 29 Apr 2020 17:35:50 GMT vary Accept-Encoding x-amz-id-2 8o61oDAmwgdJAJHK7LujWrGjLy7nAbf8r6pcti2HafER3PT154vZAl04siZVVYFkOAgTuYWQVUI= edge-cache-tag F-28930413774,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront) cf-ray 8f45d5a01ac9d22f-FRA x-amz-request-id 95M6651T12D9B17T x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-amz-meta-cache-tag F-28930413774,P-302335,FLS-ALL x-amz-cf-pop FRA60-P7 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	module_156175596464_u4m-header.min.js Show response 14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675367793/	734 B 897 B	97ms 94ms	Script application/javascript	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675367793/module_156175596464_u4m-header.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fae5b4778681683248b32b03a4f5b090d12debfa92545cb3779fa761ed998cad Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-evy-trace-virtual-host all x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-request-id 03eac0ad-8a39-44dd-8ae3-2f786729b29d content-encoding br cf-cache-status HIT etag W/"28e603e07a780bb1bc249a0a928b1225" age 726583 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id 03eac0ad-8a39-44dd-8ae3-2f786729b29d content-type application/javascript; charset=utf-8 last-modified Fri, 11 Oct 2024 19:36:08 GMT vary Accept-Encoding x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net x-evy-trace-served-by-pod iad02/cms-cdn2-td/envoy-proxy-6dc5b9b5cd-tfwpd x-envoy-upstream-service-time 174 cf-ray 8f45d5a01acdd22f-FRA x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD89-C1 x-hs-alternate-content-type text/plain server cloudflare x-amz-meta-created-unix-time-millis 1728675367793 x-amz-server-side-encryption AES256
GET H3	200	14518100.js Show response www.cadosecurity.com/hs/scriptloader/	2 KB 2 KB	197ms 196ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.cadosecurity.com/hs/scriptloader/14518100.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 17ec1aa436da767f1d7dcefbabecb2e05b413b833c1085971e4045d08002ea97 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Response headers access-control-max-age 3600 content-encoding gzip cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZcd6RbjLOy1bfa6EDLKelLZT88xWeTSW9ycSsXIkYM336aA2HkTNpBvHjF2okPxOqkR1E2CCzGRq71KbiYtO2PDETTS7Xz7WnTVbDLgzw8SA2znYv1EzbhJWdy9vzSqc%2FdrBur0zx9%2FVBlAmJsOs8Fo"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff expires Thu, 19 Dec 2024 07:57:39 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id 849f72c6-efe6-4706-a46d-b2d4bd4f24c9 content-type application/javascript;charset=utf-8 last-modified Thu, 19 Dec 2024 07:56:09 GMT vary origin, Accept-Encoding priority u=3,i=?0 strict-transport-security max-age=31536000 content-security-policy upgrade-insecure-requests cache-control public, max-age=90 nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} access-control-allow-credentials true cf-ray 8f45d5a01c76dbb3-FRA accept-ranges bytes access-control-allow-origin https://www.cadosecurity.com content-length 673 server cloudflare
GET H3	200	index.js Show response www.cadosecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/	12 KB 5 KB	41ms 40ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.cadosecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Response headers content-encoding gzip cf-cache-status HIT etag W/"3ef0deda0631561665e95645daf500a2" age 1836284 x-amz-version-id O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QxomCXWtD6aWc2f36A0z0F1A%2BgljlFnAVGg6DGwV8qNx%2BZehanUzyCvAnGB8zipEt7K%2B%2FO45z4Br9QOpA5qackIraFiIfimWR5c7%2B4W0cwsN3H6Qj3IWUeFQFaW1BwjTc3%2BDvGx%2B6OfASK7pt7tmC9wq"}],"group":"cf-nel","max_age":604800} expires Fri, 19 Dec 2025 07:56:09 GMT alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id pLHU5Mgb95F-WmxzYxsbad_vNbz8gH1Bz35y4KU3oN9epXKxOc09WA== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Wed, 21 Aug 2024 20:24:20 GMT vary accept-encoding priority u=3,i=?0 server-timing cfExtPri strict-transport-security max-age=31536000 x-amz-replication-status COMPLETED cache-control public, max-age=31536000 nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} via 1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront) cf-ray 8f45d5a01c77dbb3-FRA x-amz-cf-pop FRA56-P2 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	css2 fonts.googleapis.com/	10 KB 1 KB	95ms 32ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap Requested by Host: 14518100.fs1.hubspotusercontent-na1.net URL: https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/template_assets/156178194464/1728675369609/cado-unified4-srw/css/styles.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash dae65e43ce0ffcb9722f0ac5dc5a774548f0134883a1e046b981aed48b69dfa4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://14518100.fs1.hubspotusercontent-na1.net/ Response headers content-encoding gzip x-content-type-options nosniff expires Thu, 19 Dec 2024 07:56:09 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 19 Dec 2024 07:56:09 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Thu, 19 Dec 2024 07:07:49 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
GET H2	200	hotjar-5172881.js Show response static.hotjar.com/c/	13 KB 6 KB	155ms 76ms	Script application/javascript	18.66.102.51 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-5172881.js?sv=6 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.102.51 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-102-51.fra56.r.cloudfront.net Software / Resource Hash 485361fb59ef26e69360f45a4aaaaf52d343757a8b8a40a6d01f8652deb3c9e3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=60 content-encoding br etag W/b4ddfddbae2ef41f6e48776178e5cafe cross-origin-resource-policy cross-origin x-content-type-options nosniff x-cache-hit 1 via 1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront) access-control-allow-origin * x-cache RefreshHit from cloudfront x-amz-cf-id cQJOao1Yy4rFBP2UWI1i4Uye758WveaHtFmcPLagodK7dsvHlFOQbg== date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding x-amz-cf-pop FRA56-P2
GET H2	200	a51b72aa-daa5-4df8-a061-1902834ccdb0.png no-cache.hubspot.com/cta/default/14518100/	1 KB 2 KB	149ms 148ms	Image image/png	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://no-cache.hubspot.com/cta/default/14518100/a51b72aa-daa5-4df8-a061-1902834ccdb0.png Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 55c43f9fdacec1f0cc9f2ebf763d397115c1fe7a2e2484dae1c6a7eebfde715b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers cf-cache-status DYNAMIC etag "7c95df2b911501b5dcb0b188d85805d4" x-amz-version-id ZKsPlvq5bT6eKKMsbru9nNCgP4LuYb8v report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pzV0zbrTN1XBYFQnwcp%2Fb030uZwia0aeftcSojlD4ev8byj9gqvujsAbVq6S80R1acuiHJc4LUfZBptDo90WQZ4zN3FCdnehuqE0B5n08qVynYrcubv8jHTeSpZWY%2BCHx%2FHSfqXgzTmci8rB0CATM%2BnL"}],"group":"cf-nel","max_age":604800} date Thu, 19 Dec 2024 07:56:09 GMT content-type image/png last-modified Thu, 28 Mar 2024 19:24:29 GMT x-amz-id-2 2a8S6RPXi6Sjo93DiurKtjTVrIxiwqc7eY4DpzTW/g4/xDVqjQMIZo6ggrafX20WGnrwn6a5hek= strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-request-id RJ4NV83DD3S2081Z cf-ray 8f45d5a01feedb9f-FRA accept-ranges bytes content-length 1333 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	nav-arrow.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Icons/	747 B 1 KB	80ms 80ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Icons/nav-arrow.svg Requested by Host: 14518100.fs1.hubspotusercontent-na1.net URL: https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675368615/module_156175596464_u4m-header.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash df0f4d380d3f3768c75d4c7b7c7d4949d79664ab1ba55b6f3863a0f8a40c6eae Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://14518100.fs1.hubspotusercontent-na1.net/hub/14518100/hub_generated/module_assets/156175596464/1728675368615/module_156175596464_u4m-header.min.css Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"a9d8533923bed31d8fcbb3fce76a6abc" age 1723469 cache-tag F-156961486664,FD-156067523339,P-14518100,FLS-ALL x-amz-version-id Qet9.6yn2Y1yAkVO5ZWBhog4NMIJjMLJ x-cache RefreshHit from cloudfront x-amz-cf-id qqbLD3FUe2e7vj-kgaiJs5unuwCoxplld5Y51hjWsEDexN2U0QHQaA== content-type image/svg+xml last-modified Wed, 14 Feb 2024 23:45:30 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-156961486664,FD-156067523339,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id 25HDQP9RHJPBMS0C x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-156961486664,FD-156067523339,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 Kh7cMuuP0QErQdA5lG9O2Z2Mim8OXkSkpy6awogxfHJr45PdmXoQiIz1MidlSMG6fc0muAm1daI= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 d0a36dbd6f5cc87855296f2852cab3ec.cloudfront.net (CloudFront) cf-ray 8f45d5a02afdd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1707954329605
GET H3	200	UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 fonts.gstatic.com/s/inter/v18/	47 KB 47 KB	56ms 24ms	Font font/woff2	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.cadosecurity.com Referer https://fonts.googleapis.com/ Response headers age 594091 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Fri, 12 Dec 2025 10:54:38 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 12 Dec 2024 10:54:38 GMT last-modified Mon, 29 Jul 2024 22:51:01 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 48444 x-xss-protection 0 server sffe
GET H2	200	fa-solid-900.woff2 pro.fontawesome.com/releases/v5.13.0/webfonts/	138 KB 139 KB	36ms 36ms	Font font/woff2	2606:4700:4400::6812:2844 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pro.fontawesome.com/releases/v5.13.0/webfonts/fa-solid-900.woff2 Requested by Host: pro.fontawesome.com URL: https://pro.fontawesome.com/releases/v5.13.0/css/all.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e77c7e1c8f859611d1200ee9a75eadbce02664f28a53b05807233e88deb82f65 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.cadosecurity.com Referer https://pro.fontawesome.com/releases/v5.13.0/css/all.css Response headers access-control-max-age 3000 cf-cache-status HIT etag "16e9dbeb2afd22d5cf0e7eeb2b2879ae" age 38421 access-control-allow-methods GET date Thu, 19 Dec 2024 07:56:09 GMT content-type font/woff2 vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding last-modified Mon, 28 Jun 2021 17:11:03 GMT x-amz-id-2 ixToJ/avbXeXdMwK1c3CimmzpAa/K9/+jLRlJulhj57+X73GulD7JOStWzBxvewoBCMLRyiiO1Y= cache-control max-age=31556926 x-amz-request-id AGCM56QWAX64KTR0 cf-ray 8f45d5a03993693f-FRA accept-ranges bytes access-control-allow-origin * content-length 141600 server cloudflare
GET H2	200	x-icon.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/	1022 B 1 KB	66ms 64ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/x-icon.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1599f3afb38159747321c90effb85d55a081b3ab988a6b88f2cefaf3007cbac5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"c2418937b013bba2437b41b806d24d57" age 151043 cache-tag F-156299542173,FD-156298948201,P-14518100,FLS-ALL x-amz-version-id HKGb0iH35wUTYG7j1b3OTgyudPwsa6sj x-cache RefreshHit from cloudfront x-amz-cf-id o_kE3SqDXtuyfz6VKuMRka_4Ifv7tVD6eviEEZOBp6GLlKGscPCYpQ== content-type image/svg+xml last-modified Fri, 09 Feb 2024 16:40:14 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-156299542173,FD-156298948201,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id VWCF9NSK0D6PRKXG x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-156299542173,FD-156298948201,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 uFjPwHb4lJWs/skP5aYgyW7pl9xtE4E4anh3JY8wlXHXDOxVquc/ZsCbsTwdrgAq16NYCo4CkcI= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront) cf-ray 8f45d5a03b0ad22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1707496813469
GET H2	200	LinkedIn_Logo.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/	2 KB 1 KB	84ms 83ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/LinkedIn_Logo.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d41e5caed51366e3e46b16eaa7ce6a96e7d3eb9e56ca2e0f4c47cf17f4b58c82 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"0ca7223d62f06026168bc0a2750b847e" age 10638 cache-tag F-156299539826,FD-156298948201,P-14518100,FLS-ALL x-amz-version-id qEWZ5S71Pe.alVjN_tZBuOKzYKCdibzB x-cache Miss from cloudfront x-amz-cf-id zChFCxnlYu2RsIiitWW8TPkOxvI5uw2tnWdctvPhnch14oxzwcZg2w== content-type image/svg+xml last-modified Fri, 09 Feb 2024 16:40:21 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-156299539826,FD-156298948201,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id EABAXXGVE3K9DSM0 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-156299539826,FD-156298948201,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 UmYEmpHXyMmvvSVXwKNGS9jAE5jW5tsh+J1Ywej8j5pGqtoNofV5FYEgcHHbLQROaMKiJ8bErJfQO37sLAqXxtb4qUfaocQKcNV0suy+u+U= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 56df5811b9d89103539b9b0b5fd9b262.cloudfront.net (CloudFront) cf-ray 8f45d5a03b0bd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1707496820175
GET H2	200	Amazon_icon.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/	259 KB 146 KB	83ms 81ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/Amazon_icon.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e9dd7f4c167731d38a9e903442c06cefc76d16f5c93625e6b7460c5164845c0e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"1f382e8132f0d34b8427d4f6ddfd999a" age 1723461 cache-tag F-156300364455,FD-156298948201,P-14518100,FLS-ALL x-amz-version-id Mgc0J.c6okUIv9RsrpXFybn16KKplB7d x-cache Miss from cloudfront x-amz-cf-id n8ihInWJ74HFaU0nFRo5kucW7OI6QyWJbkgecH5WkSgnfX5HSFbAmg== content-type image/svg+xml last-modified Fri, 09 Feb 2024 16:40:28 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-156300364455,FD-156298948201,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id AAR55AHCATV9TRFW x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-156300364455,FD-156298948201,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 PlkIR5Jw8mT9d2BaSOX9sCPmNkQn8v3eQ9+IWFqiXmKAEgg3Tt/kM5qX4j+XdgidwLq4ujZhGIM= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront) cf-ray 8f45d5a03b0cd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1707496827626
GET H2	200	github-mark.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/	2 KB 2 KB	51ms 49ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/github-mark.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 93426aa30ced1f240188e241c31e1584fc77d70693fcc35647f3044a26a9a916 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"c2907e9869a8e0fc496dc60a81e177df" age 524183 cache-tag F-156298225985,FD-156298948201,P-14518100,FLS-ALL x-amz-version-id ufBlbRj2re9PszzKjXwBjU72enM2wosS x-cache Miss from cloudfront x-amz-cf-id K24BMsmNe7xHfkiG4ozT0gi9yW3VI5rq4zxbovcUwHJ-m2DOVsyAEA== content-type image/svg+xml last-modified Fri, 09 Feb 2024 16:40:21 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-156298225985,FD-156298948201,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id PJA4F5NFMFDGHS7T x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-156298225985,FD-156298948201,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 zuJduv0U8zOOk6xvlC6r6irGn8aZ+jCcmKEvvA5hDbWun/dZlC3D+S43iwyFU0q17jyOJJjDLEmMUwLObQ0AtQ== timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 dc468f8259c800daf36aec7b41b2dac8.cloudfront.net (CloudFront) cf-ray 8f45d5a03b0ed22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1707496820074
GET H2	200	azure-logo-white-circle-1-600x600.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/	4 MB 3 MB	51ms 50ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/azure-logo-white-circle-1-600x600.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f1c793ceffc96e452c70a2ed457a6ad0e824a919ab78166550f9055603527528 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"30f109734438653292ba927d452bbbd5" age 1828548 cache-tag F-156298782295,FD-156298948201,P-14518100,FLS-ALL x-amz-version-id VnD02ne5sqbAy3nQrcylZH8EK6ed25Cc x-cache Miss from cloudfront x-amz-cf-id 7f7rq9cPrzflaZgsWql45RUIk-DMXR0vr61EIoWZ92MeH6-8VsF9Tg== content-type image/svg+xml last-modified Fri, 09 Feb 2024 16:40:33 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-156298782295,FD-156298948201,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id 9CEDRV82098ER78G x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-156298782295,FD-156298948201,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 qEpsT+MfE9b2T76CgSxpIHh/orPEkCCch8lYgbZh/2VmdwSPUzw31EPWXaYmcunUL3tYf84aYIo= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront) cf-ray 8f45d5a03b0fd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA56-P7 x-amz-meta-created-unix-time-millis 1707496832516
GET H2	200	google-cloud-icon-2048x1646-7admxejz.svg 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/	222 KB 143 KB	76ms 75ms	Image image/svg+xml	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Web%20-%202024/Logos/google-cloud-icon-2048x1646-7admxejz.svg Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a066e8552c97a69b523cbde8c360f93c2861d26d6781a45a8e59f545d5686b82 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT etag W/"27b3b45e1b2855ab28b3d4ec25dd1430" age 1538616 cache-tag F-156294104433,FD-156298948201,P-14518100,FLS-ALL x-amz-version-id TCTvWY9MtVRuyYqEVoiadH83us5c7wH9 x-cache RefreshHit from cloudfront x-amz-cf-id _KmFnEemu7JobiZQHwsvwSPdn5j2BlcvyUEY3H8zQUvhqedExQlgFg== content-type image/svg+xml last-modified Fri, 09 Feb 2024 16:40:21 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-156294104433,FD-156298948201,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id HNQPQ0YASTQ306XQ x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-156294104433,FD-156298948201,P-14518100,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 toDS3DGypI4UzIrWCYWuvYiHf3PI48VUXdmjJiUacefH4GQveh7BUQf1hev4I4rywxtaaMBy2ng= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront) cf-ray 8f45d5a03b10d22f-FRA access-control-allow-origin * x-amz-cf-pop VIE50-P1 x-amz-meta-created-unix-time-millis 1707496820501
GET H3	200	main.min.js cdn2.hubspot.net/hub/14518100/hub_generated/template_assets/156174727468/1712250848645/cado-unified4-srw/js/	797 B 1 KB	46ms 45ms	Other application/javascript	2606:4700::6812:573e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/14518100/hub_generated/template_assets/156174727468/1712250848645/cado-unified4-srw/js/main.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:573e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 73d3bb666001119af2712d92dd5091fd4b0ea404d19507fd734f6c604d8326b0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-request-id 51bd0998-3226-41b7-8eb7-655fbc04c0fb content-encoding br cf-cache-status HIT etag W/"ac3480bbc9357d786dddfd629ff2f2ff" age 1639843 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jDos8G9P31igVMCveWC0NELtlryAeOSERzLGrNDdg1vK5tVjv0McEJDtvFf9N%2FHepcXfVnQdISs8SUn5iw6b28x5DktM%2BSf7VaiR0Av4VAqX7B8vcL%2FDzsMBKZeOQNpe259SvyR65QO76pimrA8%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https server-timing cfExtPri x-hubspot-correlation-id 51bd0998-3226-41b7-8eb7-655fbc04c0fb last-modified Thu, 04 Apr 2024 17:14:09 GMT content-type application/javascript; charset=utf-8 priority u=4,i x-amz-replication-status PENDING x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-evy-trace-served-by-pod iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-8lkkj x-envoy-upstream-service-time 222 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-hs-alternate-content-type text/plain server cloudflare x-evy-trace-virtual-host all x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET x-amz-storage-class INTELLIGENT_TIERING date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} timing-allow-origin cdn2.hubspot.net cf-ray 8f45d5a038a9bba3-FRA access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD89-C1 x-amz-meta-created-unix-time-millis 1712250848824
GET H2	200	jquery-3.5.1.min.js 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/scripts/	87 KB 576 B	71ms 70ms	Other text/plain	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/scripts/jquery-3.5.1.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all content-encoding br cf-cache-status HIT x-amz-version-id k6mVShlsCPL6Bw2.XotbK.6zOwTpniPX age 1734964 cache-tag F-41071988237,FD-3074793432,P-302335,FLS-ALL etag W/"dc5e7f18c8d36ac1d3d4753a87c98d0a" x-cache RefreshHit from cloudfront x-amz-cf-id wjlClTUKhWXqU7d8PbR5WhVRn_B1ARNac_gYvNKlJghKE7tEApurWg== last-modified Thu, 28 Jan 2021 19:36:23 GMT content-type text/plain x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-41071988237,FD-3074793432,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id 5XBXG0ZQRK1WMT0A x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 x-amz-meta-cache-tag F-41071988237,FD-3074793432,P-302335,FLS-ALL x-hs-alternate-content-type text/plain server cloudflare x-hs-cf-lambda us-east-1.EnforceAclForReads 3 x-amz-server-side-encryption AES256 access-control-allow-methods GET date Thu, 19 Dec 2024 07:56:09 GMT vary Accept-Encoding x-amz-id-2 zhW10ZsqNGRW8LkUjlEvKCResK0EGFc1aX55MuLVAHbLtap2JY86FVBy8nzqPj0vRz/UZ6p64hQ= timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 cce339e34372cea758a4181fcf4e7c14.cloudfront.net (CloudFront) cf-ray 8f45d5a03b11d22f-FRA access-control-allow-origin * x-amz-cf-pop FRA60-P7 x-amz-meta-created-unix-time-millis 1611862582133
GET H2	200	hubspot.search.min.js 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/	2 KB 525 B	60ms 60ms	Other application/javascript	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/hubspot.search.min.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c9f1175472edef5e7be3e8125c41be38fab67c60d3edd28af1b6c757af63ab61 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-hs-cf-lambda us-east-1.EnforceAclForReads 3 content-encoding br cf-cache-status HIT x-amz-version-id fetlrSUrbTD9ubDQbm0B0gXX444eAKyS age 1738103 cache-tag F-5858107093,FD-5858107060,P-302335,FLS-ALL etag W/"71afe972353ce13c3525c78fc9fa568c" access-control-allow-methods GET x-cache RefreshHit from cloudfront x-amz-cf-id wkeB2sjKdXTtXDCA9_kDnJcgUBV9OprQRUdAVcdzC1TG50PIvuLO8g== date Thu, 19 Dec 2024 07:56:09 GMT last-modified Thu, 19 Mar 2020 15:58:09 GMT vary Accept-Encoding content-type application/javascript x-amz-id-2 WMe8LbgF4UCsqr8IDvGSCXsDUBDXfIcw1YLgGxE88GhJxdZbQlGnLpZXv9YwkKoct0PcMrgWTToMKLDEdBTNuQ== edge-cache-tag F-5858107093,FD-5858107060,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront) cf-ray 8f45d5a04b25d22f-FRA x-amz-request-id PX4WDR8QTHB11H1W x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-amz-meta-cache-tag F-5858107093,FD-5858107060,P-302335,FLS-ALL x-amz-cf-pop FRA56-P7 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	hc-sticky.js 302335.fs1.hubspotusercontent-na1.net/hubfs/302335/	11 KB 402 B	53ms 48ms	Other application/javascript	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/hc-sticky.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e81ec842ce9e89a5d8de9507f870b9e12dde8debab84e7897e97c66348f51d8e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-hs-cf-lambda us-east-1.EnforceAclForReads 3 content-encoding br cf-cache-status HIT x-amz-version-id ei.WqwbNF48r08JRZ2lFb8l6EbhilFLG age 1817651 cache-tag F-28930413774,P-302335,FLS-ALL etag W/"d1de90f78c73200a034318be55ac7142" access-control-allow-methods GET x-cache RefreshHit from cloudfront x-amz-cf-id Y78pwjY3LxZ_yJ-aorWIboCa2LENS7o2bVvDDBg9TzmzRvi1u_4rLA== date Thu, 19 Dec 2024 07:56:09 GMT last-modified Wed, 29 Apr 2020 17:35:50 GMT vary Accept-Encoding content-type application/javascript x-amz-id-2 8o61oDAmwgdJAJHK7LujWrGjLy7nAbf8r6pcti2HafER3PT154vZAl04siZVVYFkOAgTuYWQVUI= edge-cache-tag F-28930413774,P-302335,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 timing-allow-origin 302335.fs1.hubspotusercontent-na1.net via 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront) cf-ray 8f45d5a07b94d22f-FRA x-amz-request-id 95M6651T12D9B17T x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 access-control-allow-origin * x-amz-meta-cache-tag F-28930413774,P-302335,FLS-ALL x-amz-cf-pop FRA60-P7 server cloudflare x-amz-server-side-encryption AES256
GET H2	204	has-permission-json Show response app.hubspot.com/content-tools-menu/api/v1/tools-menu/	0 402 B	198ms 188ms	XHR text/plain	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=14518100 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options no-sniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-request-id ce832aa4-205e-4a9f-9dbe-8cd98fa48eae cf-cache-status DYNAMIC x-hs-worker-debug-mode false report-to {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]} access-control-allow-methods GET x-content-type-options no-sniff x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id ce832aa4-205e-4a9f-9dbe-8cd98fa48eae vary origin, Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload reporting-endpoints default="https://send.hsbrowserreports.com/csp/reports?cfRay=8f45d5a0c8dfdb9f&resource=unknown" x-evy-trace-route-service-name envoyset-translator cache-control max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-xqtv6 x-envoy-upstream-service-time 3 access-control-allow-credentials true cf-ray 8f45d5a0c8dfdb9f-FRA access-control-allow-origin https://www.cadosecurity.com x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	cta-json Show response cta-service-cms2.hubspot.com/ctas/v2/public/cs/	2 KB 2 KB	153ms 144ms	XHR application/json	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.cadosecurity.com%2F404&pageId=null&pid=14518100&sv=cta-embed-js-static-1.339&rdy=1&cos=1&df=t&pg=a51b72aa-daa5-4df8-a061-1902834ccdb0&pg=a51b72aa-daa5-4df8-a061-1902834ccdb0 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/hs/cta/cta/current.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c8ec0c1c82767447522d4a1a9135a78e540d65a36131d10253224b7aa995d44d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag noindex, follow access-control-max-age 180 x-request-id 2a5447d9-cfde-4689-9e94-53d7d2b859a7 access-control-expose-headers X-Origin-Hublet content-encoding gzip cf-cache-status DYNAMIC x-origin-hublet na1 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hiKwkAUqT%2FwHXdz0yN8gyL1ej8b3eU%2B21F3l3VMksUBULtYExPRL90Bfry9RzFCYDUoqJSywVzwAqsut1zFaFBsiScflzuZhcRHNDxukNpdkckrMSPxdCNDrNdk%2F8peRe9qXLaXpr7dQ5%2BxOJRw%2FusiWxx7aEojgozk%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-methods OPTIONS, GET x-content-type-options nosniff x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id 2a5447d9-cfde-4689-9e94-53d7d2b859a7 content-type application/json;charset=utf-8 vary origin access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6w44x x-envoy-upstream-service-time 24 access-control-allow-credentials true cf-ray 8f45d5a0d8e6db9f-FRA access-control-allow-origin https://www.cadosecurity.com x-evy-trace-route-configuration listener_https/all content-length 904 server cloudflare x-evy-trace-virtual-host all
GET H2	200	modules.60031afbf51fb3e88a5b.js Show response script.hotjar.com/	223 KB 56 KB	78ms 26ms	Script application/javascript	52.222.236.63 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.60031afbf51fb3e88a5b.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-5172881.js?sv=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.222.236.63 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-236-63.fra56.r.cloudfront.net Software / Resource Hash e38338484d969872e570a554c807dab4a79233b82d64a7cb7028fb459123d44a Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag none content-encoding br etag "b4a1a7933e55e780894c3f39b1aca0b4" age 72302 x-content-type-options nosniff x-cache Hit from cloudfront x-amz-cf-id 8VfS5yKAMWeFydUN7Qbf3PK0D-otxsP-o_Uf_aIgfWWsYUu77rih0A== date Wed, 18 Dec 2024 11:51:07 GMT content-type application/javascript; charset=utf-8 last-modified Wed, 18 Dec 2024 11:50:24 GMT vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 cross-origin-resource-policy cross-origin via 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 56408 x-amz-cf-pop FRA56-P4
GET H2	200	banner.js Show response js.hs-banner.com/v2/14518100/	76 KB 28 KB	90ms 33ms	Script text/javascript	2606:4700:4400::6812:28f0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/14518100/banner.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bd2a6252bf6e8bdc668078879ace479db7a570820190e026a771413288dc7047 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-evy-trace-virtual-host all access-control-max-age 604800 x-request-id 7440fef0-11ec-427c-bfc2-bcdaf2014abb access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing content-encoding gzip cf-cache-status HIT etag W/"13ff4274ed4752d2258a098ce1820797" x-amz-version-id x0Ol8f0S3Du9E.jhAISs_79Opdifggq4 age 212 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD expires Thu, 19 Dec 2024 07:57:37 GMT x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id 7440fef0-11ec-427c-bfc2-bcdaf2014abb content-type text/javascript; charset=UTF-8 last-modified Thu, 24 Oct 2024 22:13:37 GMT vary origin, Accept-Encoding x-amz-id-2 iUu49kLxnC7wLS87D8LOu8zj3uVX7MaHt4Y5MJnEw0ccS8YDkRCj46xC30Hdxi2L7gSN9Cyqe9E= access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public timing-allow-origin * x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-ms9ss x-envoy-upstream-service-time 58 access-control-allow-credentials true x-amz-request-id D3HHW9JPDCFVY50D cf-ray 8f45d5a1bec9d253-FRA access-control-allow-origin https://www.cadosecurity.com x-evy-trace-route-configuration listener_https/all server cloudflare x-amz-server-side-encryption AES256
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 4 KB	87ms 32ms	Script application/javascript	2606:4700::6811:df98 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ce5cb61ce6c1995ea83553af1414e45ea50c42d2965778c5b8d0b745999b51f8 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-evy-trace-virtual-host all x-request-id 4e3c3eb2-2208-4d9b-9a1d-1ec5fe7bab42 content-encoding gzip cf-cache-status HIT etag W/"a294478f59f69067d95b547da9510133" x-amz-version-id uhHZacSE.2fHtjnEDB41TJ7GoWAf3Leb cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod age 99 x-content-type-options nosniff x-cache Hit from cloudfront x-hs-cache-status HIT x-amz-cf-id toa5UZIQxNvALPk_FH1fM4FWLmwGIzQmSc5YkkkNxWto-2TF3M13rw== date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id 4e3c3eb2-2208-4d9b-9a1d-1ec5fe7bab42 content-type application/javascript; charset=utf-8 last-modified Wed, 18 Dec 2024 18:43:00 UTC vary accept-encoding x-evy-trace-listener listener_https x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-xqtv6 x-envoy-upstream-service-time 1 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.1020/bundles/pixels-release.js&cfRay=8f415ab6aaa419a9-WAW via 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront) cf-ray 8f45d5a1bf76dca2-FRA x-evy-trace-route-configuration listener_https/all x-hs-target-asset adsscriptloaderstatic/static-1.1020/bundles/pixels-release.js x-amz-cf-pop IAD12-P3 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	collectedforms.js Show response js.hscollectedforms.net/	70 KB 25 KB	92ms 34ms	Script application/javascript	2606:4700::6810:6dfe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hscollectedforms.net/collectedforms.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1764bc84ea6abe91f1634b73a5a6c0ebff400461dfea6a4040bd0c03d86caa8b Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.cadosecurity.com Referer https://www.cadosecurity.com/ Response headers x-request-id 051a82ed-840b-4e91-9764-332508ad27d1 content-encoding gzip cf-cache-status HIT etag W/"ceb8bcb73e5536d8416735a3977d227a" x-amz-version-id 8IiNiFnnn0n9avBP.k8Mr32sZxpD8Dx_ age 216 cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod x-content-type-options nosniff x-cache Hit from cloudfront x-evy-trace-listener listener_https x-amz-cf-id 3xXiW7TLRkoPYpcbhMdIkS_6wdj4jk6jrNfwg5qDrjXw7csC7k3kbw== x-hubspot-correlation-id 051a82ed-840b-4e91-9764-332508ad27d1 content-type application/javascript; charset=utf-8 last-modified Mon, 09 Dec 2024 13:03:17 UTC x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=600, max-age=300 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-2ltgp x-envoy-upstream-service-time 3 x-hs-target-asset collected-forms-embed-js/static-1.1112/bundles/project.js server cloudflare x-evy-trace-virtual-host all x-amz-server-side-encryption AES256 x-hs-cache-status HIT date Thu, 19 Dec 2024 07:56:09 GMT vary accept-encoding content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.1112/bundles/project.js&cfRay=8f45d05bae0bf8a8-FRA via 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront) cf-ray 8f45d5a1bec52c52-FRA access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD12-P3
GET H2	200	web-interactives-embed.js Show response js.hubspot.com/	84 KB 25 KB	124ms 68ms	Script application/javascript	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hubspot.com/web-interactives-embed.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 674d5ab1e2c5a783115e67fabc4805ac2e8a83d48eb6a1ad3535c23a959a1801 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.cadosecurity.com Referer https://www.cadosecurity.com/ Response headers x-request-id bb5af17a-3948-49e4-9297-06611589d344 content-encoding gzip cf-cache-status HIT etag W/"03686003e4860757c17ae65c11ab8ea4" x-amz-version-id _83IngeMtzUuERab6QgcByX86005NyG0 cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4VIVHRImTuzKdl7g4nU%2Fl5hc9D0GKZOGSuevHULrNtT22EMQZYEMkXxNksp9vachlEE5v2%2B9yMz9noaA4b4P4%2FXydybmABEh%2FhfH3mvuKbOHu2vmbquZd0cJeF%2BLir%2F74NYMy2S0mPcfxSL1"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-cache Hit from cloudfront x-evy-trace-listener listener_https x-amz-cf-id KDuGuNxsLfw6L64Kq5QvG_j9995HNtq_BWSO9GBgknUbMVD3BfAPPA== x-hubspot-correlation-id bb5af17a-3948-49e4-9297-06611589d344 content-type application/javascript; charset=utf-8 last-modified Fri, 13 Dec 2024 12:10:35 UTC x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-vd947 x-envoy-upstream-service-time 2 x-hs-target-asset web-interactives-embed/static-2.1996/bundles/project.js server cloudflare x-evy-trace-virtual-host all x-amz-server-side-encryption AES256 x-hs-cache-status HIT date Thu, 19 Dec 2024 07:56:09 GMT vary accept-encoding strict-transport-security max-age=31536000; includeSubDomains; preload nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1996/bundles/project.js&cfRay=8f165ebf694f18d6-WAW via 1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront) cf-ray 8f45d5a1bf6ed356-FRA access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD12-P3
GET H2	200	14518100.js Show response js.hs-analytics.net/analytics/1734594900000/	68 KB 25 KB	269ms 214ms	Script text/javascript	2606:4700::6811:afc9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1734594900000/14518100.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/hs/scriptloader/14518100.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash db8220aa806f038bc79764cf7aacc7d47848381130b9859a8aff8b346ee97126 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-amz-server-side-encryption AES256 x-request-id 754e96d7-940d-43ed-9692-189a0694aa5d content-encoding gzip cf-cache-status MISS etag W/"5ee937e834ce90a916725df4df1e2e95" x-amz-version-id null expires Thu, 19 Dec 2024 08:01:09 GMT x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id 754e96d7-940d-43ed-9692-189a0694aa5d content-type text/javascript last-modified Tue, 22 Oct 2024 20:56:30 GMT vary origin, Accept-Encoding x-amz-id-2 XuYIwVM8988vdJt+BSWNKvJqw+b8muKUb0kL5NgLtpzlI+CT8ZCu6tPOovk5OvOPBSc/7Z5In94iZijpGHCZPg== x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-742j9 x-envoy-upstream-service-time 45 access-control-allow-credentials false x-amz-request-id RJ4J8AHBZDSG8NM6 cf-ray 8f45d5a1bb52d391-FRA x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H3	200	cta-loaded.js Show response www.cadosecurity.com/hs/cta/ctas/v2/public/cs/	0 1 KB	186ms 185ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.cadosecurity.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=14518100&pg=a51b72aa-daa5-4df8-a061-1902834ccdb0&lt=1734594969603&dt=1734594969606&at=1734594969869&an=1 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/hs/cta/cta/current.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Response headers x-robots-tag noindex, follow x-request-id daaaff5c-e9bc-4a4d-8a7a-1227c41c3d86 access-control-expose-headers X-Origin-Hublet cf-cache-status MISS x-origin-hublet na1 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fr5gD06tpYX%2FJTaCFJB%2BKHXfRyKDzg2WUGKrWjazMqAIhKUg%2B0%2B9I7fwmDUj6mFXws%2BWNmmPintGl2PkBfWyOIYFa0ZpXNZE8FrJy1%2F14Y%2B0gMrC2JRIxuKc%2F0HSweYc5DJXhqV39jKOoaujmoKQs61w"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https server-timing cfExtPri date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id daaaff5c-e9bc-4a4d-8a7a-1227c41c3d86 content-type application/javascript;charset=utf-8 last-modified Thu, 19 Dec 2024 07:56:10 GMT vary origin, Accept-Encoding priority u=3,i=?0 strict-transport-security max-age=31536000 content-security-policy upgrade-insecure-requests cache-control max-age=0, no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 2 x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-4rwh7 cf-ray 8f45d5a1bf08dbb3-FRA accept-ranges bytes x-evy-trace-route-configuration listener_https/all content-length 0 server cloudflare x-evy-trace-virtual-host all
GET H3	200	cta-loaded.js Show response www.cadosecurity.com/hs/cta/ctas/v2/public/cs/	0 1 KB	135ms 135ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.cadosecurity.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=14518100&pg=a51b72aa-daa5-4df8-a061-1902834ccdb0&lt=1734594969603&dt=1734594969606&at=1734594969870&an=1 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/hs/cta/cta/current.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Response headers x-robots-tag noindex, follow x-request-id 71eeef51-577e-49e8-99a8-1f43dc419179 access-control-expose-headers X-Origin-Hublet cf-cache-status MISS x-origin-hublet na1 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1mjF3Kvv%2FzLJz5iOIORIEiElaVUmK6q5wIxetYSDCkE3VmmaV7SLQBOl4bZu0MSnptoU%2BEZu8nd0pCnp9ggwuN4l7sOsf30znRQ%2BuTmDlrnYtyxlKYINtz0172TMOyWvnQpQmloX8%2FDTvltmKg6FdMOk"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https server-timing cfExtPri date Thu, 19 Dec 2024 07:56:09 GMT x-hubspot-correlation-id 71eeef51-577e-49e8-99a8-1f43dc419179 content-type application/javascript;charset=utf-8 last-modified Thu, 19 Dec 2024 07:56:09 GMT vary origin, Accept-Encoding priority u=3,i=?0 strict-transport-security max-age=31536000 content-security-policy upgrade-insecure-requests cache-control max-age=0, no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 4 x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-96dtb cf-ray 8f45d5a1bf0bdbb3-FRA accept-ranges bytes x-evy-trace-route-configuration listener_https/all content-length 0 server cloudflare x-evy-trace-virtual-host all
GET H3	200	counters.gif perf.hsforms.com/embed/v3/	35 B 960 B	163ms 129ms	Image image/gif	2606:4700::6812:50cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag none x-request-id 2d36d57d-9b0e-4674-8c20-e4e35b479340 access-control-expose-headers X-Origin-Hublet cf-cache-status MISS x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https server-timing cfExtPri date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id 2d36d57d-9b0e-4674-8c20-e4e35b479340 content-type image/gif vary origin, Accept-Encoding last-modified Thu, 19 Dec 2024 07:56:10 GMT priority u=3,i strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-96dtb x-envoy-upstream-service-time 2 access-control-allow-credentials false cf-ray 8f45d5a1f9b39232-FRA accept-ranges bytes x-evy-trace-route-configuration listener_https/all content-length 35 server cloudflare x-evy-trace-virtual-host all
GET H3	200	counters.gif perf.hsforms.com/embed/v3/	35 B 924 B	170ms 137ms	Image image/gif	2606:4700::6812:50cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag none x-request-id 785edb73-d65b-43fb-bb30-f963cd1a7a5c access-control-expose-headers X-Origin-Hublet cf-cache-status MISS x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https server-timing cfExtPri date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id 785edb73-d65b-43fb-bb30-f963cd1a7a5c content-type image/gif vary origin, Accept-Encoding last-modified Thu, 19 Dec 2024 07:56:10 GMT priority u=3,i strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-rl5ch x-envoy-upstream-service-time 2 access-control-allow-credentials false cf-ray 8f45d5a1f9b79232-FRA accept-ranges bytes x-evy-trace-route-configuration listener_https/all content-length 35 server cloudflare x-evy-trace-virtual-host all
POST H2	200	/ Show response content.hotjar.io/	56 B 171 B	197ms 92ms	XHR application/json	108.128.190.134 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.hotjar.io/?site_id=5172881&gzip=1 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.60031afbf51fb3e88a5b.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.128.190.134 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-108-128-190-134.eu-west-1.compute.amazonaws.com Software / Resource Hash ba7e2063d167019a6a5ce1d95019285782f29b5217f5ef1f2f2837ef0bfd4e25 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain; charset=UTF-8 Referer https://www.cadosecurity.com/ Response headers access-control-max-age 86400 access-control-allow-origin * content-length 56 date Thu, 19 Dec 2024 07:56:10 GMT content-type application/json
OPTIONS H2	200	view js.hs-banner.com/v2/activity/ Frame	0 0	172ms 125ms	Preflight application/octet-stream	2606:4700:4400::6812:28f0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/activity/view Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.cadosecurity.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://www.cadosecurity.com access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing access-control-max-age 604800 cf-cache-status DYNAMIC cf-ray 8f45d5a258ecd2c3-FRA content-length 0 content-type application/octet-stream date Thu, 19 Dec 2024 07:56:10 GMT server cloudflare timing-allow-origin * vary origin x-envoy-upstream-service-time 0 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-2bzl2 x-evy-trace-virtual-host all x-hubspot-correlation-id 3acfdf4c-9e2c-4096-903e-d15a9b622cce x-request-id 3acfdf4c-9e2c-4096-903e-d15a9b622cce
GET H2	200	gtm.js Show response www.googletagmanager.com/	306 KB 108 KB	44ms 44ms	Script application/javascript	2a00:1450:4001:828::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash f01eed8f6b6e6e995b122f35dc9dd6a1a124322306906f12b212a98db212d2db Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],} expires Thu, 19 Dec 2024 07:56:09 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Thu, 19 Dec 2024 06:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 110207 x-xss-protection 0 server Google Tag Manager
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	180 B 1 KB	503ms 446ms	XHR application/json	2606:4700::6812:f16c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=14518100 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:f16c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fe35cc724306eed929c50835738c21cfbf144fdb08d8fc453ea49bf161739e1e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers access-control-max-age 180 content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1w7m6lf5TiQh6nKj2ROtFjIhgbmokzwn9wuvxoGGvpbVPb0LYH7P%2Fj7lGL0CpLpIjnMzutdmvh5pTAHT21YH%2Fbb5B7a0b%2BS1Q0C0ck%2Bwd7UHeinlxAOmGL08VtRF5tn7eTHMCGDVuyeTeh8J"}],"group":"cf-nel","max_age":604800} access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-content-type-options nosniff date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id 2628481d-613b-4b06-a718-72d74515f7a8 content-type application/json;charset=utf-8 vary origin, Accept-Encoding access-control-allow-headers * strict-transport-security max-age=31536000; includeSubDomains; preload nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} access-control-allow-credentials false cf-ray 8f45d5a26a57904c-FRA access-control-allow-origin https://www.cadosecurity.com server cloudflare
GET H2	200	cf-location Show response js.hs-banner.com/v2/	2 B 349 B	78ms 30ms	Fetch text/plain	2606:4700:4400::6812:28f0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/cf-location Requested by Host: js.hs-banner.com URL: https://js.hs-banner.com/v2/14518100/banner.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers cache-control private, max-age=1500 cf-ray 8f45d5a258e7d2c3-FRA access-control-allow-origin * content-length 2 date Thu, 19 Dec 2024 07:56:09 GMT content-type text/plain;charset=UTF-8 vary Accept-Encoding server cloudflare
GET H2	200	css2 fonts.googleapis.com/	2 KB 552 B	32ms 31ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap Requested by Host: js.hs-banner.com URL: https://js.hs-banner.com/v2/14518100/banner.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ce1eade43de61291fb7e1708bdbe373f955aa88e54e9c894fa6ab1ed455ab1b5 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding gzip x-content-type-options nosniff expires Thu, 19 Dec 2024 07:56:09 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 19 Dec 2024 07:56:09 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Thu, 19 Dec 2024 07:56:09 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
POST H2	204	view js.hs-banner.com/v2/activity/	0 0	149ms 148ms	Fetch	2606:4700:4400::6812:28f0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/activity/view Requested by Host: js.hs-banner.com URL: https://js.hs-banner.com/v2/14518100/banner.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type application/json Referer https://www.cadosecurity.com/ Response headers access-control-max-age 604800 x-request-id 34ac5cd6-583c-4566-8310-7c534b5117f5 access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cf-cache-status DYNAMIC x-content-type-options nosniff access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-evy-trace-listener listener_http, listener_https date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id 34ac5cd6-583c-4566-8310-7c534b5117f5 vary origin access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id x-evy-trace-route-service-name envoyset-translator, envoyset-translator x-evy-trace-served-by-pod iad02/private-hubapi-td/envoy-proxy-5f9df65f7b-8vjjs, iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-vkszw timing-allow-origin * x-envoy-upstream-service-time 23 access-control-allow-credentials true cf-ray 8f45d5a31a37d2c3-FRA access-control-allow-origin https://www.cadosecurity.com x-evy-trace-route-configuration listener_http/all, listener_https/all server cloudflare x-evy-trace-virtual-host all, all
GET H2	200	json Show response forms.hscollectedforms.net/collected-forms/v1/config/	135 B 700 B	314ms 305ms	XHR application/json	2606:4700::6810:6dfe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=14518100&utk= Requested by Host: js.hscollectedforms.net URL: https://js.hscollectedforms.net/collectedforms.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 21dc41f54155e059e729987b3d5863f56b54ec1c5d0eefaca16c39ed1f871b81 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept application/json, text/plain, */* Referer https://www.cadosecurity.com/ Response headers x-robots-tag none access-control-max-age 180 x-request-id 6015add1-48ad-4658-a93a-41ae8b00d161 content-encoding br cf-cache-status DYNAMIC access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-content-type-options nosniff x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id 6015add1-48ad-4658-a93a-41ae8b00d161 content-type application/json;charset=utf-8 vary Accept-Encoding access-control-allow-headers * x-evy-trace-route-service-name envoyset-translator cache-control max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-2w2nl x-envoy-upstream-service-time 10 cf-ray 8f45d5a23efc2c52-FRA access-control-allow-origin https://www.cadosecurity.com x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	combinedConfigs Show response cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/	61 B 1 KB	131ms 130ms	Fetch application/json	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=14518100&currentUrl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&contentId=null Requested by Host: js.hubspot.com URL: https://js.hubspot.com/web-interactives-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag noindex, follow access-control-max-age 180 x-request-id d5477789-53ac-4614-a9e4-6c4ceaf0717d content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JKWLRQvAT11Wi6SXzYy7AmkkLr0lL%2Fs6sgr1soVaNmp5w31goHaoZuAd82yQ6vciQnHEDP2D74Rv3l%2BeiaXcXOjOcgu0tdZ0dDC6qYag1TtmBaSFJ0A%2BRp5f%2B2ZiPGwGMaeFrtWezjQ%2F1DwYDvP8RdoDTxtbpQWK6Jg%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff access-control-allow-methods OPTIONS, GET x-evy-trace-listener listener_https date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id d5477789-53ac-4614-a9e4-6c4ceaf0717d content-type application/json;charset=utf-8 vary origin access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-tw288 x-envoy-upstream-service-time 9 access-control-allow-credentials true cf-ray 8f45d5a2388cd356-FRA access-control-allow-origin https://www.cadosecurity.com x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H3	200	S6uyw4BMUTPHjx4wXg.woff2 fonts.gstatic.com/s/lato/v24/	23 KB 23 KB	23ms 23ms	Font font/woff2	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.cadosecurity.com Referer https://fonts.googleapis.com/ Response headers age 59372 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Thu, 18 Dec 2025 15:26:37 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:26:37 GMT last-modified Tue, 02 May 2023 15:17:22 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 23580 x-xss-protection 0 server sffe
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	19 KB 8 KB	124ms 37ms	Script application/javascript	2a02:26f0:3100::1735:2850 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2850 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash 6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers vary Accept-Encoding cache-control max-age=12785 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 7404 date Thu, 19 Dec 2024 07:56:10 GMT last-modified Wed, 18 Dec 2024 09:08:52 GMT content-type application/javascript;charset=utf-8 x-edgeconnect-midmile-rtt 0, 0 x-edgeconnect-origin-mex-latency 470, 470 x-amz-server-side-encryption AES256
GET H3	200	destination Show response www.googletagmanager.com/gtag/	249 KB 89 KB	44ms 44ms	Script application/javascript	2a00:1450:4001:828::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-319182849&l=dataLayer&cx=c&gtm=45He4cc1v851948587za200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 3faecb0887f758772df70d0f76690bf2b89707ff2e2183d7d0125fbb63d15d7b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],} expires Thu, 19 Dec 2024 07:56:10 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 19 Dec 2024 07:56:10 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Thu, 19 Dec 2024 06:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 91467 x-xss-protection 0 server Google Tag Manager
GET H2	200	bat.js Show response bat.bing.com/	50 KB 15 KB	176ms 49ms	Script application/javascript	2620:1ec:33:2::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 content-encoding gzip etag "028e0691d20db1:0" accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 320147EB691A4B0AB1BF127D25FBE7DE Ref B: LON212050706049 Ref C: 2024-12-19T07:56:10Z accept-ranges bytes x-cache CONFIG_NOCACHE content-length 14570 date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript last-modified Wed, 16 Oct 2024 22:47:44 GMT vary Accept-Encoding
GET H3	200	fbevents.js Show response connect.facebook.net/en_US/	239 KB 61 KB	54ms 23ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 24751cbae618f6fbeb532498fd1ceeda5350f30085086cd5426961a2695e3d9f Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-nD4VBWhg' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding gzip report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} x-content-type-options nosniff expires Sat, 01 Jan 2000 00:00:00 GMT alt-svc h3=":443"; ma=86400 date Thu, 19 Dec 2024 07:56:10 GMT content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" priority u=3,i x-frame-options DENY strict-transport-security max-age=31536000; preload; includeSubDomains reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-nD4VBWhg' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; cache-control public, max-age=1200 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups x-fb-connection-quality EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=4521, tp=9, tpl=0, uplat=0, ullat=-1 pragma public x-fb-debug heACgBljTjK3GzfBm0X0Ocj1zBfkKLJP3HuNZij+v7vP1bCbRzHUig25+vh5wCLPoFsrDPdihI9obvCOo8Gq1w== cross-origin-resource-policy cross-origin permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" document-policy force-load-at-top content-length 62282 x-xss-protection 0 origin-agent-cluster ?1
GET H3	200	counters.gif perf-na1.hsforms.com/embed/v3/	35 B 611 B	174ms 165ms	Image image/gif	2606:4700::6812:50cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag none x-request-id 94e38993-6c50-467c-a07c-20bdaa1873e6 access-control-expose-headers X-Origin-Hublet cf-cache-status MISS x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https server-timing cfExtPri date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id 94e38993-6c50-467c-a07c-20bdaa1873e6 content-type image/gif vary origin, Accept-Encoding last-modified Thu, 19 Dec 2024 07:56:10 GMT priority u=3,i strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-lnptw x-envoy-upstream-service-time 2 access-control-allow-credentials false cf-ray 8f45d5a31a409232-FRA accept-ranges bytes x-evy-trace-route-configuration listener_https/all content-length 35 server cloudflare x-evy-trace-virtual-host all
GET H3	200	265094585475702 Show response connect.facebook.net/signals/config/	69 KB 14 KB	105ms 105ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/265094585475702?v=2.9.179&r=stable&domain=www.cadosecurity.com&hme=b8122d5d96cd6f542162ba4f497489972d1ebe228d24c39d34f560e30ae932ce&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 0a73a4885b5bb4b7df0428b8bd59061b88f3cdb1823cefddd3c6a80bef0ea7cd Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-U56mGYAo' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding gzip report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} x-content-type-options nosniff expires Sat, 01 Jan 2000 00:00:00 GMT alt-svc h3=":443"; ma=86400 date Thu, 19 Dec 2024 07:56:10 GMT content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" priority u=3,i x-frame-options DENY strict-transport-security max-age=31536000; preload; includeSubDomains reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-U56mGYAo' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; cache-control public, max-age=1200 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups x-fb-connection-quality EXCELLENT; q=0.9, rtt=21, rtx=0, c=77, mss=1232, tbw=71303, tp=67, tpl=0, uplat=82, ullat=0 pragma public x-fb-debug zdDgw8ls4tolJcbDQ6ajetSvRWesWHxuLiPAcojHaKw0nKKBSikSOzNlf9ukEtDF1/i9cfSSy9g71w2kbqeWaA== cross-origin-resource-policy cross-origin permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" document-policy force-load-at-top x-xss-protection 0 origin-agent-cluster ?1
GET H2	200	insight.old.min.js Show response snap.licdn.com/li.lms-analytics/	40 KB 14 KB	36ms 36ms	Script application/javascript	2a02:26f0:3100::1735:2850 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.old.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2850 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash 8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers cache-control max-age=16228 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 14628 date Thu, 19 Dec 2024 07:56:10 GMT last-modified Mon, 02 Dec 2024 10:13:56 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding x-amz-server-side-encryption AES256
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 814 B	197ms 128ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=3448890&time=1734594970195&url=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept * Referer https://www.cadosecurity.com/ Response headers x-li-pop afd-prod-lva1-x content-encoding gzip x-fs-uuid 0006299add090564f1c8765109ac497e x-msedge-ref Ref A: 81A19E39A45445F3A79423F88FA5F11D Ref B: FRAEDGE1621 Ref C: 2024-12-19T07:56:10Z x-li-fabric prod-lva1 x-restli-protocol-version 1.0.0 access-control-allow-methods GET, OPTIONS x-li-uuid AAYpmt0JBWTxyHZRCaxJfg== x-li-proto http/2 access-control-allow-origin * x-cache CONFIG_NOCACHE date Thu, 19 Dec 2024 07:56:10 GMT content-type application/json access-control-allow-headers *
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3448890&time=1734594970195&url=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3448890&time=1734594970195&url=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoo...	0 266 B	281ms 185ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3448890&time=1734594970195&url=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&e_ipv6=AQIWEmX65hu0kAAAAZPd6sLyIJ-WZK9lP_7dBMij7jbUFrgwMMdKXZXn_DAE7vAlVJa_PcBhcTqhz9cK8nfwE7d3vsW9Aw Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers linkedin-action 1 x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 80EEFAB44561429199778995CF6BF8A7 Ref B: DUS30EDGE0918 Ref C: 2024-12-19T07:56:10Z x-li-fabric prod-ltx1 x-li-uuid AAYpmt0NpyzQS/a73Mau9w== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Thu, 19 Dec 2024 07:56:10 GMT content-type application/javascript Redirect headers linkedin-action 1 x-li-pop afd-prod-ltx1-x location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3448890&time=1734594970195&url=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&e_ipv6=AQIWEmX65hu0kAAAAZPd6sLyIJ-WZK9lP_7dBMij7jbUFrgwMMdKXZXn_DAE7vAlVJa_PcBhcTqhz9cK8nfwE7d3vsW9Aw x-msedge-ref Ref A: 5171E7911A234B94B46438055343914E Ref B: DUS30EDGE0907 Ref C: 2024-12-19T07:56:10Z x-li-fabric prod-ltx1 x-li-uuid AAYpmt0JaX+c0s2b5vU6dw== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Thu, 19 Dec 2024 07:56:10 GMT
GET H2	200	137007554.js Show response bat.bing.com/p/action/	363 B 414 B	48ms 48ms	Script application/javascript	2620:1ec:33:2::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/137007554.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash a1fec7acc9e28feaa2280cd08d30cab4cac8e9557fb8fb35ab6ffcd1e28fade8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 content-encoding br accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 9BB880F1E37F4E8583FF8B88CD0C1B7D Ref B: LON212050706049 Ref C: 2024-12-19T07:56:10Z x-cache CONFIG_NOCACHE date Thu, 19 Dec 2024 07:56:09 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding
GET H3	200	/ www.facebook.com/tr/	0 16 B	49ms 23ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=265094585475702&ev=PageView&dl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&rl=&if=false&ts=1734594970234&sw=1600&sh=1200&v=2.9.179&r=stable&ec=0&o=12318&fbp=fb.1.1734594970233.139647465372232124&ler=empty&cdl=API_unavailable&it=1734594970098&coo=false&rqm=GET Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains x-fb-connection-quality EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=4571, tp=10, tpl=0, uplat=0, ullat=0 cross-origin-resource-policy cross-origin access-control-allow-credentials true access-control-allow-origin alt-svc h3=":443"; ma=86400 content-length 0 date Thu, 19 Dec 2024 07:56:10 GMT content-type text/plain server proxygen-bolt priority u=3,i
GET H3	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 196 B	178ms 153ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=265094585475702&ev=PageView&dl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&rl=&if=false&ts=1734594970234&sw=1600&sh=1200&v=2.9.179&r=stable&ec=0&o=12318&fbp=fb.1.1734594970233.139647465372232124&ler=empty&cdl=API_unavailable&it=1734594970098&coo=false&rqm=FGET Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding zstd report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7450028669881824695"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} x-content-type-options nosniff expires Sat, 01 Jan 2000 00:00:00 GMT alt-svc h3=":443"; ma=86400 date Thu, 19 Dec 2024 07:56:10 GMT content-type image/png vary Accept-Encoding x-fb-debug /huxEPW0c4LaMb/djWwfx+7ocOM2TYXlt0AmWqkEWLq4SeeqU/sUzYWHoE6CMX5oIhv2TW85mpaBf4pcwH5I7g== priority u=3,i x-frame-options DENY strict-transport-security max-age=15552000; preload reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7450028669881824695", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" content-security-policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; cache-control private, no-store, no-cache, must-revalidate x-fb-connection-quality EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=4939, tp=13, tpl=0, uplat=129, ullat=0 cross-origin-opener-policy same-origin-allow-popups pragma no-cache cross-origin-resource-policy cross-origin permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" document-policy force-load-at-top x-xss-protection 0 origin-agent-cluster ?1
GET H3	200	counters.gif forms.hsforms.com/embed/v3/	35 B 569 B	172ms 164ms	Image image/gif	2606:4700::6812:50cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag none x-request-id b575fcd6-4411-477e-9900-1e5e5458c8fe access-control-expose-headers X-Origin-Hublet cf-cache-status DYNAMIC x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https server-timing cfExtPri date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id b575fcd6-4411-477e-9900-1e5e5458c8fe content-type image/gif vary origin priority u=3,i strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-tw288 x-envoy-upstream-service-time 2 access-control-allow-credentials false cf-ray 8f45d5a42ac09232-FRA x-evy-trace-route-configuration listener_https/all content-length 35 server cloudflare x-evy-trace-virtual-host all
POST H2	204	0 bat.bing.net/actionp/	0 120 B	160ms 82ms	Ping text/plain	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.net/actionp/0?ti=137007554&tm=gtm002&Ver=2&mid=d78b0574-01fd-40fd-bd1e-f6f96b9ca30c&bo=1&evt=consent&src=enforced&cdb=AQAI&asc=D Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers cache-control no-cache, must-revalidate pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 39DECC4CD7C64293860C126FF6D56DE5 Ref B: FRA31EDGE0817 Ref C: 2024-12-19T07:56:10Z expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin * x-cache CONFIG_NOCACHE date Thu, 19 Dec 2024 07:56:09 GMT
GET H2	204	0 bat.bing.net/action/	0 346 B	159ms 83ms	Image text/plain	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.net/action/0?ti=137007554&tm=gtm002&Ver=2&mid=d78b0574-01fd-40fd-bd1e-f6f96b9ca30c&bo=2&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&r=&lt=792&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=249648 Requested by Host: www.cadosecurity.com URL: https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence. Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers cache-control no-cache, must-revalidate pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: F7CA609E4A254F4B862FFEC71B9E468D Ref B: FRA31EDGE0817 Ref C: 2024-12-19T07:56:10Z expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin * x-cache CONFIG_NOCACHE date Thu, 19 Dec 2024 07:56:09 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	249 KB 89 KB	42ms 42ms	Script application/javascript	2a00:1450:4001:828::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-319182849 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 545dd8af5b78e66c479cf0c743521968c5d02c31f76f644e5184f42e48c8a131 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Thu, 19 Dec 2024 07:56:10 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 19 Dec 2024 07:56:10 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Thu, 19 Dec 2024 06:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 91408 x-xss-protection 0 server Google Tag Manager
GET H3	200	js Show response www.googletagmanager.com/gtag/	249 KB 89 KB	37ms 37ms	Script application/javascript	2a00:1450:4001:828::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-319182849&l=dataLayer&cx=c&gtm=45je4cc1v9129038223za200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-S0BZ30LS47 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash bee31d1a92dccc1bbfef1f7e1907e97600344754da993bc5179fde3618b1c2a8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Thu, 19 Dec 2024 07:56:10 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 19 Dec 2024 07:56:10 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Thu, 19 Dec 2024 06:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 91425 x-xss-protection 0 server Google Tag Manager
GET H2	200	__ptq.gif track.hubspot.com/	45 B 650 B	143ms 134ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=930271884&v=1.1&a=14518100&ct=standard-page&ccu=https%3A%2F%2Fwww.cadosecurity.com%2F404&lvc=en&pu=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&cts=1734594970722&vi=f96993507b2139cc4ed7353d25f63d23&nc=true&u=185812470.f96993507b2139cc4ed7353d25f63d23.1734594970721.1734594970721.1734594970721.1&b=185812470.1.1734594970721&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag none x-request-id 9d5928b6-fd8e-4509-9227-603800fb66e0 cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ki5%2FTjyCoI9iYTrzzVYubfLtVrJl4gWKlcdMFp1uEidtau09%2BTN3RASMu59bY3bxTfeHDLdR4bIHogLLVbxY0Fu2NRIx2QHgvetYLbk4xcT6IrCswhwyWkGOsuqsnsh0Hp4nAFT87eMh8%2Bonoi2T"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-evy-trace-listener listener_https p3p CP="NOI CUR ADM OUR NOR STA NID" date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id 9d5928b6-fd8e-4509-9227-603800fb66e0 content-type image/gif vary origin, Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control no-cache, no-store, no-transform nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-9fq2m x-envoy-upstream-service-time 4 access-control-allow-credentials false cf-ray 8f45d5a72b84db9f-FRA x-evy-trace-route-configuration listener_https/all content-length 45 server cloudflare x-evy-trace-virtual-host all
GET H3	200	counters.gif perf.hsforms.com/embed/v3/	35 B 611 B	178ms 177ms	Image image/gif	2606:4700::6812:50cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag none x-request-id af02148d-db5f-4f02-843d-9e1d695cdb56 access-control-expose-headers X-Origin-Hublet cf-cache-status MISS x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https server-timing cfExtPri date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id af02148d-db5f-4f02-843d-9e1d695cdb56 content-type image/gif vary origin, Accept-Encoding last-modified Thu, 19 Dec 2024 07:56:10 GMT priority u=3,i strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-96dtb x-envoy-upstream-service-time 4 access-control-allow-credentials false cf-ray 8f45d5a71c029232-FRA accept-ranges bytes x-evy-trace-route-configuration listener_https/all content-length 35 server cloudflare x-evy-trace-virtual-host all
GET H2	200	__ptq.gif track.hubspot.com/	45 B 436 B	147ms 139ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22a51b72aa-daa5-4df8-a061-1902834ccdb0%22%2C%2292904fd2-b110-4436-a892-9e399d0cabe2%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=930271884&v=1.1&a=14518100&ct=standard-page&ccu=https%3A%2F%2Fwww.cadosecurity.com%2F404&lvc=en&pu=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&cts=1734594970723&vi=f96993507b2139cc4ed7353d25f63d23&nc=true&u=185812470.f96993507b2139cc4ed7353d25f63d23.1734594970721.1734594970721.1734594970721.1&b=185812470.1.1734594970721&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag none x-request-id 2c4b24c6-1df5-4e67-a99e-b75922e3ab15 cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MCMlvA9j1Ua5Gm9fdx0f68LaLd65WgyJBDALrTTVMe4FSEzNtd0%2FKGjkvHVqvsDGkhicaXcox0WrA0b7jMZY7OxG9s1OqhGUZgG7Dwd%2Ffjh60rtMUwPy4wALbIclNp3fVQ2QI6XkF%2BaraBVR3qBs"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-evy-trace-listener listener_https p3p CP="NOI CUR ADM OUR NOR STA NID" date Thu, 19 Dec 2024 07:56:10 GMT x-hubspot-correlation-id 2c4b24c6-1df5-4e67-a99e-b75922e3ab15 content-type image/gif vary origin, Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control no-cache, no-store, no-transform nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-6v7t5 x-envoy-upstream-service-time 6 access-control-allow-credentials false cf-ray 8f45d5a72b87db9f-FRA x-evy-trace-route-configuration listener_https/all content-length 45 server cloudflare x-evy-trace-virtual-host all
GET H2	200	Cado-Security-Favicon-%E2%80%93-2.png 14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/	368 B 1 KB	41ms 41ms	Other image/webp	2606:4700:4400::ac40:9284 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Cado-Security-Favicon-%E2%80%93-2.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e278f03d5278efc073b8038bf880d791304731569fddc3f8d7a7d61cd0f50378 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers x-robots-tag all cf-cache-status HIT etag "a4127864a58c71302f983571f444f114" age 32896 cache-tag F-54685336068,P-14518100,FLS-ALL x-amz-version-id _pLUAn.20t8VzbVmtQVsGz4RDybKvXbu x-cache RefreshHit from cloudfront x-amz-cf-id 6ChgMjY2wsMifyZ1OobJhFIQBPkI9Zc8m3h9zq-xTTgODjr-ahEMCw== content-type image/webp content-disposition inline; filename="Cado-Security-Favicon-%E2%80%93-2.webp" last-modified Tue, 07 Sep 2021 04:47:18 GMT x-amz-meta-index-tag all x-amz-replication-status COMPLETED edge-cache-tag F-54685336068,P-14518100,FLS-ALL cache-control s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 x-amz-request-id 591TKHKCDDJR82J0 x-hs-cf-lambda-enforce us-east-1.EnforceAclForReads 3 accept-ranges bytes x-amz-meta-cache-tag F-54685336068,P-14518100,FLS-ALL content-length 368 x-hs-alternate-content-type text/plain server cloudflare x-amz-server-side-encryption AES256 x-hs-cf-lambda us-east-1.EnforceAclForReads 3 cf-bgj imgq:85,h2pri access-control-allow-methods GET cf-polished origFmt=png, origSize=639 date Thu, 19 Dec 2024 07:56:10 GMT vary Accept, Accept-Encoding x-amz-id-2 Jr2NeolBJwv7Ljl4ORTsTZezFY+q8PZ18J8dV8YtNqZetpF9lG9LLxfwbiSK6I2BcphaWbUkcuw= timing-allow-origin 14518100.fs1.hubspotusercontent-na1.net via 1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront) cf-ray 8f45d5a718abd22f-FRA access-control-allow-origin * x-amz-cf-pop FRA6-C1 x-amz-meta-created-unix-time-millis 1630990037290
POST H2	204	collect region1.google-analytics.com/g/	0 0	83ms 28ms	Fetch text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-S0BZ30LS47&gtm=45je4cc1v9129038223za200&_p=1734594969602&gcs=G100&gcd=13p3pPp2p5l1&npa=1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&gdid=dZTQ1Zm&cid=2077996864.1734594971&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&_s=1&sid=1734594969&sct=1&seg=0&dl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2582 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-S0BZ30LS47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://www.cadosecurity.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 19 Dec 2024 07:56:11 GMT content-type text/plain server Golfe2
POST H3	200	collect pagead2.googlesyndication.com/ccm/	0 0	83ms 37ms	Ping text/plain	2a00:1450:4001:81d::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.cadosecurity.com%2Fblog%2Fspinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.&scrsrc=www.googletagmanager.com&frm=0&rnd=1599059274.1734594972&navt=n&npa=1&gtm=45He4cc1v851948587za200&gcs=G100&gcd=13p3p3p2p5l1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1734594971503&tfd=2585&apve=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.cadosecurity.com/ Response headers
GET H2	200	sw_iframe.html www.googletagmanager.com/static/service_worker/4cc0/ Frame 74C7	0 0	69ms 21ms	Document text/html	2a00:1450:4001:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.cadosecurity.com Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9BDTK9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 539064 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding br content-length 1476 content-type text/html cross-origin-opener-policy same-origin; report-to="analytics-container-tag-serving" cross-origin-resource-policy cross-origin date Fri, 13 Dec 2024 02:11:47 GMT expires Sat, 13 Dec 2025 02:11:47 GMT last-modified Thu, 12 Dec 2024 10:18:00 GMT report-to {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]} server sffe service-worker-allowed /static/service_worker vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0