blog.aquasec.com Open in urlscan Pro
2606:2c40::c73c:671c Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.aquasec.com/redigo-redis-backdoor-malware
Submission: On November 11 via api (November 11th 2023, 3:35:08 pm UTC) from IN — Scanned from DE

Summary HTTP 88 Redirects Links 46 Behaviour Indicators

Summary

This website contacted 30 IPs in 2 countries across 23 domains to perform 88 HTTP transactions. The main IP is 2606:2c40::c73c:671c, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.aquasec.com.
TLS certificate: Issued by GTS CA 1P5 on September 20th 2023. Valid for: 3 months.

This is the only time blog.aquasec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	2606:2c40::c7... 2606:2c40::c73c:671c	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:6ed1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:c060	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:1490	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6810:bf59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	23.53.43.73 23.53.43.73	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:2c40::c7... 2606:2c40::c73c:67e4	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:cacc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:50ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:faa8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700::68... 2606:4700::6811:eff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:b07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:710... 2a02:26f0:7100::210:180	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2600:9000:223... 2600:9000:223c:c600:2:7dc7:8f00:93a1	16509 (AMAZON-02) (AMAZON-02)
6	52.72.235.210 52.72.235.210	14618 (AMAZON-AES) (AMAZON-AES)
4	65.9.66.118 65.9.66.118	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:8ace	13335 (CLOUDFLAR...) (CLOUDFLARENET)
88	30

18 2606:2c40::c73c:671c (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.aquasec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:6ed1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

1665891.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c060 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:1490 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:bf59 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.53.43.73 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-43-73.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2c40::c73c:67e4 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

info.aquasec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cacc (United States)

ASN13335 (CLOUDFLARENET, US)

api-na1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:50ba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:faa8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:eff9 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::210:180 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:c600:2:7dc7:8f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.72.235.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-235-210.compute-1.amazonaws.com

trackingapi.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 65.9.66.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-118.fra56.r.cloudfront.net

pic.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ace (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	aquasec.com blog.aquasec.com info.aquasec.com — Cisco Umbrella Rank: 839146	382 KB
12	trendemon.com assets.trendemon.com — Cisco Umbrella Rank: 87551 trackingapi.trendemon.com — Cisco Umbrella Rank: 68240 pic.trendemon.com — Cisco Umbrella Rank: 199348	168 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5465 c.6sc.co — Cisco Umbrella Rank: 8564 ipv6.6sc.co — Cisco Umbrella Rank: 5738 b.6sc.co — Cisco Umbrella Rank: 3759	21 KB
11	hubspotusercontent-na1.net 1665891.fs1.hubspotusercontent-na1.net	47 KB
7	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5456 js.hubspot.com — Cisco Umbrella Rank: 5485 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 5222 track.hubspot.com — Cisco Umbrella Rank: 2298	27 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 377 www.linkedin.com — Cisco Umbrella Rank: 629 px4.ads.linkedin.com — Cisco Umbrella Rank: 6003	5 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4294 forms-na1.hsforms.com — Cisco Umbrella Rank: 6733 perf-na1.hsforms.com — Cisco Umbrella Rank: 5955	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2155	17 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 366	14 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 778	19 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2462	290 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	178 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6454	179 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4559	24 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2150	22 KB
1	hubapi.com api-na1.hubapi.com — Cisco Umbrella Rank: 22546	945 B
1	gstatic.com fonts.gstatic.com	46 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2386	1 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97	455 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	1 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	28 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5567	6 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8342	2 KB
88	23

	Domain	Requested by
18	blog.aquasec.com	blog.aquasec.com js.usemessages.com
11	1665891.fs1.hubspotusercontent-na1.net	blog.aquasec.com
8	b.6sc.co	blog.aquasec.com
6	trackingapi.trendemon.com	assets.trendemon.com
4	pic.trendemon.com	assets.trendemon.com
4	track.hubspot.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
3	js.hs-banner.com	blog.aquasec.com js.hs-banner.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com blog.aquasec.com
2	assets.trendemon.com	blog.aquasec.com assets.trendemon.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.googletagmanager.com	blog.aquasec.com
1	js.hsforms.net	assets.trendemon.com
1	perf-na1.hsforms.com	blog.aquasec.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	forms-na1.hsforms.com	blog.aquasec.com
1	forms.hsforms.com	blog.aquasec.com
1	px4.ads.linkedin.com	blog.aquasec.com
1	www.linkedin.com	1 redirects
1	js.usemessages.com	blog.aquasec.com
1	js.hubspot.com	blog.aquasec.com
1	js.hs-analytics.net	blog.aquasec.com
1	api-na1.hubapi.com	blog.aquasec.com
1	app.hubspot.com	blog.aquasec.com
1	fonts.gstatic.com	fonts.googleapis.com
1	info.aquasec.com	blog.aquasec.com
1	j.6sc.co	blog.aquasec.com
1	js.hs-scripts.com	www.googletagmanager.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	fonts.googleapis.com	blog.aquasec.com
1	cdnjs.cloudflare.com	blog.aquasec.com
1	static.hsappstatic.net	blog.aquasec.com
1	cdn2.hubspot.net	blog.aquasec.com
88	36

This site contains links to these domains. Also see Links.

Domain
www.aquasec.com
cloud.aquasec.com
avd.aquasec.com
1665891.fs1.hubspotusercontent-na1.net
github.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
success.aquasec.com
info.aquasec.com

Subject Issuer	Validity	Valid
blog.aquasec.com GTS CA 1P5	`2023-09-20` - `2023-12-19`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-09-30` - `2024-09-29`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
6sc.co R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
info.aquasec.com GTS CA 1P5	`2023-09-20` - `2023-12-19`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
*.trendemon.com SSL.com RSA SSL subCA	`2023-06-18` - `2024-06-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://blog.aquasec.com/redigo-redis-backdoor-malware
Frame ID: B74BE677B9F100013B8835FEF18DD734
Requests: 87 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aqua Nautilus Discovers Redigo — New Redis Backdoor Malware

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

88
Requests

99 %
HTTPS

87 %
IPv6

23
Domains

36
Subdomains

30
IPs

2
Countries

1186 kB
Transfer

3116 kB
Size

24
Cookies

46 Outgoing links

These are links going to different origins than the main page.

URL: https://www.aquasec.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/
Title: Aqua Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/aqua-cloud-native-security-platform/
Title: Products

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/kubernetes-container-security/
Title: Solutions

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/resources/
Title: Resources

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/about-us/
Title: Company

Search URL Search Domain Scan URL

URL: https://cloud.aquasec.com/signin
Title: Sign In

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/demo/
Title: Try Aqua

Search URL Search Domain Scan URL

URL: https://avd.aquasec.com/nvd/2022/cve-2022-0543/
Title: vulnerability was discovered

Search URL Search Domain Scan URL

URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Picture8-1.png

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/cloud-native-academy/cloud-attacks/malware-analysis/
Title: malware analysis

Search URL Search Domain Scan URL

URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Picture9-1.png

Search URL Search Domain Scan URL

URL: https://github.com/aquasecurity/tracee
Title: Aqua Tracee

Search URL Search Domain Scan URL

URL: https://github.com/aquasecurity/chain-bench
Title: Chain-Bench

Search URL Search Domain Scan URL

URL: https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
Title: CIS Software Supply Chain benchmark

Search URL Search Domain Scan URL

URL: https://github.com/aquasecurity/trivy
Title: Trivy

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer/sharer.php?u=https://blog.aquasec.com/redigo-redis-backdoor-malware

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://blog.aquasec.com/redigo-redis-backdoor-malware&text=Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://blog.aquasec.com/redigo-redis-backdoor-malware&title=Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AquaSecTeam

Search URL Search Domain Scan URL

URL: https://twitter.com/AquaSecTeam

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/aquasecteam

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/AquasecTeam

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/use-cases/devops-security/
Title: Automate DevSecOps

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/container-security/
Title: Modernize Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/use-cases/container-auditing-compliance/
Title: Compliance and Auditing

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/serverless-container-functions/
Title: Serverless Containers & Functions

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/use-cases/multi-cloud-and-hybrid-cloud/
Title: Hybrid and Multi Cloud

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/kubernetes-security/
Title: Kubernetes Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/red-hat-openshift-container-security/
Title: OpenShift Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/docker-container-security/
Title: Docker Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/aws-container-security/
Title: AWS Cloud Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/azure-container-security/
Title: Azure Cloud Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/google-cloud-kubernetes-security/
Title: Google Cloud Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/vmware-pks-security/
Title: VMware PKS Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/about-us/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://success.aquasec.com/#/
Title: Contact Support

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/aqua-cloud-native-security-platform/
Title: Aqua Cloud native security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/open-source-projects/
Title: Open Source Container Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/integrations/
Title: Platform Integrations

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/resources/virtual-container-security-channel/
Title: Live Webinars

Search URL Search Domain Scan URL

URL: https://info.aquasec.com/kubernetes-security
Title: O’Reilly Book: Kubernetes Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/cloud-native-academy/
Title: Cloud native Wiki

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/about-us/news/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/about-us/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/news/granted-patent-to-secure-container-environments
Title: New Patent for Technology to Secure Serverless Container Environments Read the news

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D45226%26time%3D1699716903290%26url%3Dhttps%253A%252F%252Fblog.aquasec.com%252Fredigo-redis-backdoor-malware%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cookiesTest=true&liSync=true&e_ipv6=AQLKgVKti-_g-gAAAYu_BbRuOIT56igY1Xp99CbxzLGpAguZTMBxPYKXIDz0XRBvvWEOYKTkjakT

88 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request redigo-redis-backdoor-malware Show response
blog.aquasec.com/ 83 KB
20 KB 336ms
229ms Document
text/html 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

341720edd49c35f7623edd60c2c51a78e6496c133caf30db0751a44d73b085ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 82479a510aa2bba9-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sat, 11 Nov 2023 15:35:02 GMT
edge-cache-tag: CT-93737041754,CG-3657573699,P-1665891,L-18586815967,L-7511165832,L-7516015189,CW-106188107884,CW-6158268125,E-108051130136,E-7511165868,E-7511165869,PGS-ALL,SW-4,GC-32602450653,GC-41471622868
etag: W/"e394a0bfc2ba1b9d3efaa975e1d017c9"
last-modified: Fri, 10 Nov 2023 00:07:51 GMT
link: </hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uUoAIPqtIFAjYTl2igdaV9Yr3W%2FtLKFYzVvUFgrp8jfF1QNa0Na5lR%2BxpTPXAC9LIcwgfB117TUdymg1SVaoqNE%2FrPxQDzpoG3RXZlFpW9s7NxGKUB4fIXk3RbTw12LCNqCiwRdYYf7JVVEmnAk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 93737041754
x-hs-https-only: worker
x-hs-hub-id: 1665891
x-hs-prerendered: Fri, 10 Nov 2023 00:07:51 GMT

GET
H2 200 comment_listing_asset.js Show response
blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 8 KB
3 KB 61ms
59ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 82382b373bb37f94b23638d0711cc150.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 16746212
x-amz-cf-pop: LHR50-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: 4D3b_.jtdSCbU1XTktruWk73HT0wxWk7
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:09 GMT
server: cloudflare
etag: W/"2455723721db341ff86a4f64384a9c0d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4257zpoXKHd4fn4VtUsmGNNe7W7DJyDdTw3nZldEsrZI7zXwL8X%2FrtiFtoEpHaiLWgMLB8YAeLvQO9ab5Q04427hFHP1zDuX8s36kvc1jP4zdMgyImfP4oac4hCGxqGnd%2Bja8u2WNVRqsG4Yn68%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 82479a527cb6bba9-FRA
x-amz-cf-id: PTrApxtJe6Egk9yygAlt_TSFkvFCbraA73wmFt3_bEqdfSLzrdktIA==
expires: Sun, 10 Nov 2024 15:35:02 GMT

GET
H2 200 project.js Show response
blog.aquasec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 53ms
52ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 909362
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dKcNWzUx6A7jAS7mzy1mNGjvTX%2FyVJR%2FliKBlPb%2BGGY83NjWNkNMZFQN2RXnO8E30cg3SlDG6VpZxDM%2BYp7klshjBCi72b0b%2BzFZOWWJFlm48FQI1zQ4DSTr3vytgqxrPq2VOaapmdl28ubM5Ok%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 82479a527cb8bba9-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Sun, 10 Nov 2024 15:35:02 GMT

GET
H2 200 post_listing_asset.js Show response
blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 56ms
56ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 118037
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"d95d7dafd49a1edc76a47120c287b579"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvjVv%2Fk7D5pjmd5VkKiVOdJJWKr4gaDDlM%2B04NXpPnIjkR6mxiyTfJfVYUGD3gLHti6zDfV6%2BxDAgAMs3cu9Jf7UJ63%2FybgxybEBNVTE%2BwYtQdMhVJnpaX%2BmDEZ6cW84Ma%2FshwAfss5UU4uAGFc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 82479a527cbbbba9-FRA
x-amz-cf-id: mhe-XZqlu0UYIouskl3OSMY2m4X2j8did-p1-Mtvgj_trvaRM8b1YA==
expires: Sun, 10 Nov 2024 15:35:02 GMT

GET
H2 200 v2.js Show response
blog.aquasec.com/_hcms/forms/ 559 KB
185 KB 74ms
73ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

063746967871d4216965a4986fe8364aa66625bc5da5dd9d4c356d863b5c51da

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 33
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4110/bundles/project-v2.js&cfRay=8247998204d99076-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"c29a551e477ae940faf937d9f051c067"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4110/bundles/project-v2.js
date: Sat, 11 Nov 2023 15:35:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: 2.K8Uxn1o3u0mUGuPox8BfBcKB0lZg3T
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 3d4f34aa-13ad-4f70-9eff-bc2118bd9b8f
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3d4f34aa-13ad-4f70-9eff-bc2118bd9b8f
last-modified: Wed, 08 Nov 2023 09:25:28 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ru%2BdErSYD82g4PihxrvAaQIeSu9M5LILAn6hfFbcZGJcWfEYJWE7e2fe4kPjA6c%2FKhMZoej614WU%2Fr%2B6GCArcTtsqND4xHoVDgsJtABMBzV4fotuKuMkUQ5zzATXJHGWv9SUduzNRAraLSyReC8%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-65w98
cf-ray: 82479a527cbcbba9-FRA
x-amz-cf-id: bv8LK06QWPHEf7lVcNJziH_DhycZkInqC-XrfLn4lS04opJ0DMb0Ag==

GET
H2 200 comments_listing_asset.css
blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 1 KB
968 B 58ms
56ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/comments_listing_asset.css

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 184852
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: LQgaE1SSZjkxZtePb5jE9vLc6kDw7LTx
content-encoding: br
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"6b1d31d121f4c84e5ee3b7d7446495d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=REmtVewkULIUC8yiXmSZXKKgvlEQGkvHhL%2F2yyRO8p9Q4V25mRJf5cNF93R0OqESahsnhhksNK5DknKw5UtEhUxZ96LxLIigxM34phPX%2Bf5SD0uDul1GgD%2B%2FgzHFM4W7La30MXE%2BPtaKiHZ%2BBSU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 82479a528cbebba9-FRA
x-amz-cf-id: fJXTM8_wGdLcvZA0pcUe1GoGeXAikcdvRMnesJjyhs53QY25pZR11A==
expires: Sun, 10 Nov 2024 15:35:02 GMT

GET
H2 200 rss_post_listing.css
blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
819 B 59ms
58ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 25086412
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZ67L6GKvh0Vt%2B%2BbzFxtAGbTTUKpcYAK8NbSH8SCd4OxzAle3pGqE9fkXO6YEjl6i%2BeT%2BaMvNhNbEvfxQh%2B7LXteHVok8vmycRuUQlP27i%2BAEveJsdqdZeGMah15BhHYK4yzMEHABWlorKtJxtg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 82479a528cc1bba9-FRA
x-amz-cf-id: wRPq4gRubIHzANgCAz0wyem-7EHBI0sWOKp6XwIsrLR6avpBMEzHMA==
expires: Sun, 10 Nov 2024 15:35:02 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
88 KB 86ms
39ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-D2G99SQ9HG

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

54fb1eba24b8cdf51f3516dc5351efec8a42824a883e9d4416f48a088cde3e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89741
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 11 Nov 2023 15:35:02 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1699544760885/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 102ms
39ms Stylesheet
text/css 2606:4700::6810:6ed1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1699544760885/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6ed1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-encoding: br
age: 172088
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1699544761535
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 11 Nov 2023 15:35:02 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: fc01a312-ea1b-4a12-b0c0-2df920d1ec85
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 171
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: fc01a312-ea1b-4a12-b0c0-2df920d1ec85
last-modified: Thu, 09 Nov 2023 15:46:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyCYapUqJx8%2FUXJMaZK1QPPVMsd3FXDSdjFoNg8NNG4H9IldhR%2F1%2FEfTeKs3j8tPxV0Vkq%2FlmKQrwuIfg%2F9Q4qzNBSaq8oaRr9SbhblfWDZh2x0PrAT1PN%2BEY3kdrrQWA4QldsMfrMPXz0TaCBE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray: 82479a52eabd3609-FRA

GET
H2 200 aqua_theme_2019_styles.css
blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/ 109 KB
24 KB 212ms
211ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

21f5ddeb4c5e6a55dd2e05eee50047cf76287c235ef0e10f807f4145a7ff69e1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 50GEF0SZNZPXGJ2K
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"d8db59900e7a2dd383e3a9f25d74c7ac"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1691504001418
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 11 Nov 2023 15:35:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: IlcKdOHeuQ58FrFFX6jwhxfxZo4ssLv4
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: cd9fc10c-2ba4-4251-9284-f6713945d983
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 360
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pbQrNAcjuc4NY9EnQgruNTR4Y/7FAq9hryuPXCKMqrHpGdE1RYL9zTKGLKWi6mLnE1x6XIqw35o=
x-evy-trace-route-configuration: listener_https/all
x-request-id: cd9fc10c-2ba4-4251-9284-f6713945d983
last-modified: Tue, 08 Aug 2023 14:13:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H86Z7pZIP8s4DK1RhxlRrro4QMjQEaVKe7F403%2FpLLgX8JXzuGFftz2notOafaz55K%2BRFXGHPt9KwiMj8fR7hvrbUkEoyR67GMTJAS5W5On684Ln%2BdnoNduezI1sM2PBq1r3PQQhwu3s5Vy7S68%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 82479a528cc3bba9-FRA
x-amz-cf-id: o8M5wBNHatAIlzTxNQ12wm1ZkWY8d7IoBoqRYsZZmeXbZjps1Whcrg==

GET
H2 200 Blog-Image--Threat-Report---Redigo-Malware-Discovered.jpg
1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/ 32 KB
32 KB 666ms
600ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Blog-Image--Threat-Report---Redigo-Malware-Discovered.jpg?width=870&name=Blog-Image--Threat-Report---Redigo-Malware-Discovered.jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f95004c5793d5e505efa1b1181b418ad22ca200b3450ccf60091103e4fbd62cc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: MISS
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-93737697883,P-1665891,FLS-ALL
content-length: 32642
cf-resized: internal=ok/m q=0 n=320+0 c=3+58 v=2023.9.8 l=32642
last-modified: Thu, 01 Dec 2022 14:59:17 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf2pzjgZvAHM5O9o5XbmzPbTfY9Z0BzdmqJ_ULo1G_DQ:9d9bc1463e096426161fa3a5fac87909"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 82479a52eee691f3-FRA

GET
H2 200 Nitzaan-Yaakov.jpg
1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/ 760 B
1 KB 137ms
136ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Nitzaan-Yaakov.jpg?width=48&height=48&name=Nitzaan-Yaakov.jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c67cdb660a5c3c279ccfa1cd3d488dff15a8b8b5545288121f1b8f0a70a4686

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
via: 1.1 b7f525be96cecf61bbec66a423b622b0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-62652040970,P-1665891,FLS-ALL
content-length: 760
cf-resized: internal=ok/m q=0 n=272+0 c=0+1 v=2023.9.8 l=760
last-modified: Sun, 26 Dec 2021 11:05:09 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfSqqMUGFtXT50UkHKzBTD_yhSKxSBlmMBbhedHTfFDQ:77d562def00f6d9cb01688e265d56789"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 82479a52eee891f3-FRA

GET
H2 200 Nitzaan-Yaakov.jpg
1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/ 2 KB
3 KB 205ms
139ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Nitzaan-Yaakov.jpg?width=120&height=120&name=Nitzaan-Yaakov.jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f43018984c428e6ceee235e36dbeaff1e23343ce6fcb7cb75b8b13ef8ff5a0fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-62652040970,P-1665891,FLS-ALL
content-length: 2460
cf-resized: internal=ok/m q=0 n=391+0 c=1+4 v=2023.9.8 l=2460
last-modified: Sun, 26 Dec 2021 11:05:09 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfSqqMUGFtXT50UkHKzBTD_yhSCkG96azlf-Tapd0KDQ:77d562def00f6d9cb01688e265d56789"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 82479a52eee791f3-FRA

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 100ms
39ms Script
application/javascript 2606:4700::6811:c060
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
age: 983061
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2BnJldJZ%2FpK2WjomfVl7j4JBdQUa9cGSu2Hw62xGEKYk5b10UTMruh0KIkU48cuqfv2dpekQkpTh8i1bOK5RN7Yv%2BY8csiPr8GhVFwWJ5sRRYx5JoqJl2Qk7uZ0qt9K7vxY5dq3ej35JlnfRA9rYL5nSxPQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 82479a534eb218f3-FRA
x-amz-cf-id: k_gHpvfnGWP3KOaVi1deeMqYFTweB1UnYNK_3W6jSRA-UzfpyBEvZw==
expires: Sun, 10 Nov 2024 15:35:02 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 74ms
29ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 263123
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2B5b6e3V31qN3kenhWBcJ3IBkR8CPCP9ZWaozaMKLowOaIso17BdoyeihSUo7WvG80FFkKX6BjN6h%2BJgNtiDLzDPq47hoC7prMLkTTUOfISlS2EHD3fUlJIJ9wlwEFINO5%2BZlt1e%2Ba4FgRIv4EAAGmQK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82479a533b084da8-FRA
expires: Thu, 31 Oct 2024 15:35:02 GMT

GET
H3 200 aqua_theme_2019_scripts.js Show response
blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165868/1575250830489/Coded_files/Custom/page/Aqua_Theme_2019/ 5 KB
3 KB 194ms
192ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165868/1575250830489/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_scripts.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f9a3cacca516b6343c46d79e9c02a0eea2497cd7b0726359b8bb9120375559e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: ZP4JPCPD2DMBZJ85
x-evy-trace-route-service-name: envoyset-translator
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"de4d6e1461004a14ecb30b8ea579d084"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 bfc4676044fcc4c0c8e705c71ca51fea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 9AKBnGYi3T4hDaPO1On7lahtX4teQ0Wk
x-amz-cf-pop: IAD55-P5
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 108
alt-svc: h3=":443"; ma=86400
x-amz-id-2: uJgGgaWAVNVJdl+apFm/QVQeitvYemVGJatjppZtHjULyRoVSECU8PzETlDPQg1X5juevttOdi0=
x-request-id: cea0f5b7-8033-419d-8b45-47a33f09206e
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 02 Dec 2019 01:40:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=43vwO6EfJ1%2F9BxVwSUM5zT6xZjUyekVUVFYD5Q%2BTVwG5EFa1%2FpXRpo9LvmfsktEoxPM8SMLIJon3uzDaKw8Oqkct9JCtoZ2M5b%2B8aF5PGvdhrPPt9GJRlVNJwFcAZfTcaUUQqGwKoMrqWWyk89E%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 82479a52ed55380e-FRA
x-amz-cf-id: WUcwJ8Ha8QulVgooqtPHaSajd2gHE_uzl2sQubdJmV9wQufgktxG9w==

GET
H3 200 1665891.js Show response
blog.aquasec.com/hs/scriptloader/ 2 KB
1 KB 363ms
362ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/scriptloader/1665891.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b0491a3b57ad928caeddcde1977c7a89b6c5fa7244586894f3e9f74a00d29c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3f8bce4f-0fb6-4142-baf8-789070ec107c
content-encoding: br
x-envoy-upstream-service-time: 5
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3f8bce4f-0fb6-4142-baf8-789070ec107c
last-modified: Sat, 11 Nov 2023 15:11:40 GMT
server: cloudflare
x-trace: 2B0316101A7999C9F8DDBE054F3838FEC9EA95CEFE000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.aquasec.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-bwhzg
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MpQCYuYrAYHAy1ByGK8WJYm6g9GOg5Y0lrR0PHpVqF0VgrWLAMiOoBVrLJbj2vCsH%2F6hUrd4zj%2BMoa5oLfm9iEZ1HiXBU%2F7BEZyPz4oaGz21n6ONvJk2JK3KhaRDJafbe%2BskEFvHQ9HXOPrfdd8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 82479a52ed57380e-FRA
expires: Sat, 11 Nov 2023 15:36:03 GMT

GET
H3 200 index.js Show response
blog.aquasec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 69ms
68ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 04a40fe66992666426f66bb0ade3912a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 126907
x-amz-cf-pop: TXL50-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0BfR2XiyUN75OBDHzczYyfUPEpn24xL0jP2ygjEJFHN%2FgoapY682iNNDMIQ%2ByMN3fahQlgzP5Lv7Ga%2Fc0Cbsyufk30o7i8INE%2BHFo7VmJmRprGPdTM85uW21IU4HeoZBd3xOEDptNbY0nw2dWlY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 82479a52ed58380e-FRA
x-amz-cf-id: 8NRs2Wm2ubi5t9HUvpgx9SMwAJYAnsUpgxBkSQl1rau6_0XB0E7nLw==
expires: Sun, 10 Nov 2024 15:35:02 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 268 KB
90 KB 111ms
65ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6355bdb06aae6f5e6e9974eb30fa44f09c01a9762019d673bf1fd83df130b2fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92272
x-xss-protection: 0
last-modified: Sat, 11 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 11 Nov 2023 15:35:02 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 77ms
29ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&display=swap

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8b237687c7d4095875a0b3c92f7efa3f7e145023a8cf6b93bfc8bc7ed6b469f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 11 Nov 2023 15:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 11 Nov 2023 14:16:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 11 Nov 2023 15:35:03 GMT

GET
H2 200 animation.css
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Scalock_Jan2016/ 27 KB
3 KB 41ms
41ms Stylesheet
text/css 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Scalock_Jan2016/animation.css
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee6eb03a528bb02a6a0aaac0adcdcfaeb3275b2596b08df6efd12ceca93df7e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
via: 1.1 26f61e70ac4b967ea82841cbd2dc7cf0.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3686461719,P-1665891,FLS-ALL
x-amz-version-id: s0c7rvHNJDMTrAJplCdVbtTcnNRAmnNF
age: 30343
x-amz-cf-pop: FRA56-P7
x-amz-request-id: Q2XX34XVMDF6R0N3
edge-cache-tag: F-3686461719,P-1665891,FLS-ALL
cache-tag: F-3686461719,P-1665891,FLS-ALL
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-id-2: G97cIkr+odf1156nSuaEyiDAb/DHga7/co2MJb0SuMPW60O3/KWAVQHGyzZZM9qasp0sT9W5J9w=
last-modified: Sun, 08 Oct 2017 05:05:55 GMT
server: cloudflare
etag: W/"edfd447adba05bffefacddd7cf793b7d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 82479a53df8091f3-FRA
x-amz-cf-id: 6ImW7ZmU4L0ZKe0n80Xpi6YRa2niFNEnAIZZprYJiO61QxdReLYiYg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

POST
H2 204 collect
region1.google-analytics.com/g/ 0
245 B 76ms
28ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-D2G99SQ9HG&gtm=45je3b81v875778671&_p=1699716902858&gcs=G100&gcd=11p1p1l1l5&dma_cps=sypham&dma=1&gdid=dZTQ1Zm&cid=2057988683.1699716903&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1699716903&sct=1&seg=0&dl=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&dt=Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=588
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-D2G99SQ9HG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:35:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.aquasec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
455 B 107ms
55ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=11p1p1l1l5&rnd=2136232512.1699716903&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&dma_cps=sypham&dma=1&gtm=45He3b81n715N9T3Hv71822536

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:35:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 175ms
55ms Script
application/javascript 2a02:26f0:3500:16::215:1490
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1490 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c6d603c605c9e07062ffeba7c47a81e19c4f8c05604c6474371f4ad8b654c758

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Nov 2023 07:18:39 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=30822
accept-ranges: bytes
content-length: 3840

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 187ms
135ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Sat, 11 Nov 2023 15:35:02 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 042C73DE53B94D92B3055E29834521D1 Ref B: FRAEDGE2006 Ref C: 2023-11-11T15:35:03Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 1665891.js Show response
js.hs-scripts.com/ 2 KB
1 KB 183ms
133ms Script
application/javascript 2606:4700::6810:bf59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/1665891.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bf59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b0491a3b57ad928caeddcde1977c7a89b6c5fa7244586894f3e9f74a00d29c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 23a88715-bfc5-4f70-b754-5d49afbb66ac
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 23a88715-bfc5-4f70-b754-5d49afbb66ac
last-modified: Sat, 11 Nov 2023 15:11:37 GMT
server: cloudflare
x-trace: 2BF13B931D84D46B773BA5C0484C043CE470D3A444000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.aquasec.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-rn8xw
cf-ray: 82479a5479f51e3e-FRA
expires: Sat, 11 Nov 2023 15:36:03 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 60 KB
16 KB 268ms
124ms Script
application/javascript 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

e8a99c16a581c4e69330699d00aa4a7763158ed99194087bceebd232d53eb42f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 17 Oct 2023 19:14:48 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "652edd28-f1f8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 16484
expires: Sat, 11 Nov 2023 15:35:03 GMT

GET
H2 200 data-layer-events.js Show response
info.aquasec.com/hubfs/ 11 KB
4 KB 1059ms
990ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://info.aquasec.com/hubfs/data-layer-events.js?v=1699717503056

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

396f95fe76847ae1beacf9c523d2b852b3fc31ce9beedbde4df6b7f8ba6901ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-77926488921,P-1665891,FLS-ALL
x-amz-request-id: EDQY10Y9NJ04HYAC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-77926488921,P-1665891,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"b492d523ec97a31b53add8896e2baeca"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1656583869290
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 11 Nov 2023 15:35:04 GMT
strict-transport-security: max-age=31536000
via: 1.1 316c3f6f9514dc45c45cd1b2385757cc.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: XcRlKoDF..T4fG.0Cjjm9Tr4D9UFP3Rp
x-amz-cf-pop: AMS1-P3
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-77926488921,P-1665891,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GynxNV2sWDsO6Dg5CzXVnQ9Jvygz5gyxde5Ai49mRU6jHQwMmtbGWbD6ApNnjOv7C6ZiOaedaqo=
last-modified: Thu, 30 Jun 2022 10:11:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YNnsinMqvtsc%2BFKMPr%2Fbcp5tCdRVxpUAASWF%2FZj%2BeM5VXFXUq8Sis39twx3TRoouyy44dvM%2FKpbKz02tBOETyicuHkEgMqzfG70RZY8PvBZAKZ1m5ut1mxjtecAn7ySiy2CL41oA2i8KCTcBckU%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 82479a549b176927-FRA
x-amz-cf-id: Z0lqi5krPAEBS6lQR90Sf3G0sp1bN6BDzWDHqcl4DC2IJBDXkaM58Q==

GET
H2 200 logo_aqua_2020.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 2 KB
1 KB 41ms
41ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/logo_aqua_2020.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8eb8a7898d7f65f3407008af621d906d14d1f0d0ff3f03a70da78cc1e471ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
via: 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-33469653384,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: Gbe7iAG8CWjdzqvIjTwC5N1NHh.QA.MM
age: 1069757
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: NZA16098Y7M6YXV1
edge-cache-tag: F-33469653384,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-33469653384,FD-6262692448,P-1665891,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-id-2: fzha6BETH56LW8jWudktU9SWrGQ+Oxc6OJmBBo/iipCmmK4V/obfwj+rdRUtqcinQJjFLvklUMyha4uP1eI7f6mldEn1prWddIyhd689u8Y=
last-modified: Mon, 20 Jun 2022 10:03:45 GMT
server: cloudflare
etag: W/"1aec447da87d1627fad6c89bc560eecc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1597095993170
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 82479a545fed91f3-FRA
x-robots-tag: all
x-amz-cf-id: 9bKMD4nwozI0raxONy0cO9Utc2x8asDTZ3I-N1dSPIlDfikTr3tMzw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 icon_search_2020b.png
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 212 B
881 B 42ms
42ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/icon_search_2020b.png
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ae9b1771bf14db70ab8b7f15a98a88e78307a6b498182268a4de1ff393d88bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-33469350916,FD-6262692448,P-1665891,FLS-ALL
age: 11602
x-amz-request-id: 56R7BGFMANBJQYQV
x-amz-server-side-encryption: AES256
edge-cache-tag: F-33469350916,FD-6262692448,P-1665891,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="icon_search_2020b.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "c9a08b827cc52adbe146a1519a312a5d"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1597096538277
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 11 Nov 2023 15:35:03 GMT
via: 1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: iY4foo3ISi96BxM2rLVgv9iuf8FE_L6A
x-amz-cf-pop: FRA56-P7
cf-polished: origFmt=png, origSize=346
x-cache: RefreshHit from cloudfront
cache-tag: F-33469350916,FD-6262692448,P-1665891,FLS-ALL
x-amz-meta-index-tag: all
content-length: 212
x-amz-id-2: Qc+DySezsA8H8BodT3IZCSHOtZq1A06NFmv3w9Wq1sNwC60NmRjKXlW5sriHioKFRlAYc9H1eROHIxcqqPD7tA==
last-modified: Mon, 10 Aug 2020 21:55:39 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 82479a546fee91f3-FRA
x-amz-cf-id: Jl8F08intEJcAMkttzsPxjCPCyX8KetIC6AYoZMfF2B74r8HwCPJcg==

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 46 KB
46 KB 66ms
18ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.aquasec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 20:16:09 GMT
x-content-type-options: nosniff
age: 155934
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46704
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Nov 2024 20:16:09 GMT

GET
H3 200 Picture1-Dec-01-2022-08-54-06-5326-AM.png
blog.aquasec.com/hs-fs/hubfs/ 40 KB
41 KB 875ms
874ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.aquasec.com/hs-fs/hubfs/Picture1-Dec-01-2022-08-54-06-5326-AM.png?width=624&height=623&name=Picture1-Dec-01-2022-08-54-06-5326-AM.png

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3537cc76c8cf0feafdf0eeb55ece298e0fcecda17bb7b6b4c075edd4a1da4d78

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-93737543301,P-1665891,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 40856
cf-resized: internal=ok/m q=0 n=652+0 c=2+167 v=2023.9.8 l=40856
last-modified: Thu, 01 Dec 2022 08:54:07 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf_PSJZFS4ON5kmb6gqyyjGJvyhayaqx9v70tjR-dsDQ:7042e82f8c32a2d8ed2c2efc1c9da55f"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1zN%2Fhage9RMMNGan%2B%2FL6AsC4Uo8TaQsu56RnUGVaroH0aRUsds6s%2B4KBARKRNSYkbmHPdfkygsldXoK7o0edkb1CR1I6yGY00i%2Fa9VfgQrE%2B%2F9laZJPFO2Y9CrGvZgV7ir9cl59WggPJZHsVIU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 82479a548f05380e-FRA

GET
H3 200 Picture2-3.png
blog.aquasec.com/hs-fs/hubfs/ 49 KB
50 KB 740ms
739ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.aquasec.com/hs-fs/hubfs/Picture2-3.png?width=800&height=355&name=Picture2-3.png

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f33697ff97491e3ea2b3d5add53056d561ef3f00f783fca8b7d204de564d146

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-93736704097,P-1665891,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 50536
cf-resized: internal=ok/m q=0 n=659+0 c=1+21 v=2023.9.8 l=50536
last-modified: Thu, 01 Dec 2022 08:54:07 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfmaE9t8s7Aw5NJh3exNWxNzVJdUIELMOW0kyuibgMDQ:b06120eb093590210b36847c1e8775fd"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2uV5hih%2BkdQfCS%2BHbnSuTsJB3wOMKDm5qHLb2ofI9xtdhWdb1WEkKxPjk5yz8Kxh%2FpGTl5JrfyiXlopCrxLFuXQ5%2BRp6JaZCfI0Ypl08Awo4j64Vi2r7dRbFJl9BdOUJdRPnwaMEkFmeDQB9cjM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 82479a548f06380e-FRA

GET
H3 200 Picture3-1.png
blog.aquasec.com/hs-fs/hubfs/ 29 KB
30 KB 1004ms
1002ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.aquasec.com/hs-fs/hubfs/Picture3-1.png?width=800&height=158&name=Picture3-1.png

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

35144a29adb1f7582cca8e0dbbd4fbe6927b093e5a061eb9d2b4930328e47ad5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:04 GMT
strict-transport-security: max-age=31536000
via: 1.1 547a50460a0cda7ae3dafb1c0b6d0e1a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-93736704095,P-1665891,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 29574
cf-resized: internal=ok/m q=0 n=926+0 c=0+31 v=2023.9.8 l=29574
last-modified: Thu, 01 Dec 2022 08:54:07 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfUikn7K9cUwoKO8esb-FnuEOrKDBl2oMoPLQs9vsWDQ:146fe9bbca33349eeaa18692a8eba6bd"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0AbZfZAk0DLj6Ui1lq6LkWQKosb%2Fa3q2fqP%2FY1j11iT0tYfjbqV%2BAGAbU8HKho%2Bs3UGg102Tp0L6MEmRICbh%2BCkK1x%2FWcubTYjko3RJehX6FZdgonHy2G4o0f65oG3pG7nCFxAv2cR32z9qmJlY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 82479a548f08380e-FRA

GET
H2 200 logo_aqua_dark_2020.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 2 KB
1 KB 45ms
43ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/logo_aqua_dark_2020.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32046089ccace81843cbfbf1e80ec224e591a3a6441753dd62e0bcf4cf33c6d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
via: 1.1 745bd6e0dfe1d054bf9397c4a6fbc612.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-32606658374,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: cGIgv._m7NnLCO.CteoU4AWXKa3.JYOI
age: 11602
x-amz-cf-pop: VIE50-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: HZ5P2BM57EW9KJKK
edge-cache-tag: F-32606658374,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-32606658374,FD-6262692448,P-1665891,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-id-2: M7+VGMUjb9YW08tkehauBatN24CHXb5BYtI305uRlBF4bWTZRjgXaU7AAZQFrjoQfJAT/QOUPFM=
last-modified: Mon, 20 Jun 2022 10:04:44 GMT
server: cloudflare
etag: W/"fb3dc48473ed7d00d95c696406bb2aa0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1595279826387
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 82479a54b81a91f3-FRA
x-robots-tag: all
x-amz-cf-id: H_FYou-ajG93_2lIq3-4VMaawy1oYfEfJ_Mxkw9v640iu1bxiOUWlw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 facebook.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 779 B
1 KB 46ms
45ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/facebook.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c777fc478672e659838faae4c55cf7a8e32c688431ee4d0cd268cf14f645b673

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
via: 1.1 8a6f67a9421de326f43e9107751b580e.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7582432823,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: SiJr2kD481BGRTq56gO1daBOEbOHUvM_
age: 11602
x-amz-cf-pop: FRA56-P4
x-amz-request-id: 5YHSTENRVFF88M1W
edge-cache-tag: F-7582432823,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-7582432823,FD-6262692448,P-1665891,FLS-ALL
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-id-2: oSCj1NJp/pleua52bETILzA+g0zalhXFsRWQJL9QKc7+GwfeEN9be2B5RnaskFBBsXpVZCxrOn4=
last-modified: Wed, 13 Feb 2019 23:42:59 GMT
server: cloudflare
etag: W/"19749026ef152d226e9257455bec9ed7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 82479a54b81b91f3-FRA
x-amz-cf-id: qjXI1ytW8wKbL07bzhkjKZ33atYiebs79L0yLbLhV5LTfx9iWHvn_Q==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 twitter.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 1 KB
1 KB 45ms
44ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/twitter.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7138c5a544f4668dd59e8f9d96aaa87bcfd0066948ea309f2db6460bd3b81041

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
via: 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7582014199,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: mVTFNpptaHocM.LV.q7AdmUpV3QrCcWF
age: 11602
x-amz-cf-pop: FRA56-P7
x-amz-request-id: EYGYWTMC2JAM2MT9
edge-cache-tag: F-7582014199,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-7582014199,FD-6262692448,P-1665891,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-amz-id-2: YAsa2Pa9+twlkaqHJsONgXNJ8a5MAJo4lLtv/K7fCcEvEO+m803g3SMnutArB5OvJfI6GTQl9RM=
last-modified: Wed, 13 Feb 2019 23:42:59 GMT
server: cloudflare
etag: W/"c4fcf938ebe664dd424c0a6a5e4b03fc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 82479a54b81d91f3-FRA
x-amz-cf-id: yInY4PQV3mH8lhbbppmaAiC8yavbE97pVYTLn3lO6FqqEF469MYB6w==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H2 200 linkedin.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 602 B
969 B 43ms
42ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/linkedin.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73b8cc55f2871f64c632b3fe73f36a7b8aaf40ee2a138695573bdc976e1942a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
via: 1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7582436500,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: nffArO3nn88qKY3dclKx6aF8R_YTTHRu
age: 11602
x-amz-cf-pop: FRA56-P7
x-amz-request-id: F7TCERFSYNTTMYSX
edge-cache-tag: F-7582436500,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-7582436500,FD-6262692448,P-1665891,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-id-2: uvW/kMCW73Rl4MdjcdAxRF3VkvORIi1MPXdBN6HuSQ13DXtViI455tqt47pAH0vdrNJf593sHcA=
last-modified: Wed, 13 Feb 2019 23:42:59 GMT
server: cloudflare
etag: W/"ea3d9adf55e5ce658c6a105df641d667"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 82479a54b81e91f3-FRA
x-amz-cf-id: ahs0s-vY8G33mIli-yrvl5kB7l8c97v2YIx9zaNVLRDZpybd0Ltjzw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 youtube.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 746 B
879 B 47ms
46ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/youtube.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1691504001418/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a0cd9e51e9d88fdebfc2389a7fb0864a4cb6f1900262caa68f69c4c21c54eb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
via: 1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7580107715,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: Q4TWafakBa5dIfTqtAoQ9ZM_q.TqNNL7
age: 11602
x-amz-cf-pop: FRA56-C1
x-amz-request-id: 02ESHKMZCY7J71DT
edge-cache-tag: F-7580107715,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-7580107715,FD-6262692448,P-1665891,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-id-2: a5HNWf2Y686F8/ak1BDkdEC3ev22YpfsByqJvKUdMuS9d1FAZjs3SCfwDo78ZyK3SjYQ+YakFNk=
last-modified: Wed, 13 Feb 2019 23:42:59 GMT
server: cloudflare
etag: W/"bd569f0d9e19f95b6e7f98bdb5f7374b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 82479a54b81f91f3-FRA
x-amz-cf-id: lpArPOOrwQ0SXCuzNuJHuJdYiBPhTxMF224F-7W9y5tLtM7jkXsSCg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 json Show response
blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c/ 23 KB
5 KB 175ms
174ms XHR
application/json 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c/json?hs_static_app=forms-embed&hs_static_app_version=1.4110&X-HubSpot-Static-App-Info=forms-embed-1.4110

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7999bcc6df39db93957b50ca8760b4d1580d100b4c4f00be7b91485e2794a7d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 73165db5-3496-4686-bee6-992851da5853
content-encoding: br
x-envoy-upstream-service-time: 17
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 73165db5-3496-4686-bee6-992851da5853
server: cloudflare
x-trace: 2BF32D71BC1C9B1DD2AA95E6F0777C2331FFD987B3000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-c6wfd
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lk4YOovLIMUnjtgeDP3p9IZzEzM9zJvE5YZUy%2B9m3g088tYtjQUN0pBREwhBJ1%2B8REnLEedx3lDkbqZ0WzXs0Kx1SliE0wSwo5jp9k%2FCgKE7e1PE69yGeyUL7WmqBgSJQbn8dlJ7BMre7oX2QyM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 82479a54bf3f380e-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H3 200 json Show response
blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/fc3a461b-474b-4bd2-b409-c41d4ec09d8a/ 6 KB
2 KB 177ms
177ms XHR
application/json 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/fc3a461b-474b-4bd2-b409-c41d4ec09d8a/json?hs_static_app=forms-embed&hs_static_app_version=1.4110&X-HubSpot-Static-App-Info=forms-embed-1.4110

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4282949aa93b69e67bd7b12221abc753452413182435d7fa9d8323f31cdd9826

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e5c97a41-5a81-4bfc-b8cf-69abe7d88096
content-encoding: br
x-envoy-upstream-service-time: 21
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e5c97a41-5a81-4bfc-b8cf-69abe7d88096
server: cloudflare
x-trace: 2BD2A181DF8B142CFA3EEF84304F1CA886E4CEEFE4000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-gvkf2
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8nkTRnvn8gdfDl4UAx29syYBsZh1cFTci1IdW%2BDdfDFJv18u%2BH2%2FnTICOeusIlC2nJw%2FQ4HGPpTFUJL1zmqUdA3PY%2FkSd6BSq3MdwMpxDcQYzSIvbdn7xj%2BF65WdGtBcKrzy3hGyuGkBZOBb6VQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 82479a54bf43380e-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
976 B 294ms
237ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1665891&callback=jsonpHandler

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f6c03438-2a7f-450a-a6b5-2ed112f2c1dc
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=82479a552d66bbc7&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: f6c03438-2a7f-450a-a6b5-2ed112f2c1dc
server: cloudflare
x-trace: 2BA518670467EF617DDA4779578158DFF790C6389E000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-5j9ls
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 82479a552d66bbc7-FRA

GET
H2 200 public Show response
api-na1.hubapi.com/comments/v3/comments/thread/ 74 B
945 B 375ms
312ms Script
application/javascript 2606:4700::6811:cacc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=1665891&offset=0&limit=1000&contentId=93737041754&collectionId=3657573699&callback=jsonp_1699716903163_5450

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c464923e67b73126e91edb831feee7c5cd9a97c48fa9552f1cf922354d91101d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 275c1936-de28-46e8-be90-12dcc0bf84fb
content-encoding: br
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 275c1936-de28-46e8-be90-12dcc0bf84fb
server: cloudflare
x-trace: 2BB317D194D9071CA6C50C6F6D6DF19932C81B497B000000000000000000
vary: origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9OR37W4bO%2FZzyraFAy6WoR4MDw%2BfTY3nXgwBfFV92AHoUKCfskfUMeKOOf%2FIar9BKfHmD6zRFWhu5V546bNACdXgoKrX7jV44F8WRZzBNl%2FcjPzpK3k1S6ojvDq%2FA8ApS1hNr9k6pGJqABlIAbDwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-rr6p5
access-control-allow-credentials: false
cf-ray: 82479a553df8372c-FRA

GET
H3 200 postlisting Show response
blog.aquasec.com/_hcms/ 2 KB
1 KB 450ms
450ms XHR
application/json 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/postlisting?blogId=3657573699&maxLinks=5&listingType=popular_all_time&orderByViews=true&hs-expires=1731110870&hs-version=2&hs-signature=AJ2IBuFXp1GXJnKx5tx4u32o3vyxU30PDw&currentUrl=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

14a40681da498082990774a6ad8cfaa9a08e99c26c9e4d463c2559fe77e06749

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 247473df-5eba-4d8e-9c81-7b467c127a89
content-encoding: br
x-envoy-upstream-service-time: 32
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 247473df-5eba-4d8e-9c81-7b467c127a89
last-modified: Sat, 11 Nov 2023 15:35:03 GMT
server: cloudflare
x-trace: 2BF842A4EACBA152BEF1069D1FA20C3DCBEDD526D7000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gQDQvMwa3lCYbr5a9pbaSN8XN0UkQMKlHvJkuHfGLHOae3YZarkEqdJEFc1PRu%2FiUsa6LI8cOcRP3JW4gdT07PiGL8rOWVLE4fdzS00zDMQaR0%2F8pgj%2Bv4MUJN%2Bv%2FcbSoHbmkzw2D0xKNgiatY8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-40-49-td/envoy-proxy-67dcc995bc-vfz56
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 82479a54cf59380e-FRA
x-robots-tag: none

GET
H2 200 1665891.js Show response
js.hs-banner.com/ 70 KB
17 KB 373ms
313ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/1665891.js
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/scriptloader/1665891.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5566f35be4fed3171402b963468ed795ac73029eaf606806a9dcf4e8f7ba32f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
x-amz-version-id: PytB3d9xP.wvMRCn6cb_yqc7ImQowetU
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 0F3RPWQBF6BMENEG
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: e52fc334-d81e-4c33-9a9c-7fa3929aafe0
x-envoy-upstream-service-time: 87
x-amz-id-2: XTEzk+EyHThfKtEsY0kOaS6tfwLjLCzdBhf+7Bx7oV6zoBoMse9mM9S8rBoi5gDpfDb8SIREd2g=
x-evy-trace-listener: listener_https
x-request-id: e52fc334-d81e-4c33-9a9c-7fa3929aafe0
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 03 Nov 2023 19:37:32 GMT
server: cloudflare
etag: W/"b90c83b1783348e50d6bfaf7f4f99a98"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://blog.aquasec.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-576b4d6667-7nqmg
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 82479a559dbc18d3-FRA
expires: Sat, 11 Nov 2023 15:40:03 GMT

GET
H2 200 1665891.js Show response
js.hs-analytics.net/analytics/1699716900000/ 70 KB
22 KB 240ms
177ms Script
text/javascript 2606:4700::6810:50ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1699716900000/1665891.js
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/scriptloader/1665891.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:50ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8227ebb92dd2ad3045c7e030b0271c6a3abdd849c1e512b1a0d84afe3f77666d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: EDQX84MBF9QA1335
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 8fe62e0b-c1a8-4308-9dde-808577177138
x-envoy-upstream-service-time: 24
x-amz-id-2: lWG1EvXmtb+mekzkUQDp2bRrGRZPNIL4PkxGODa9hXG5qRcU5danZCTdB9qHeD6gyIwJVWT5V68=
x-evy-trace-listener: listener_https
x-request-id: 8fe62e0b-c1a8-4308-9dde-808577177138
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 03 Nov 2023 19:37:33 GMT
server: cloudflare
etag: W/"48222154d78c2c608bc5ab37375218a9"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-576b4d6667-pljn2
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 82479a559f6d9a09-FRA
expires: Sat, 11 Nov 2023 15:40:03 GMT

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 77 KB
23 KB 217ms
161ms Script
application/javascript 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/scriptloader/1665891.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79371284e1052bf1e88b017d78ece22e4a39bb58b520a3f3ee3c545b273ae8f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
Origin: https://blog.aquasec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.676/bundles/project.js&cfRay=82479a558f10048f-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"01bab0289dcd8ac651a7405f40ec59a4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.676/bundles/project.js
date: Sat, 11 Nov 2023 15:35:03 GMT
x-amz-version-id: QsIa1V6BkpY2avVuCaY7zCDykE83Ad58
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 3b2ca3a7-7632-4b4f-8abc-908ce5b2e0ac
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3b2ca3a7-7632-4b4f-8abc-908ce5b2e0ac
last-modified: Thu, 09 Nov 2023 11:48:06 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N39oKbQRWeActZ0ZoUw5nV%2BGlRU21EwHq9m5u%2Fca0Eg%2FskQCPFT5R99cSnJxFz3TfEdSpaIFHXSWjug9vU9nuEp7D6DbBlFNazv7wBDTky2jfiwK38Tr5MGumppB1%2Bvp7n64P2KsfGf5pZg3"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-hgc92
cf-ray: 82479a558f10048f-FRA
x-amz-cf-id: hYH_xTjUWYabny2arLm_itKPJ3Z7l55n14zXfYtrDcvKcAVJM3JWkg==

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 83 KB
24 KB 86ms
31ms Script
application/javascript 2606:4700::6811:faa8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/scriptloader/1665891.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:faa8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b14289833de1c5b8da19bf0aa86278185dfdbb3113baca8b658fa0ee8a563dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
x-amz-version-id: wH3z2hXmzY083mmKsKR.rBDdNfo.ct1e
via: 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 429
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.14670/bundles/project.js&cfRay=82478fdcb9502c23-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: f0384f29-c0bf-40bf-825d-b49fbc97ee47
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f0384f29-c0bf-40bf-825d-b49fbc97ee47
last-modified: Mon, 06 Nov 2023 17:38:05 UTC
server: cloudflare
etag: W/"16a6c607eb7d2279e56c6ae6291e6de2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-lkw24
cf-ray: 82479a558a5d2c3f-FRA
x-amz-cf-id: EpOdgkkAS4PvpQZYi_v02CSlq5NFFEqcFxPrwdOBzMlm9QdwfbYlSg==
x-hs-target-asset: conversations-embed/static-1.14670/bundles/project.js

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 41 KB
15 KB 52ms
52ms Script
application/javascript 2a02:26f0:3500:16::215:1490
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1490 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f1affc5a4519444738495286362e833214d11646998cd2d5ece5e4de75cd8b8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Nov 2023 07:18:40 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=30827
accept-ranges: bytes
content-length: 15307

GET
H2 204 25111106.js Show response
bat.bing.com/p/action/ 0
115 B 43ms
43ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25111106.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Sat, 11 Nov 2023 15:35:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C410768AB657459384A286F07E27D799 Ref B: FRAEDGE2006 Ref C: 2023-11-11T15:35:03Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 104ms
104ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25111106&tm=gtm002&Ver=2&mid=241a4f79-685e-4f6f-96a9-ab77eded1642&sid=e1e0176080a711eeb19cbdc17ec1147d&vid=e1e0348080a711ee8dc8236471782638&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware&p=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&r=&lt=714&evt=pageLoad&sv=1&rn=547814

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 11 Nov 2023 15:35:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 041DDCD2DAAE4D88AC39736F3ADDDB0E Ref B: FRAEDGE2006 Ref C: 2023-11-11T15:35:03Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D45226%26time%3D1699716903290%26url%3Dhttps%253A%252F%252Fblog.aquasec.com%252Fred...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cookiesTest=true&liSync=true&e_ipv6=AQLKgVKti-_g-gAAA...

0
266 B

300ms
209ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cookiesTest=true&liSync=true&e_ipv6=AQLKgVKti-_g-gAAAYu_BbRuOIT56igY1Xp99CbxzLGpAguZTMBxPYKXIDz0XRBvvWEOYKTkjakT
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:04 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 8C7FCCE33BE34866832F46EE21DDD7D2 Ref B: FRAEDGE1307 Ref C: 2023-11-11T15:35:04Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYJ4i5NOXgOCuRi4wuo+A==

Redirect headers

date: Sat, 11 Nov 2023 15:35:03 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A945CFD974334C759BC192F8D0AB823E Ref B: FRAEDGE1416 Ref C: 2023-11-11T15:35:03Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1699716903290&url=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cookiesTest=true&liSync=true&e_ipv6=AQLKgVKti-_g-gAAAYu_BbRuOIT56igY1Xp99CbxzLGpAguZTMBxPYKXIDz0XRBvvWEOYKTkjakT
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYJ4i5ItPsS29U9GUl1NQ==

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1015 B 196ms
135ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sat, 11 Nov 2023 15:35:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 67a6d191-b8a8-4c43-8e3d-9fb4cdc32161
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 67a6d191-b8a8-4c43-8e3d-9fb4cdc32161
Server: cloudflare
X-Trace: 2B47B216264DD2FBA77F74038E7A971C8A39F538E5000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-klgzd
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 82479a564f29194b-FRA

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1015 B 198ms
136ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sat, 11 Nov 2023 15:35:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: b4504c10-8eea-4cfa-a35c-267b681e7f95
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b4504c10-8eea-4cfa-a35c-267b681e7f95
Server: cloudflare
X-Trace: 2B69E57B04623BFAE97E7FE339CD5FDBFD10DECC02000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-n8fhc
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 82479a5678f48ff2-FRA

GET
H3 200 widget Show response
blog.aquasec.com/_hcms/livechat/ 288 B
1 KB 180ms
179ms XHR
application/json 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/livechat/widget?portalId=1665891&conversations-embed=static-1.14670&mobile=false&messagesUtk=b945f3a849454a68915d773ef4351076&traceId=b945f3a849454a68915d773ef4351076

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f51c9673e7f2f60ab48a0171de5d63bf9a59ace600d35386563e5390813b01f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6dfbd363-c9bb-4b5f-8ccb-aa6dc1db2b57
x-envoy-upstream-service-time: 7
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6dfbd363-c9bb-4b5f-8ccb-aa6dc1db2b57
server: cloudflare
x-trace: 2B06DEF7259A561A352C2EE13B3560196AE2E943C7000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5dc9ffbc55-lcxhm
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3os81gqyfIxXSapHf8CP5uwx3tWciyD3oBsHTomAAfP5R6280u%2BCgESXGa58OB2eC3tKJLrCjEFpi2sWGBVMJhhQqJh5ASptlyNJ9aIKQ6o%2BsoQopkjBz7nTlsi7ZFZfGnhLI9wxGnNFx9fvOaE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 82479a5648ec380e-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 99ms
97ms XHR
text/html 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-43-73.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://blog.aquasec.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 23 B
315 B 105ms
20ms XHR
text/html 2a02:26f0:7100::210:180
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:180 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 7f4bda5663702c386616dd479496298ac3df87f9d20911b41098e0b9776765aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:35:03 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://blog.aquasec.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:2:240:3247::6
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1699716903455_34603388_316690975_22_1289_18_41_219";dur=1
content-length: 23
expires: Sat, 11 Nov 2023 15:35:03 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
486 B 501ms
493ms Image
image/gif 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=cfcd529d-5b61-4cd9-8fc6-186d35d5b981&session=3e1717c2-1cbc-42fa-8c24-252c8112b3ce&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A03%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Aqua%20Nautilus%20discovers%20Redigo%2C%20new%20previously%20undetected%20Go-based%20malware%20that%20targets%20Redis%20servers%20to%20gain%20domination%20on%20the%20compromised%20machine%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&pageViewId=c3596430-1661-45b5-8c9d-ecb04ae450e9&v=1.1.7

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 283ms
283ms Image
image/gif 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=cfcd529d-5b61-4cd9-8fc6-186d35d5b981&session=3e1717c2-1cbc-42fa-8c24-252c8112b3ce&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2011%20Nov%202023%2015%3A35%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b5b19d05dd2f4d2bdb579c1a77a6b1bd%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2011%20Nov%202023%2015%3A35%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2011%20Nov%202023%2015%3A35%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Aqua%20Nautilus%20discovers%20Redigo%2C%20new%20previously%20undetected%20Go-based%20malware%20that%20targets%20Redis%20servers%20to%20gain%20domination%20on%20the%20compromised%20machine%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&pageViewId=c3596430-1661-45b5-8c9d-ecb04ae450e9&v=1.1.7

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 246 B
1 KB 172ms
156ms Fetch
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=1665891&currentUrl=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&contentId=93737041754

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97824daa6d5a75e1aa86b8148af2fa935276f4aa8abe1d050fd861d325a5686e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f3d28e5f-13a4-43f4-bf38-5569bb98a365
content-encoding: br
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f3d28e5f-13a4-43f4-bf38-5569bb98a365
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.aquasec.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RRpbJUe7ZldCtwK%2F7UuuczDcQNu8%2FkVOTof6aN9wqgZpZoUyE%2Bc4S7eFJqPQEGMhcaSEZucQ8IabZ3b%2FtZG4pXXBvy4xSgsHigCrPJkUn5EtEy%2FJ3OzCwh2eN99%2FCrzLJLKjpRyhitDpnlX1gB%2FkjSVqFo64pf%2Fvq1E%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 82479a56c8e0048f-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-4d94j

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 243ms
242ms Image
image/gif 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=cfcd529d-5b61-4cd9-8fc6-186d35d5b981&session=3e1717c2-1cbc-42fa-8c24-252c8112b3ce&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A2%3A240%3A3247%3A%3A6%22%7D&isIframe=false&m=%7B%22description%22%3A%22Aqua%20Nautilus%20discovers%20Redigo%2C%20new%20previously%20undetected%20Go-based%20malware%20that%20targets%20Redis%20servers%20to%20gain%20domination%20on%20the%20compromised%20machine%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&pageViewId=c3596430-1661-45b5-8c9d-ecb04ae450e9&v=1.1.7

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:03 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
198 B 138ms
138ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/1665891.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 11 Nov 2023 15:35:04 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: aba9155a-c949-4400-83d7-41cfc835a696
x-envoy-upstream-service-time: 16
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: aba9155a-c949-4400-83d7-41cfc835a696
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://blog.aquasec.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-576b4d6667-lh5rv
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 82479a59ce239963-FRA

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
0 340ms
297ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://blog.aquasec.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://blog.aquasec.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 82479a57ec019963-FRA
content-length: 0
content-type: application/octet-stream
date: Sat, 11 Nov 2023 15:35:03 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 4
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-576b4d6667-7nqmg
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 5ded556a-fc77-4ee9-846d-b602703d075c
x-request-id: 5ded556a-fc77-4ee9-846d-b602703d075c

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 199ms
137ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sat, 11 Nov 2023 15:35:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 971c8140-c7e1-4810-899c-9c0e7e217499
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 971c8140-c7e1-4810-899c-9c0e7e217499
Last-Modified: Sat, 11 Nov 2023 15:35:03 GMT
Server: cloudflare
X-Trace: 2B09B4D5A56B10EF80A3264793DB18F3F779E95998000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fd659ccfb-n8fhc
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 82479a585fd765d3-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 224ms
223ms Image
image/gif 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=cfcd529d-5b61-4cd9-8fc6-186d35d5b981&session=3e1717c2-1cbc-42fa-8c24-252c8112b3ce&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A04%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A03%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%221004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Aqua%20Nautilus%20discovers%20Redigo%2C%20new%20previously%20undetected%20Go-based%20malware%20that%20targets%20Redis%20servers%20to%20gain%20domination%20on%20the%20compromised%20machine%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&pageViewId=c3596430-1661-45b5-8c9d-ecb04ae450e9&v=1.1.7

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:04 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 205ms
204ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 11 Nov 2023 15:35:04 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 03255E3DB3F3480D808A8534E26FFE27 Ref B: FRAEDGE1416 Ref C: 2023-11-11T15:35:04Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://blog.aquasec.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYJ4i5QUG5jPRxOMz7HgQ==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
631 B 195ms
177ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=972325071&v=1.1&a=1665891&pi=93737041754&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cpi=93737041754&cgi=3657573699&lpi=93737041754&lvi=93737041754&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&t=Aqua+Nautilus+Discovers+Redigo+%E2%80%94+New+Redis+Backdoor+Malware&cts=1699716904640&vi=e8b2cba7058b206eb6a3bee17203b754&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8737c893-27ad-42c9-97ba-9dd236aeac69
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8737c893-27ad-42c9-97ba-9dd236aeac69
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qrvIjAGiSicRo4cccN%2FlAkUjHCKhOVsBG8ATJeCBkh%2FK56%2BWHw6VCEreYgcgotCjwHpri8FTe1NO0mnAcIkitOupOVqKqefLeQzYQvTYQp2Lw6sIa3ZHm7Jmg1OjTxJtYKld%2F5Prz7QQ6tUweufM"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7d556d9994-qjjrn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 82479a5e29f9bbc7-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
614 B 160ms
148ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c&fci=9d5f27bd-609b-40e9-8076-18b29143d59a&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=972325071&v=1.1&a=1665891&pi=93737041754&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cpi=93737041754&cgi=3657573699&lpi=93737041754&lvi=93737041754&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&t=Aqua+Nautilus+Discovers+Redigo+%E2%80%94+New+Redis+Backdoor+Malware&cts=1699716904642&vi=e8b2cba7058b206eb6a3bee17203b754&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8712ecf1-6d65-4d09-a126-9707aebbc15a
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8712ecf1-6d65-4d09-a126-9707aebbc15a
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7an4G20gS5a4PWPXo9EEs8%2FRmQWJPxhHezPMsOaBxnits5n26eqBJGAdcftiCENZk55cQh355LyrxRd6CUdjkLi%2BQgCsT%2Bzw6svrSVLN3Yzwf4RvOrUMy%2BGuV5MWrvbFdTZT%2FVuevGkIKncqDiRC"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7d556d9994-lwjkl
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 82479a5e29f7bbc7-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
442 B 158ms
152ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=fc3a461b-474b-4bd2-b409-c41d4ec09d8a&fci=6e7ac7f4-ae4a-4b26-a102-80b0503f8674&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=972325071&v=1.1&a=1665891&pi=93737041754&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cpi=93737041754&cgi=3657573699&lpi=93737041754&lvi=93737041754&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&t=Aqua+Nautilus+Discovers+Redigo+%E2%80%94+New+Redis+Backdoor+Malware&cts=1699716904643&vi=e8b2cba7058b206eb6a3bee17203b754&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1e345ab7-ddb0-463a-98de-2560e5ce46e6
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1e345ab7-ddb0-463a-98de-2560e5ce46e6
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2F1k0%2BYpjD3auhq5bhenkvtukJZ1dnTPsx7aIXrwT6l%2Fh1pWheZfWjpkSuvRzgBkeXJsk9nWHQEw2PeyKWNjifX4o5K3HD%2FtAK%2FrM%2Bgn8KHPJ151QNas7qEMzKI3P%2BJMkkLYVHDjWoQDgemct8CA"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7d556d9994-lbz6f
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 82479a5e29fbbbc7-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
436 B 156ms
151ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=fc3a461b-474b-4bd2-b409-c41d4ec09d8a&fci=6e7ac7f4-ae4a-4b26-a102-80b0503f8674&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=972325071&v=1.1&a=1665891&pi=93737041754&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&cpi=93737041754&cgi=3657573699&lpi=93737041754&lvi=93737041754&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&t=Aqua+Nautilus+Discovers+Redigo+%E2%80%94+New+Redis+Backdoor+Malware&cts=1699716904644&vi=e8b2cba7058b206eb6a3bee17203b754&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9796f199-99db-415f-915d-7253630c4a4c
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9796f199-99db-415f-915d-7253630c4a4c
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FaEqFDgbEE0wmAK2%2BANarBxm36CL2tDfoYVV7eTlxm8v9dlDyS2XUp4iDsXDxHxgFoeS8P2YxcaPSr4W03mm5Fmyn4Y05HR7Xk06YdZ4XfMU3dH3kj5DFtKV8AV%2Bqu4ijZwhg2qpMEDrN3YNn4M"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7d556d9994-q5466
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 82479a5e29fcbbc7-FRA
x-robots-tag: none

GET
H2 200 trends.min.js Show response
assets.trendemon.com/tag/ 273 KB
54 KB 143ms
23ms Script
application/javascript 2600:9000:223c:c600:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/tag/trends.min.js
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/redigo-redis-backdoor-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:c600:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b62a981c977cb766b68ceb5d184338aab7ebc6c3c42dae44fac391ee6fe2bd4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:06:31 GMT
content-encoding: gzip
via: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
last-modified: Mon, 06 Nov 2023 08:06:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 1715
x-amz-server-side-encryption: AES256
etag: "cb41a6a43ae47ab63b58e9e1a83615cc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 55067
x-amz-cf-id: LMl-rwZN57CqHKXIbxPexLAmI7VhYAPNr_fykRoEPF88XVqwtnhenw==

GET
H2 200 1810 Show response
trackingapi.trendemon.com/api/settings/ 796 B
935 B 384ms
130ms Script
application/x-javascript 52.72.235.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/settings/1810?callback=jsonp383696&vid=
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.235.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-235-210.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 73decd56a355633f3bd9ea4997bddc10c36108809625c6481847d5e5dca6a91b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:35:05 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 796
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
486 B 245ms
245ms Image
image/gif 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=cfcd529d-5b61-4cd9-8fc6-186d35d5b981&session=3e1717c2-1cbc-42fa-8c24-252c8112b3ce&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A04%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Aqua%20Nautilus%20discovers%20Redigo%2C%20new%20previously%20undetected%20Go-based%20malware%20that%20targets%20Redis%20servers%20to%20gain%20domination%20on%20the%20compromised%20machine%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&pageViewId=c3596430-1661-45b5-8c9d-ecb04ae450e9&v=1.1.7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:05 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 identity.min.js Show response
assets.trendemon.com/global/ 18 KB
6 KB 20ms
20ms Script
application/javascript 2600:9000:223c:c600:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/global/identity.min.js
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:c600:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:06:32 GMT
content-encoding: gzip
via: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
last-modified: Mon, 06 Nov 2023 08:06:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 1713
x-amz-server-side-encryption: AES256
etag: W/"3f44b799c727cbac65d90f0779b8eb4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: Yk_ejwuh5v3kp8RPKdrNltChikZIytfAC4aclJLf4ntIPjd4JALiOQ==

GET
H2 200 me Show response
trackingapi.trendemon.com/api/Identity/ 94 B
507 B 120ms
120ms Script
application/x-javascript 52.72.235.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/Identity/me?accountId=1810&DomainCookie=16997169056102701&fingerPrint=f4de3c86d1b397c35c950aabe73af0ac&callback=jsonp947176&vid=
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.235.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-235-210.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: de2ffc3c60af9f18344bea69418871d58d01d44ee56e8708ab5c2ebff5f74e0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:35:05 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 94
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 pageview
trackingapi.trendemon.com/api/events/ 43 B
234 B 148ms
147ms Image
image/gif 52.72.235.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trackingapi.trendemon.com/api/events/pageview?accountId=1810&url=aHR0cHM6Ly9ibG9nLmFxdWFzZWMuY29tL3JlZGlnby1yZWRpcy1iYWNrZG9vci1tYWx3YXJl&cookie=16997169056102701&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=1810:16997169056102701&r=1699716905824
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.235.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-235-210.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:35:05 GMT
server: Kestrel
age: 1691358
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 personal Show response
trackingapi.trendemon.com/api/experience/ 4 KB
4 KB 464ms
464ms Script
application/x-javascript 52.72.235.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/experience/personal?AccountId=1810&ClientUrl=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&MarketingAutomationCookie=&ExcludeUnitsJson=%5B%5D&streamId=&callback=jsonp64273&vid=1810:16997169056102701
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.235.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-235-210.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: bed891d72db1a5c5a22296ecd0b75e5d8f316c0f92b57e661967d871298ce3e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:06 GMT
server: Kestrel
content-length: 3829
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
486 B 240ms
240ms Image
image/gif 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=cfcd529d-5b61-4cd9-8fc6-186d35d5b981&session=3e1717c2-1cbc-42fa-8c24-252c8112b3ce&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A05%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Aqua%20Nautilus%20discovers%20Redigo%2C%20new%20previously%20undetected%20Go-based%20malware%20that%20targets%20Redis%20servers%20to%20gain%20domination%20on%20the%20compromised%20machine%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&pageViewId=c3596430-1661-45b5-8c9d-ecb04ae450e9&v=1.1.7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:06 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK closex.png
pic.trendemon.com/images/ 386 B
848 B 105ms
22ms Image
image/png 65.9.66.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pic.trendemon.com/images/closex.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-118.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sat, 11 Nov 2023 04:09:14 GMT
Via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
Last-Modified: Tue, 16 Apr 2019 23:23:30 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C1
Age: 42229
ETag: "7da2ae17c3b671047838f7b78687a56f"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 386
X-Amz-Cf-Id: qZukQcETrfgYhN8JGhWCL-r6IZGkOrXWN4_i6LB20xAo0r935z4BMg==

GET
H/1.1 200
OK 300x300.png
pic.trendemon.com/units-graphics/ 75 KB
76 KB 105ms
24ms Image
image/png 65.9.66.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pic.trendemon.com/units-graphics/300x300.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-118.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0058bf8f19f46d2afec3c7baec803c4582f7e8a43c192ffe575b901f3d6c31b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sat, 11 Nov 2023 06:48:35 GMT
Via: 1.1 df7c0ba7857d5300ae11e7566c926f16.cloudfront.net (CloudFront)
Last-Modified: Tue, 06 Oct 2020 12:06:07 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C1
Age: 31592
ETag: "855430e5357d2c1eef6fbe9853480bca"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 76979
X-Amz-Cf-Id: XXzLrEZ-iXhkbrvXhgEwivQqiMLORAtNyCjRsGnL5iqM1LTFn6ZhcA==

GET
H2 200 personal-embedded Show response
trackingapi.trendemon.com/api/experience/ 5 KB
5 KB 319ms
318ms Script
application/x-javascript 52.72.235.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/experience/personal-embedded?AccountId=1810&ClientUrl=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&MarketingAutomationCookie=&Ids=%5B%22ac25252f-46f9-4952-bdc4-33b23e371131%22%5D&Groups=%5B%22recommend%22%5D&StreamId=&callback=jsonp321983&vid=1810:16997169056102701
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.235.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-235-210.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 4b05063973296371a2e99c47683552733b31f3228edb8948f7518fc05127a6e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:07 GMT
server: Kestrel
content-length: 5450
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 559 KB
179 KB 195ms
135ms Script
application/javascript 2606:4700::6810:8ace
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

063746967871d4216965a4986fe8364aa66625bc5da5dd9d4c356d863b5c51da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4110/bundles/project-v2.js&cfRay=82479a6df9c72c23-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"c29a551e477ae940faf937d9f051c067"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4110/bundles/project-v2.js
date: Sat, 11 Nov 2023 15:35:07 GMT
x-amz-version-id: 2.K8Uxn1o3u0mUGuPox8BfBcKB0lZg3T
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 09e3c073-82d2-4452-91ab-32a0338c07ab
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 09e3c073-82d2-4452-91ab-32a0338c07ab
last-modified: Wed, 08 Nov 2023 09:25:28 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vZns4XWIdfvLFkRw4Cu2OrDC%2FwRim9Nvg2MiZIxjIFY%2BwSYLAG87JavzldUpXfAaZWvxSLtS8dNBQNsgsicUue4F7IGDLMiV7l%2BcLJsoIadbnnZSG7VMEyhf7I%2BSYoEM9oUj5oy3ZNkk7%2BoA"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-59f9889544-pw49x
cf-ray: 82479a6df9c72c23-FRA
x-amz-cf-id: pgMD8A7-LrNdldNPszshfExWDmXjBO-Bjv0fQkmPkAcQ8wmP1RrHCg==

GET
H/1.1 200
OK closex.png
pic.trendemon.com/images/ 386 B
848 B 22ms
22ms Image
image/png 65.9.66.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pic.trendemon.com/images/closex.png
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-118.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sat, 11 Nov 2023 04:09:14 GMT
Via: 1.1 df7c0ba7857d5300ae11e7566c926f16.cloudfront.net (CloudFront)
Last-Modified: Tue, 16 Apr 2019 23:23:30 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C1
Age: 42230
ETag: "7da2ae17c3b671047838f7b78687a56f"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 386
X-Amz-Cf-Id: uBE7fEDw_tWX07Nh00f-yfMI8xvp1SO7zml1AjNhcCKo6WahZvZC6w==

GET
H/1.1 200
OK 110dc31336e55747354cc5408a9cc4e8.jpg
pic.trendemon.com/tasks_logo/1810/ 19 KB
19 KB 51ms
50ms Image
image/jpeg 65.9.66.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pic.trendemon.com/tasks_logo/1810/110dc31336e55747354cc5408a9cc4e8.jpg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-118.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b57804b37c910686ee970ad8012e96f99815accf24e4acdea596f33be6957fc2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sat, 11 Nov 2023 15:35:07 GMT
Via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
Last-Modified: Tue, 29 Dec 2020 14:21:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C1
Age: 20654
x-amz-server-side-encryption: AES256
ETag: "428665213b0dd67f0782c696a4aac646"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19093
X-Amz-Cf-Id: kwg2XYFlMwR_Q_r09ajEdeAnNU-rWsYDyWkwSe2WTAVtE6xz2m2wbQ==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
45 B 28ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-D2G99SQ9HG&gtm=45je3b81v875778671z871822536&_p=1699716902858&gcs=G100&gcd=11p1p1l1l5&dma_cps=sypham&dma=1&gdid=dZTQ1Zm&cid=2057988683.1699716903&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAC&_s=2&sid=1699716903&sct=1&seg=1&dl=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&dt=Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware&en=page_view&ep.content_group=Blog&_et=132&tfd=4691
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-D2G99SQ9HG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:35:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.aquasec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 uplift
trackingapi.trendemon.com/api/events/ 43 B
234 B 126ms
125ms Image
image/gif 52.72.235.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trackingapi.trendemon.com/api/events/uplift?AccountId=1810&Cookie=16997169056102701&Url=aHR0cHM6Ly9ibG9nLmFxdWFzZWMuY29tL3JlZGlnby1yZWRpcy1iYWNrZG9vci1tYWx3YXJl&EventType=GENERIC_UNIT_LOAD&CtaId=114166&Widget=true&InAbTest=false&UnitTypeId=0&StreamId=&vid=1810:16997169056102701&r=1699716907138
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.235.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-235-210.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 Nov 2023 15:35:07 GMT
server: Kestrel
age: 1691358
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 223ms
223ms Image
image/gif 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=cfcd529d-5b61-4cd9-8fc6-186d35d5b981&session=3e1717c2-1cbc-42fa-8c24-252c8112b3ce&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A06%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Aqua%20Nautilus%20discovers%20Redigo%2C%20new%20previously%20undetected%20Go-based%20malware%20that%20targets%20Redis%20servers%20to%20gain%20domination%20on%20the%20compromised%20machine%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&pageViewId=c3596430-1661-45b5-8c9d-ecb04ae450e9&v=1.1.7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:07 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
486 B 253ms
253ms Image
image/gif 23.53.43.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=cfcd529d-5b61-4cd9-8fc6-186d35d5b981&session=3e1717c2-1cbc-42fa-8c24-252c8112b3ce&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2011%20Nov%202023%2015%3A35%3A07%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225008%22%7D&isIframe=false&m=%7B%22description%22%3A%22Aqua%20Nautilus%20discovers%20Redigo%2C%20new%20previously%20undetected%20Go-based%20malware%20that%20targets%20Redis%20servers%20to%20gain%20domination%20on%20the%20compromised%20machine%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Aqua%20Nautilus%20Discovers%20Redigo%20%E2%80%94%20New%20Redis%20Backdoor%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fredigo-redis-backdoor-malware&pageViewId=c3596430-1661-45b5-8c9d-ecb04ae450e9&v=1.1.7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.43.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-43-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/redigo-redis-backdoor-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 15:35:08 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

128 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.aquasec.com/	1970-01-20 16:08:38	Name: __cf_bm Value: IJn83kg0dsnN9uVDmvz06U_JlhJLC686dEOXonziMTM-1699716902-0-AfS+W/WljH6pWOAnArnXGcZI/+0WJLWhNME7v9RxE1KEWMkwxroP1aQ8tgleF08mo38sNWqYHSjA4UreUsq9I+0=
.blog.aquasec.com/	1969-12-31 23:59:59	Name: __cfruid Value: fef116f80e04c4f647e9302c38baf322fe91767b-1699716902
.aquasec.com/	1970-01-20 16:10:03	Name: _uetsid Value: e1e0176080a711eeb19cbdc17ec1147d
.aquasec.com/	1970-01-21 01:30:12	Name: _uetvid Value: e1e0348080a711ee8dc8236471782638
.bing.com/	1970-01-21 01:30:12	Name: MUID Value: 169C3603B6DB6F570CB825C5B7096E7A
blog.aquasec.com/	1970-01-21 01:44:36	Name: _gd_visitor Value: cfcd529d-5b61-4cd9-8fc6-186d35d5b981
blog.aquasec.com/	1970-01-20 16:08:51	Name: _gd_session Value: 3e1717c2-1cbc-42fa-8c24-252c8112b3ce
.hubspot.com/	1970-01-20 16:08:38	Name: __cf_bm Value: NteJGUXUbOiN4cb2iAvFt3lQNI5gVxkr5TSNsPkDUJs-1699716903-0-AXG8HxN71/oZ1c1dlrN2SRtHyGVq9XjvhQmCPIssExT2215N28t2nHiEDGK5GiQWh3G+wbNf4/0NVZCDEFaO1a8=
.linkedin.com/	1970-01-20 18:18:12	Name: li_sugr Value: 343a05cb-682b-4b66-a005-984a474202a4
.linkedin.com/	1970-01-21 00:54:12	Name: bcookie Value: "v=2&fe11880f-b14c-4fe6-8435-f55bca8d895b"
.linkedin.com/	1970-01-20 16:10:03	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=3045:u=1:x=1:i=1699716903:t=1699803303:v=2:sig=AQF2pSRmPDdO_LJ99bWxwJj-45slas3T"
.linkedin.com/	1970-01-20 16:51:48	Name: UserMatchHistory Value: AQJ6sfaY0truQwAAAYu_BbLZBWUzxIxDCO6IhpWaK_CVhHR7osOqP3rjQsiRiv6CsyPwBIOi9RdYng
.linkedin.com/	1970-01-20 16:51:48	Name: AnalyticsSyncHistory Value: AQIcIGjIHVtE4AAAAYu_BbLZAooPe57XBeMl7uosBl6JL90KC9d6m5C5FiN5IWgP5-I7vm9Ra2iH9_ao4crN4Q
.6sc.co/	1970-01-21 01:44:36	Name: 6suuid Value: 452b351758740500279f4f657d030000651a0300
.www.linkedin.com/	1970-01-21 00:54:12	Name: bscookie Value: "v=1&2023111115350387e0993a-6904-4b59-8f58-8da90ba61287AQEkEx6XXBfEsj6xCN8Bz_sDwbMSJWGa"
.linkedin.com/	1970-01-20 20:27:48	Name: li_gc Value: MTswOzE2OTk3MTY5MDM7MjswMjFJKJt7VAo/+G+jDIrZ45ODCXoGZzeQHHbPn4ufEcbYow==
.info.aquasec.com/	1970-01-20 16:08:38	Name: __cf_bm Value: 83imfPSf24htTIsJWoih6JLlyIt0ImwB35JxFbQwJI8-1699716904-0-AeNT20h8wxuBFsG1ePTuQVgJamrLwu6MzGBNllKap1lBsDm9adNPKrmmzPjpuhTTaPLsgjOKR5ZNfjKI5xSRd+c=
.info.aquasec.com/	1969-12-31 23:59:59	Name: __cfruid Value: 7b5aa49606421db9de85f912d5bdf4c871eaa965-1699716904
.aquasec.com/	1970-01-21 00:54:12	Name: trd_cid Value: 16997169056102701
trackingapi.trendemon.com/	1970-01-21 01:44:36	Name: trd_gavid_1810 Value: 16997169056102701
trackingapi.trendemon.com/	1970-01-21 01:44:36	Name: trd_gvid Value: 16997169056102701
trackingapi.trendemon.com/	1970-01-21 01:44:36	Name: trd_vid_1810 Value: 1810%3A16997169056102701
.aquasec.com/	1970-01-21 00:54:12	Name: trd_vid_l Value: 1810%3A16997169056102701
.aquasec.com/	1970-01-21 00:54:12	Name: trd_vuid_l Value: 7125474595155749062

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1665891.fs1.hubspotusercontent-na1.net
api-na1.hubapi.com
app.hubspot.com
assets.trendemon.com
b.6sc.co
bat.bing.com
blog.aquasec.com
c.6sc.co
cdn2.hubspot.net
cdnjs.cloudflare.com
cta-service-cms2.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hsforms.com
info.aquasec.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.hubspot.com
js.usemessages.com
pagead2.googlesyndication.com
perf-na1.hsforms.com
pic.trendemon.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
snap.licdn.com
static.hsappstatic.net
track.hubspot.com
trackingapi.trendemon.com
www.googletagmanager.com
www.linkedin.com
13.107.42.14
2001:4860:4802:34::36
23.53.43.73
2600:9000:223c:c600:2:7dc7:8f00:93a1
2606:2c40::c73c:671c
2606:2c40::c73c:67e4
2606:4700:4400::6812:297c
2606:4700:4400::ac40:991b
2606:4700::6810:50ba
2606:4700::6810:6ed1
2606:4700::6810:8ace
2606:4700::6810:bf59
2606:4700::6811:180e
2606:4700::6811:c060
2606:4700::6811:cacc
2606:4700::6811:eff9
2606:4700::6811:faa8
2606:4700::6812:b07d
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2008
2a00:1450:4001:82a::2003
2a02:26f0:3500:16::215:1490
2a02:26f0:7100::210:180
52.72.235.210
65.9.66.118
0058bf8f19f46d2afec3c7baec803c4582f7e8a43c192ffe575b901f3d6c31b2
043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd
063746967871d4216965a4986fe8364aa66625bc5da5dd9d4c356d863b5c51da
0ae9b1771bf14db70ab8b7f15a98a88e78307a6b498182268a4de1ff393d88bb
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
14a40681da498082990774a6ad8cfaa9a08e99c26c9e4d463c2559fe77e06749
1a0cd9e51e9d88fdebfc2389a7fb0864a4cb6f1900262caa68f69c4c21c54eb7
1f51c9673e7f2f60ab48a0171de5d63bf9a59ace600d35386563e5390813b01f
21f5ddeb4c5e6a55dd2e05eee50047cf76287c235ef0e10f807f4145a7ff69e1
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
32046089ccace81843cbfbf1e80ec224e591a3a6441753dd62e0bcf4cf33c6d6
341720edd49c35f7623edd60c2c51a78e6496c133caf30db0751a44d73b085ee
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
35144a29adb1f7582cca8e0dbbd4fbe6927b093e5a061eb9d2b4930328e47ad5
3537cc76c8cf0feafdf0eeb55ece298e0fcecda17bb7b6b4c075edd4a1da4d78
396f95fe76847ae1beacf9c523d2b852b3fc31ce9beedbde4df6b7f8ba6901ec
4282949aa93b69e67bd7b12221abc753452413182435d7fa9d8323f31cdd9826
4b05063973296371a2e99c47683552733b31f3228edb8948f7518fc05127a6e6
4c67cdb660a5c3c279ccfa1cd3d488dff15a8b8b5545288121f1b8f0a70a4686
4f33697ff97491e3ea2b3d5add53056d561ef3f00f783fca8b7d204de564d146
4f9a3cacca516b6343c46d79e9c02a0eea2497cd7b0726359b8bb9120375559e
54fb1eba24b8cdf51f3516dc5351efec8a42824a883e9d4416f48a088cde3e73
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
6355bdb06aae6f5e6e9974eb30fa44f09c01a9762019d673bf1fd83df130b2fa
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7138c5a544f4668dd59e8f9d96aaa87bcfd0066948ea309f2db6460bd3b81041
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
73b8cc55f2871f64c632b3fe73f36a7b8aaf40ee2a138695573bdc976e1942a9
73decd56a355633f3bd9ea4997bddc10c36108809625c6481847d5e5dca6a91b
79371284e1052bf1e88b017d78ece22e4a39bb58b520a3f3ee3c545b273ae8f7
7f4bda5663702c386616dd479496298ac3df87f9d20911b41098e0b9776765aa
8227ebb92dd2ad3045c7e030b0271c6a3abdd849c1e512b1a0d84afe3f77666d
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
8b0491a3b57ad928caeddcde1977c7a89b6c5fa7244586894f3e9f74a00d29c1
8b237687c7d4095875a0b3c92f7efa3f7e145023a8cf6b93bfc8bc7ed6b469f2
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
97824daa6d5a75e1aa86b8148af2fa935276f4aa8abe1d050fd861d325a5686e
b14289833de1c5b8da19bf0aa86278185dfdbb3113baca8b658fa0ee8a563dba
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b57804b37c910686ee970ad8012e96f99815accf24e4acdea596f33be6957fc2
b62a981c977cb766b68ceb5d184338aab7ebc6c3c42dae44fac391ee6fe2bd4d
b8eb8a7898d7f65f3407008af621d906d14d1f0d0ff3f03a70da78cc1e471ea0
bed891d72db1a5c5a22296ecd0b75e5d8f316c0f92b57e661967d871298ce3e4
c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5
c464923e67b73126e91edb831feee7c5cd9a97c48fa9552f1cf922354d91101d
c5566f35be4fed3171402b963468ed795ac73029eaf606806a9dcf4e8f7ba32f
c6d603c605c9e07062ffeba7c47a81e19c4f8c05604c6474371f4ad8b654c758
c777fc478672e659838faae4c55cf7a8e32c688431ee4d0cd268cf14f645b673
d7999bcc6df39db93957b50ca8760b4d1580d100b4c4f00be7b91485e2794a7d
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de2ffc3c60af9f18344bea69418871d58d01d44ee56e8708ab5c2ebff5f74e0d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8a99c16a581c4e69330699d00aa4a7763158ed99194087bceebd232d53eb42f
ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2
ee6eb03a528bb02a6a0aaac0adcdcfaeb3275b2596b08df6efd12ceca93df7e9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1affc5a4519444738495286362e833214d11646998cd2d5ece5e4de75cd8b8e
f43018984c428e6ceee235e36dbeaff1e23343ce6fcb7cb75b8b13ef8ff5a0fe
f95004c5793d5e505efa1b1181b418ad22ca200b3450ccf60091103e4fbd62cc
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

blog.aquasec.com Open in urlscan Pro 2606:2c40::c73c:671c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

88 Requests

99 %HTTPS

87 %IPv6

23 Domains

36 Subdomains

30 IPs

2 Countries

1186 kBTransfer

3116 kBSize

24 Cookies

46 Outgoing links

Redirected requests

88 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.aquasec.com Open in urlscan Pro
2606:2c40::c73c:671c Public Scan

Screenshot
Live screenshot

Full Image

88
Requests

99 %
HTTPS

87 %
IPv6

23
Domains

36
Subdomains

30
IPs

2
Countries

1186 kB
Transfer

3116 kB
Size

24
Cookies

88 HTTP transactions
0 data transactions