blog.barracuda.com Open in urlscan Pro
4.234.25.19 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
Submission: On January 05 via api (January 5th 2024, 5:32:16 pm UTC) from US — Scanned from DE

Summary HTTP 68 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 10 domains to perform 68 HTTP transactions. The main IP is 4.234.25.19, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is blog.barracuda.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 3rd 2024. Valid for: a year.

This is the only time blog.barracuda.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	4.234.25.19 4.234.25.19	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2a02:26f0:480... 2a02:26f0:480:f::213:7ec6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7edb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
17	2600:9000:224... 2600:9000:2240:e600:14:fd89:5ac0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:264... 2600:9000:2646:d400:a:b27c:d040:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.157.4.125 108.157.4.125	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:217... 2600:9000:2176:9000:0:cc59:3900:93a1	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	13.227.219.42 13.227.219.42	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:244... 2600:9000:2449:bc00:1d:8d6d:3b40:93a1	16509 (AMAZON-02) (AMAZON-02)
68	14

26 4.234.25.19 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

blog.barracuda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:480:f::213:7ec6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7edb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2600:9000:2240:e600:14:fd89:5ac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.barracuda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2646:d400:a:b27c:d040:93a1 (United States)

ASN16509 (AMAZON-02, US)

ext.chtbl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-125.dus51.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2176:9000:0:cc59:3900:93a1 (United States)

ASN16509 (AMAZON-02, US)

web.chtbl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.219.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-42.ams54.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2449:bc00:1d:8d6d:3b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag-logger.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	barracuda.com blog.barracuda.com app.barracuda.com	2 MB
7	typekit.net use.typekit.net — Cisco Umbrella Rank: 1107 p.typekit.net — Cisco Umbrella Rank: 1464	149 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 625	118 KB
2	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 12204 tag-logger.demandbase.com — Cisco Umbrella Rank: 12645	21 KB
2	chtbl.com ext.chtbl.com — Cisco Umbrella Rank: 50771 web.chtbl.com — Cisco Umbrella Rank: 49633 Failed	4 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 950	295 B
1	company-target.com api.company-target.com — Cisco Umbrella Rank: 10373	954 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 1360	98 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	77 KB
0	printfriendly.com Failed cdn.printfriendly.com Failed
68	10

	Domain	Requested by
26	blog.barracuda.com	blog.barracuda.com
17	app.barracuda.com	blog.barracuda.com app.barracuda.com
6	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
6	use.typekit.net	blog.barracuda.com use.typekit.net
1	tag-logger.demandbase.com	tag.demandbase.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	api.company-target.com	tag.demandbase.com
1	id.rlcdn.com	blog.barracuda.com
1	web.chtbl.com	ext.chtbl.com
1	tag.demandbase.com	blog.barracuda.com
1	ext.chtbl.com	blog.barracuda.com
1	www.googletagmanager.com	blog.barracuda.com
1	p.typekit.net	use.typekit.net
0	cdn.printfriendly.com Failed	blog.barracuda.com
68	14

This site contains links to these domains. Also see Links.

Domain
www.barracuda.com
twitter.com
www.linkedin.com
www.facebook.com
onetrust.com

Subject Issuer	Validity	Valid
blog.barracuda.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-03` - `2024-12-05`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-21` - `2024-10-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.barracuda.com Amazon RSA 2048 M01	`2023-03-14` - `2024-04-12`	a year	crt.sh
ext.chtbl.com Amazon RSA 2048 M03	`2023-10-24` - `2024-11-19`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2023-08-23` - `2024-09-23`	a year	crt.sh
web.chtbl.com Amazon RSA 2048 M02	`2023-11-30` - `2024-12-28`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2023-09-27` - `2024-09-26`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
*.demandbase.com Amazon RSA 2048 M01	`2023-07-11` - `2024-08-08`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
Frame ID: 20BF02EE430BAA8E85ECAE49446B0761
Requests: 55 HTTP requests in this frame

Frame: https://app.barracuda.com/iframe/subscribe-blog?lang=en
Frame ID: D653A70866630492EDE33935FB23A32A
Requests: 9 HTTP requests in this frame

Frame: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en
Frame ID: 4ED063501D45D8B60CD4035A356A7D4C
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malware 101: File system evasion — memory-only and registry-resident Back ButtonFilter Button

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

68
Requests

94 %
HTTPS

69 %
IPv6

10
Domains

14
Subdomains

14
IPs

3
Countries

2341 kB
Transfer

4479 kB
Size

10
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.barracuda.com/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Malware+101%3A+File+system+evasion+%E2%80%94+memory-only+and+registry-resident+&url=https%3A%2F%2Fblog.barracuda.com%2F2023%2F12%2F01%2Fmalware-101-file-system-evasion-memory-only-registry-resident&via=barracuda
Title: Tweet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite?mini=true&url=https%3A%2F%2Fblog.barracuda.com%2F2023%2F12%2F01%2Fmalware-101-file-system-evasion-memory-only-registry-resident&title=Malware+101%3A+File+system+evasion+%E2%80%94+memory-only+and+registry-resident+&summary=Malware+detection+is+easiest+when+the+malware+is+written+to+disk+or+in+transit+since+the+file+system+and+network+traffic+are+both+simple+to+observe+and+scan+files+from+for+the+presence+of+malware.+
Title: Share

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/share?app_id=256771694846661&display=popup&href=https%3A%2F%2Fblog.barracuda.com%2F2023%2F12%2F01%2Fmalware-101-file-system-evasion-memory-only-registry-resident
Title: Share

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/support/glossary/malware?utm_source=12012023a&utm_medium=blog&utm_campaign=blog
Title: malware

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/cystek/
Title: Connect with him on LinkedIn here

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/company/engineering
Title: Barracuda Engineering

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/products/email-scan?utm_source=rtrail&utm_medium=blog&utm_campaign=blog
Title: Free Email Threat Scan

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/solutions/cyber-liability-insurance?utm_source=rtrail&utm_medium=blog&utm_campaign=blog
Title: Cyber Liability Insurance Guide

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/company/careers?utm_source=rtrail&utm_medium=blog&utm_campaign=blog
Title: Careers at Barracuda

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/company/engineering?utm_source=rtrail&utm_medium=blog&utm_campaign=blog
Title: Barracuda Engineering

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/company/news?utm_source=rtrail&utm_medium=blog&utm_campaign=blog
Title: Barracuda News Room

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/products/email-protection
Title: Email Protection

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/products/application-protection
Title: Application Protection

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/products/network-security
Title: Network Protection

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/products/data-protection/backup
Title: Data Protection

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/products/managed-xdr
Title: Managed XDR

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://www.barracuda.com/company/legal/trust-center/data-privacy/privacy-policy#paranav-navbar
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

68 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request malware-101-file-system-evasion-memory-only-registry-resident Show response
blog.barracuda.com/2023/12/01/ 44 KB
9 KB 271ms
66ms Document
text/html 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

20927593020931ba3c6a079c617c3d39f3e10652d02926534e0a8847298d844e

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 12394
Connection: keep-alive
Date: Fri, 05 Jan 2024 17:32:10 GMT
Strict-Transport-Security: max-age=31557600
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Cache: HIT
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-Served-By: cache-lhr7381-LHR
X-Timer: S1704475931.650717,VS0,VS0,VE1
cache-control: max-age=300,s-maxage=600,stale-while-revalidate=43200,stale-if-error=43200,public
content-encoding: gzip
content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-type: text/html;charset=utf-8
etag: W/"b1c6-60e33579cb9ce-gzip"
expires: Fri, 05 Jan 2024 14:10:36 GMT
last-modified: Fri, 05 Jan 2024 14:05:36 GMT
x-frame-options: SAMEORIGIN
x-vhost: publish

GET
H2 200 fui0ano.css
use.typekit.net/ 6 KB
1 KB 178ms
48ms Stylesheet
text/css 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/fui0ano.css

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

a0ab064e57ae58aa5e785a51416fa04a44bae33c08314181993a3d116495d940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Fri, 05 Jan 2024 17:32:10 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 907

GET
H/1.1 200
OK clientlib-base.lc-6fc2c04f1dbe10109e13db68ac49095b-lc.min.css
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/ 140 KB
10 KB 82ms
55ms Stylesheet
text/css 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-base.lc-6fc2c04f1dbe10109e13db68ac49095b-lc.min.css

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

880482ff98e9d99ec808fa09fb517f3a193c5922c03d093ccf5e064f9fdc6b50

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:10 GMT
Strict-Transport-Security: max-age=31557600
Age: 142271
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 9331
X-Served-By: cache-lhr7381-LHR
last-modified: Thu, 04 Jan 2024 02:00:59 GMT
X-Timer: S1704475931.745762,VS0,VS0,VE2
etag: W/"231ea-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: text/css;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK clientlib-legacy.lc-dd0d56361aab3d720da052a33c4a431e-lc.min.css
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/ 11 KB
3 KB 139ms
53ms Stylesheet
text/css 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-legacy.lc-dd0d56361aab3d720da052a33c4a431e-lc.min.css

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aecc3b952de368f386ea1f775346bd5276c41ce17a5b3c1704589101961480e3

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:10 GMT
Strict-Transport-Security: max-age=31557600
Age: 380382
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 2298
X-Served-By: cache-lhr7381-LHR
last-modified: Mon, 01 Jan 2024 07:52:29 GMT
X-Timer: S1704475931.804071,VS0,VS0,VE1
etag: W/"2d0b-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: text/css;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK clientlib-site.lc-b7062eaff0e5b40d5f5a8ea1534f820b-lc.min.css
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/ 483 KB
60 KB 157ms
56ms Stylesheet
text/css 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-site.lc-b7062eaff0e5b40d5f5a8ea1534f820b-lc.min.css

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

19549c09d56fbb274e74f85be667fa6664961e7efdb9e9ef43f93f4011a4712e

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:10 GMT
Strict-Transport-Security: max-age=31557600
Age: 57294
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 60276
X-Served-By: cache-lhr7364-LHR
last-modified: Fri, 05 Jan 2024 01:37:16 GMT
X-Timer: S1704475931.822526,VS0,VS0,VE2
etag: W/"78a91-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: text/css;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK clientlib-site.lc-5341c1694635edfffefa940a16daaee3-lc.min.css
blog.barracuda.com/etc.clientlibs/barracuda-blog/clientlibs/ 32 KB
7 KB 160ms
60ms Stylesheet
text/css 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-blog/clientlibs/clientlib-site.lc-5341c1694635edfffefa940a16daaee3-lc.min.css

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

899a718e8ce9bec7c3dbf9495ee83ede0b55e1575b37b270f1aab20660f6b820

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:10 GMT
Strict-Transport-Security: max-age=31557600
Age: 76474
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 5632
X-Served-By: cache-lhr7377-LHR
last-modified: Thu, 04 Jan 2024 20:17:36 GMT
X-Timer: S1704475931.825351,VS0,VS0,VE1
etag: W/"812b-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: text/css;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK logo_barracuda_primary_strapline_reversed.svg
blog.barracuda.com/content/dam/barracuda-corp/images/site/header/ 13 KB
5 KB 157ms
58ms Image
image/svg+xml 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.barracuda.com/content/dam/barracuda-corp/images/site/header/logo_barracuda_primary_strapline_reversed.svg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a7e02a0a20001e61e65143e4930b318068f09692f4d7079dc7f26e0020613059

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:10 GMT
Strict-Transport-Security: max-age=31557600
Age: 356
x-vhost: publish
X-Cache: HIT
content-disposition: inline
Connection: keep-alive
Content-Length: 4065
X-Served-By: cache-lhr7334-LHR
last-modified: Thu, 18 Aug 2022 11:35:09 GMT
X-Timer: S1704475931.823599,VS0,VS0,VE1
etag: "33d2-5e6825faf1540-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
H/1.1 200
OK file-system-evasion.jpg
blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/ 239 KB
240 KB 600ms
498ms Image
image/jpeg 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/file-system-evasion.jpg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

43ccd137975bf357e94674077ffaf2d46bbe8733b28e971056e4c9ea2a49a280

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com
Date: Fri, 05 Jan 2024 17:32:11 GMT
x-content-type-options: nosniff
Strict-Transport-Security: max-age=31557600
Age: 0
x-vhost: publish
X-Cache: MISS
content-disposition: inline
Connection: keep-alive
Content-Length: 245230
X-Served-By: cache-lhr7359-LHR
Last-Modified: Fri, 01 Dec 2023 18:56:32 GMT
X-Timer: S1704475931.828631,VS0,VS0,VE441
ETag: "0x8DBF29F3C07E8A3"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
H/1.1 200
OK jonathan_tanner.jpg
blog.barracuda.com/content/dam/barracuda-blog/images/2018/03/ 22 KB
23 KB 53ms
52ms Image
image/jpeg 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.barracuda.com/content/dam/barracuda-blog/images/2018/03/jonathan_tanner.jpg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

6da7a8abdaa18cf9fa8f134e1de315971a8340de92d155bfbf3e62b5494e8621

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com
Date: Fri, 05 Jan 2024 17:32:10 GMT
x-content-type-options: nosniff
Strict-Transport-Security: max-age=31557600
Content-MD5: Hhy33ygGm0DMYvAgz/eL2A==
Age: 35155
x-vhost: publish
X-Cache: HIT
content-disposition: inline
Connection: keep-alive
Content-Length: 22895
X-Served-By: cache-lhr7377-LHR
Last-Modified: Thu, 18 Aug 2022 14:37:12 GMT
X-Timer: S1704475931.883406,VS0,VS0,VE1
ETag: "0x8DA812723A5AAD7"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
H/1.1 200
OK malware-detection-remediation.jpg
blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/ 156 KB
157 KB 54ms
53ms Image
image/jpeg 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/malware-detection-remediation.jpg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

113cafa39568acba27f3f6ad96dcd5524e4287f6e8d4fdaf73404efb0f8b9b10

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com
Date: Fri, 05 Jan 2024 17:32:10 GMT
x-content-type-options: nosniff
Strict-Transport-Security: max-age=31557600
Age: 29523
x-vhost: publish
X-Cache: HIT
content-disposition: inline
Connection: keep-alive
Content-Length: 160006
X-Served-By: cache-lhr7377-LHR
Last-Modified: Thu, 21 Dec 2023 16:09:53 GMT
X-Timer: S1704475931.990917,VS0,VS0,VE3
ETag: "0x8DC023F4433FF7D"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
H/1.1 200
OK malware-prevention.jpg
blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/ 117 KB
118 KB 63ms
53ms Image
image/jpeg 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/malware-prevention.jpg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

03c30af9f99552ba2eff92617fdf160546d362aeb5885eba3592d25da5a31b56

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com
Date: Fri, 05 Jan 2024 17:32:11 GMT
x-content-type-options: nosniff
Strict-Transport-Security: max-age=31557600
Age: 98060
x-vhost: publish
X-Cache: HIT
content-disposition: inline
Connection: keep-alive
Content-Length: 119683
X-Served-By: cache-lhr7364-LHR
Last-Modified: Thu, 14 Dec 2023 23:34:42 GMT
X-Timer: S1704475931.088111,VS0,VS0,VE2
ETag: "0x8DBFCFD3FA38B68"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
H/1.1 200
OK rootkit-bootkit-malware.jpg
blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/ 407 KB
408 KB 55ms
55ms Image
image/jpeg 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/rootkit-bootkit-malware.jpg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

d9c5b7e0dad2a67c57b30b5561515f54299dcca29984917cd93fd0e03ff9fd91

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com
Date: Fri, 05 Jan 2024 17:32:11 GMT
x-content-type-options: nosniff
Strict-Transport-Security: max-age=31557600
Age: 12471
x-vhost: publish
X-Cache: HIT
content-disposition: inline
Connection: keep-alive
Content-Length: 416578
X-Served-By: cache-lhr7334-LHR
Last-Modified: Thu, 07 Dec 2023 17:28:59 GMT
X-Timer: S1704475931.197812,VS0,VS0,VE2
ETag: "0x8DBF749FFD1A33C"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
H/1.1 200
OK logic-bombs.jpg
blog.barracuda.com/content/dam/barracuda-blog/images/2023/11/ 162 KB
163 KB 52ms
52ms Image
image/jpeg 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.barracuda.com/content/dam/barracuda-blog/images/2023/11/logic-bombs.jpg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

30157fc7b6821278eee2e22d968e5f52dcd607803ea35d3cd62ad876d32afdcd

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com
Date: Fri, 05 Jan 2024 17:32:11 GMT
x-content-type-options: nosniff
Strict-Transport-Security: max-age=31557600
Age: 12472
x-vhost: publish
X-Cache: HIT
content-disposition: inline
Connection: keep-alive
Content-Length: 166318
X-Served-By: cache-lhr7377-LHR
Last-Modified: Wed, 22 Nov 2023 17:47:35 GMT
X-Timer: S1704475931.198153,VS0,VS0,VE1
ETag: "0x8DBEB831C58CEEE"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
H/1.1 200
OK container.lc-0a6aff292f5cc42142779cde92054524-lc.min.js Show response
blog.barracuda.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/ 1 KB
2 KB 61ms
51ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/container.lc-0a6aff292f5cc42142779cde92054524-lc.min.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c250924012fdc9ea9516b30650895201cd167dbd49c9d148924f30881abfa393

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 225330
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 491
X-Served-By: cache-lhr7334-LHR
last-modified: Wed, 03 Jan 2024 02:56:41 GMT
X-Timer: S1704475931.089217,VS0,VS0,VE0
etag: W/"4f7-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery.lc-7842899024219bcbdb5e72c946870b79-lc.min.js Show response
blog.barracuda.com/etc.clientlibs/clientlibs/granite/ 99 KB
36 KB 64ms
54ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/clientlibs/granite/jquery.lc-7842899024219bcbdb5e72c946870b79-lc.min.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0d49752a7a7d93d7e459fc189c58d305b9aa7d2b9bd923ac663a1548945bd12e

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 233856
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 35799
X-Served-By: cache-lhr7381-LHR
last-modified: Wed, 03 Jan 2024 00:34:35 GMT
X-Timer: S1704475931.090931,VS0,VS0,VE3
etag: W/"18bc9-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK clientlib-base.lc-ca9a45243f50f2821aa1efd7065074d7-lc.min.js Show response
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/ 397 KB
86 KB 72ms
63ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-base.lc-ca9a45243f50f2821aa1efd7065074d7-lc.min.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5d9788646c01ec15dec9fe42bc9435d6bc84ed63aed58276c2dd92780a62ddda

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 74295
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 86431
X-Served-By: cache-lhr7353-LHR
last-modified: Thu, 04 Jan 2024 20:53:56 GMT
X-Timer: S1704475931.099055,VS0,VS0,VE2
etag: W/"633e4-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK clientlib-legacy.lc-a50230cbb3a00f09c046fbf400ce09e7-lc.min.js Show response
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/ 735 B
2 KB 51ms
50ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-legacy.lc-a50230cbb3a00f09c046fbf400ce09e7-lc.min.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

63bd6f8c19a70f0f46588e5dbc4a872b429a5e8a1f17f82453c34b1f14e833c6

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 1098131
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 485
X-Served-By: cache-lhr7334-LHR
last-modified: Sun, 24 Dec 2023 00:30:00 GMT
X-Timer: S1704475931.145555,VS0,VS0,VE0
etag: W/"2df-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK clientlib-site.lc-c0597e97fe905137d0dd02f3c07c96e3-lc.min.js Show response
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/ 126 KB
45 KB 50ms
50ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-site.lc-c0597e97fe905137d0dd02f3c07c96e3-lc.min.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c5f4c758c56da0e200a02337c176da0ab24cdacb89e85cf655e8ffd6a916e005

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 63827
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 44807
X-Served-By: cache-lhr7377-LHR
last-modified: Thu, 04 Jan 2024 23:48:23 GMT
X-Timer: S1704475931.145415,VS0,VS0,VE0
etag: W/"1f994-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK clientlib-site.lc-bd076243bba912aa9aef0ddfc05b23a9-lc.min.js Show response
blog.barracuda.com/etc.clientlibs/barracuda-blog/clientlibs/ 92 KB
33 KB 58ms
57ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-blog/clientlibs/clientlib-site.lc-bd076243bba912aa9aef0ddfc05b23a9-lc.min.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1636daeadf68320a8ff084924ab12632028d06a02bcb2de4febd953b14ab074b

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 1143055
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 32917
X-Served-By: cache-lhr7381-LHR
last-modified: Sat, 23 Dec 2023 12:01:16 GMT
X-Timer: S1704475931.199489,VS0,VS0,VE1
etag: W/"1705b-2386f26fb1bdc0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 150ms
41ms Stylesheet
text/css 2a02:26f0:480:f::213:7edb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=fui0ano&ht=tk&f=139.169.173.175.5474.25136.2028.2030&a=85669855&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fui0ano.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7edb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:10 GMT
last-modified: Sun, 10 Sep 2023 12:39:23 GMT
server: nginx
etag: "64fdb8fb-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 213 KB
77 KB 155ms
57ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5ZTMGHH

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

51c90151ae5d4cc09b6322953957a9f31a0e773817b9fd59b0145881f462932d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78237
x-xss-protection: 0
last-modified: Fri, 05 Jan 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Jan 2024 17:32:11 GMT

GET
H2 200 subscribe-blog Show response
app.barracuda.com/iframe/ Frame D653 192 KB
32 KB 521ms
385ms Document
text/html 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/iframe/subscribe-blog?lang=en

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

2a8dd9b726407a57295a4610f42f2a0381337815b0f5db6131a9c89c23597718

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.barracuda.com https://author-p42007-e184970.adobeaemcloud.com https://lp.barracudamsp.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.barracuda.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: https://blog.barracuda.com
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
content-encoding: gzip
content-length: 31424
content-security-policy: frame-ancestors 'self' https://*.barracuda.com https://author-p42007-e184970.adobeaemcloud.com https://lp.barracudamsp.com
content-type: text/html; charset=UTF-8
date: Fri, 05 Jan 2024 17:32:11 GMT
expires: Fri, 05 Jan 2024 17:32:11 GMT
last-modified: Wed, 03 Jan 2024 17:32:11 GMT
pragma: no-cache
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-id: X8P6f7115CEVsdneTz-YRtVIHvH54Oooi2mjvVxBn6St2-aFi47wgA==
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 blog-subscribe-sidebar Show response
app.barracuda.com/iframe/ Frame 4ED0 192 KB
32 KB 620ms
486ms Document
text/html 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

3af87ea3baa934c23b40ec03e53ba0b75c9303cd27c07a601c96c41597cf2316

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.barracuda.com https://author-p42007-e184970.adobeaemcloud.com https://lp.barracudamsp.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.barracuda.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: https://blog.barracuda.com
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
content-encoding: gzip
content-length: 31444
content-security-policy: frame-ancestors 'self' https://*.barracuda.com https://author-p42007-e184970.adobeaemcloud.com https://lp.barracudamsp.com
content-type: text/html; charset=UTF-8
date: Fri, 05 Jan 2024 17:32:11 GMT
expires: Fri, 05 Jan 2024 17:32:11 GMT
last-modified: Wed, 03 Jan 2024 17:32:11 GMT
pragma: no-cache
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-id: 0rWuhpmmPpg48J8nkH2MR7Pz8sKnLMMKy097mlsqkzCHxWmwxn5fxA==
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK jonathan_tanner.jpg
blog.barracuda.com/content/dam/barracuda-blog/images/2018/03/ 22 KB
23 KB 51ms
50ms Other
image/jpeg 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/content/dam/barracuda-blog/images/2018/03/jonathan_tanner.jpg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

6da7a8abdaa18cf9fa8f134e1de315971a8340de92d155bfbf3e62b5494e8621

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com
Date: Fri, 05 Jan 2024 17:32:11 GMT
x-content-type-options: nosniff
Strict-Transport-Security: max-age=31557600
Content-MD5: Hhy33ygGm0DMYvAgz/eL2A==
Age: 35155
x-vhost: publish
X-Cache: HIT
content-disposition: inline
Connection: keep-alive
Content-Length: 22895
X-Served-By: cache-lhr7364-LHR
Last-Modified: Thu, 18 Aug 2022 14:37:12 GMT
X-Timer: S1704475931.290079,VS0,VS0,VE1
ETag: "0x8DA812723A5AAD7"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
H/1.1 200
OK malware-detection-remediation.jpg
blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/ 156 KB
157 KB 62ms
62ms Other
image/jpeg 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/content/dam/barracuda-blog/images/2023/12/malware-detection-remediation.jpg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

113cafa39568acba27f3f6ad96dcd5524e4287f6e8d4fdaf73404efb0f8b9b10

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com
Date: Fri, 05 Jan 2024 17:32:11 GMT
x-content-type-options: nosniff
Strict-Transport-Security: max-age=31557600
Age: 29524
x-vhost: publish
X-Cache: HIT
content-disposition: inline
Connection: keep-alive
Content-Length: 160006
X-Served-By: cache-lhr7353-LHR
Last-Modified: Thu, 21 Dec 2023 16:09:53 GMT
X-Timer: S1704475931.319725,VS0,VS0,VE1
ETag: "0x8DC023F4433FF7D"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
DATA 200
OK truncated
/ 378 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b825cc32ded55e1caa04b70f4b7f0f3010cfbbff4e1d89a035666b649ba2f782

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 235 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7abff666ecb3f4aa7ceb076cc27af4f404c83ad375b76b6aa1a999e844c6adb9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 381 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 330fd6d564dff1313d98d4b80e4f7244d1ea1adfd8ea65b4f0bcc34d424137ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 982 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c38f95e28cdb0a26e5e8db009f2e2b39a23c8a055b31ee9f61a9033c4ea4b057

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 499 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5abdd6df1d760db1c6749fd92ce2d8a037cb411bc4849da3277cbedab35b8f5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 457 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11d4663fa8f7dac0dc4d7097686c359a3771c4545fc050100f36e961874ec508

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK sheen.jpeg
blog.barracuda.com/content/dam/barracuda-blog/common/ 118 KB
119 KB 78ms
51ms Image
image/jpeg 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.barracuda.com/content/dam/barracuda-blog/common/sheen.jpeg

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

964b08d9a425ae147571d62dfabfef171b5882b94607e9137f42e17f6825cf4d

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com
Date: Fri, 05 Jan 2024 17:32:11 GMT
x-content-type-options: nosniff
Strict-Transport-Security: max-age=31557600
Content-MD5: Y4QVt5JKCqEjaAVCrRLZCA==
Age: 24172
x-vhost: publish
X-Cache: HIT
content-disposition: inline
Connection: keep-alive
Content-Length: 120677
X-Served-By: cache-lhr7364-LHR
Last-Modified: Thu, 25 Aug 2022 05:26:53 GMT
X-Timer: S1704475931.189190,VS0,VS0,VE2
ETag: "0x8DA865A6BA1B974"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200,s-maxage=86400,stale-while-revalidate=43200,stale-if-error=43200,public
Accept-Ranges: bytes

GET
H2 200 l
use.typekit.net/af/efe4a5/00000000000000007735e609/30/ 29 KB
29 KB 177ms
81ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/efe4a5/00000000000000007735e609/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fui0ano.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: c4d04d2b6a041dde11c80d8332f983a58c1031c663ab4f42230899cb82adf4a7

Request headers

Referer: https://use.typekit.net/fui0ano.css
Origin: https://blog.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
server: nginx
etag: "6aeae62b893768150f3460329dc461358e8ab2f5"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 29820

GET
H2 200 l
use.typekit.net/af/23e139/00000000000000007735e605/30/ 30 KB
30 KB 221ms
128ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/23e139/00000000000000007735e605/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fui0ano.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 38e9ade7cb9f7a31a4525f2a70c4bdd2529340926202641bbbda8d655df8c0c3

Request headers

Referer: https://use.typekit.net/fui0ano.css
Origin: https://blog.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
server: nginx
etag: "a21f48c40e7bf9dfada3e63deed3f84d0cf8b79b"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 30440

GET
H2 200 l
use.typekit.net/af/1be3c2/00000000000000007735e606/30/ 29 KB
29 KB 213ms
121ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1be3c2/00000000000000007735e606/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fui0ano.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 34983ec5da74c95f7b9aba9e7abd42ca76b95cde4c06f476f6bfeb5547bd85ef

Request headers

Referer: https://use.typekit.net/fui0ano.css
Origin: https://blog.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
server: nginx
etag: "174f4ede5c586799404565373f175cfaf1562181"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 30008

GET
H2 200 l
use.typekit.net/af/78aca8/00000000000000007735e60d/30/ 29 KB
29 KB 180ms
88ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/78aca8/00000000000000007735e60d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fui0ano.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b07871da02311868c31ab6ac5a4e78cc877f118acd854857f6f51519f3ddbbc9

Request headers

Referer: https://use.typekit.net/fui0ano.css
Origin: https://blog.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
server: nginx
etag: "1d1aed9a298449b26ef6d57c78caa88b6b5de306"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 29764

GET
H2 200 trackable.js Show response
ext.chtbl.com/ 4 KB
4 KB 168ms
40ms Script
application/javascript 2600:9000:2646:d400:a:b27c:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ext.chtbl.com/trackable.js
Requested by: Host: blog.barracuda.com
URL: https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-legacy.lc-a50230cbb3a00f09c046fbf400ce09e7-lc.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2646:d400:a:b27c:d040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27dc4f62298834987d3d8e5608c1af94c82ee3d18ee31858d39e0202697b5308

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:11:01 GMT
via: 1.1 628e5146add9b3daeb91ab8792398818.cloudfront.net (CloudFront)
last-modified: Fri, 12 Feb 2021 20:28:32 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P5
age: 1271
etag: "4a494dbb82444463b6fd8bff0e5593d6"
x-cache: Hit from cloudfront
content-type: application/javascript;charset=UTF-8
cache-control: max-age=3600
accept-ranges: bytes
content-length: 4092
x-amz-cf-id: U-QEIUfTHVJbHmo_738uKvkj91WhU3xGKHN2NY7cCpUC8V23O1GlLQ==

GET printfriendly.js
cdn.printfriendly.com/ 0
0

GET
H/1.1 200
OK 9138-198428ac768f242a58c1.js Show response
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-dynamic-modules/resources/ 1 KB
2 KB 54ms
53ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-dynamic-modules/resources/9138-198428ac768f242a58c1.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-site.lc-c0597e97fe905137d0dd02f3c07c96e3-lc.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abca86efdf0b1aafabb4e60d904de64e144f9a84020cbe9914e6c945a4d5d87b

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 149852
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 612
X-Served-By: cache-lhr7381-LHR
last-modified: Wed, 03 Jan 2024 23:10:11 GMT
X-Timer: S1704475931.431583,VS0,VS0,VE1
etag: "47a-60e12b77ebac0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK 7878-a5b49f2554d91c8611bc.js Show response
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-dynamic-modules/resources/ 1018 B
2 KB 50ms
50ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-dynamic-modules/resources/7878-a5b49f2554d91c8611bc.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-site.lc-c0597e97fe905137d0dd02f3c07c96e3-lc.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ee536a0a449e09427b5693405097b4dc758bceed3e4cc35bd53a7ef83218b279

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 2178876
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 523
X-Served-By: cache-lhr7377-LHR
last-modified: Sat, 09 Dec 2023 01:35:29 GMT
X-Timer: S1704475931.430951,VS0,VS0,VE0
etag: "3fa-60c09b7411a40-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK 2702-a8ed155b73bb214a01bc.js Show response
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-dynamic-modules/resources/ 700 B
2 KB 56ms
55ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-dynamic-modules/resources/2702-a8ed155b73bb214a01bc.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-site.lc-c0597e97fe905137d0dd02f3c07c96e3-lc.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

dfbb960bd83d748588476e7e26fc34b8ab093c3cb762b60268a8ce66350f283f

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 133649
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 449
X-Served-By: cache-lhr7364-LHR
last-modified: Thu, 04 Jan 2024 03:15:15 GMT
X-Timer: S1704475931.435209,VS0,VS0,VE1
etag: "2bc-60e1623ebf6c0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK 4144-51ebc42342c0a14800f9.js Show response
blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-dynamic-modules/resources/ 748 B
2 KB 81ms
81ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-dynamic-modules/resources/4144-51ebc42342c0a14800f9.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/etc.clientlibs/barracuda-core/clientlibs/clientlib-site.lc-c0597e97fe905137d0dd02f3c07c96e3-lc.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

29abb1fb7cf50134f1124d0250ebf84ca38c8be090b37b0432d4f137c1c2fd31

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 227001
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 409
X-Served-By: cache-lhr7377-LHR
last-modified: Wed, 03 Jan 2024 01:00:46 GMT
X-Timer: S1704475931.498095,VS0,VS0,VE15
etag: "2ec-60e0025216b80-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H/1.1 200
OK 909-2e5a8f80790110bfde3f.js Show response
blog.barracuda.com/etc.clientlibs/barracuda-blog/clientlibs/clientlib-dynamic-modules/resources/ 4 KB
3 KB 56ms
56ms Script
application/javascript 4.234.25.19
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.barracuda.com/etc.clientlibs/barracuda-blog/clientlibs/clientlib-dynamic-modules/resources/909-2e5a8f80790110bfde3f.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/etc.clientlibs/barracuda-blog/clientlibs/clientlib-site.lc-bd076243bba912aa9aef0ddfc05b23a9-lc.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

4.234.25.19 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c40da8018356b16f1cb78babdfe38139c129d453b965fd6d0d9d8c637c063ca6

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: frame-src 'self' app.qa.barracuda.com app.barracuda.com *.facebook.com *.youtube.com *.vidyard.com unpkg.com, script-src 'self' 'unsafe-inline' assets.adobedtm.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.searchcdn.com *.vidyard.com *.hotjar.com unpkg.com
content-encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 05 Jan 2024 17:32:11 GMT
Strict-Transport-Security: max-age=31557600
Age: 16200
x-vhost: publish
X-Cache: HIT
Connection: keep-alive
Content-Length: 1413
X-Served-By: cache-lhr7381-LHR
last-modified: Fri, 05 Jan 2024 00:44:10 GMT
X-Timer: S1704475931.489036,VS0,VS0,VE1
etag: "ef9-60e2825726a80-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,stale-while-revalidate=43200,stale-if-error=43200,public,immutable
Accept-Ranges: bytes

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 147ms
53ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5ZTMGHH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 17:32:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: FWT01iLvZ++xUAz3aesSug==
age: 44621
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Thu, 04 Jan 2024 21:06:28 GMT
server: cloudflare
etag: 0x8DC0D69051ECA4A
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: cdf020d4-701e-0068-5a84-3f5f13000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840d758c08cb3a61-FRA

GET
H2 200 kNx4tRUU.min.js Show response
tag.demandbase.com/ 74 KB
21 KB 209ms
99ms Script
application/javascript 108.157.4.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/kNx4tRUU.min.js

Requested by

Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.125 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-125.dus51.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0b79e8c3dcb7aeea8f62e4e2e695e60dbf779fe5a3595565cc856a70d1e576aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: lulR44W5BAtEz.Ly47i0y6XYwweCtzhY
content-encoding: gzip
via: 1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
date: Fri, 05 Jan 2024 16:52:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: DUS51-P2
age: 2364
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 11 Dec 2023 18:25:20 GMT
server: AmazonS3
etag: W/"16d1ea1411872e88d0769ca274b127e8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id: NCnSccHDVYtQexdXS6-IKtvCV9fW1XSSW5iWUNljygTY3rWY8hex4A==

GET
DATA 200
OK truncated
/ 403 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2425711604ea242bbe21daa15ae93b57916cd24f2b7df7637dd7a9786fdf189a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

POST track
web.chtbl.com/ 0
0

OPTIONS
H2 503 track
web.chtbl.com/ Frame 0
0 287ms
152ms Preflight
text/html 2600:9000:2176:9000:0:cc59:3900:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://web.chtbl.com/track
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2176:9000:0:cc59:3900:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: awselb/2.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://blog.barracuda.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-length: 564
content-type: text/html
date: Fri, 05 Jan 2024 17:32:11 GMT
server: awselb/2.0
via: 1.1 7547a9346c879171aa25dbfdda694b20.cloudfront.net (CloudFront)
x-amz-cf-id: 3Cut8omSJwhUPTkHqKY_g4yPz6OZ0JX95OV90NefNHEMsZ7p6S7kxQ==
x-amz-cf-pop: MXP64-C3
x-cache: Error from cloudfront

GET
H2 200 aee8f648-186a-4267-b808-6efdd7d84e9c.json Show response
cdn.cookielaw.org/consent/aee8f648-186a-4267-b808-6efdd7d84e9c/ 4 KB
2 KB 143ms
60ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/aee8f648-186a-4267-b808-6efdd7d84e9c/aee8f648-186a-4267-b808-6efdd7d84e9c.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6c9e7bc71a69020f203ec5a114f610838ce65bdfb18aa9540666cef71974151

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 17:32:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 23848
content-md5: X03Nb0lg9tgYRJwyQNj+5w==
content-length: 1582
x-ms-lease-status: unlocked
last-modified: Tue, 26 Jul 2022 18:21:34 GMT
server: cloudflare
etag: 0x8DA6F33ABAD4255
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 12ea3bce-401e-0073-2977-136110000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840d758cee85925f-FRA
expires: Sat, 06 Jan 2024 17:32:11 GMT

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 149ms
48ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: blog.barracuda.com
URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 ip.json Show response
api.company-target.com/api/v2/ 460 B
954 B 188ms
85ms XHR
application/json 13.227.219.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fblog.barracuda.com%2F2023%2F12%2F01%2Fmalware-101-file-system-evasion-memory-only-registry-resident&page_title=Malware%20101%3A%20File%20system%20evasion%20%E2%80%94%20memory-only%20and%20registry-resident
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/kNx4tRUU.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-42.ams54.r.cloudfront.net
Software: nginx /
Resource Hash: 6e4508938da05ea4e6455403e63617ff7f46ef761ca693bb567b089d1a35fd9e

Request headers

Referer: https://blog.barracuda.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
identification-source: CENTRAL
content-encoding: gzip
via: 1.1 edd6d90087c4f2b49e182778a2273adc.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-cache: Miss from cloudfront
request-id: 6b0d62a0-db53-414c-86c3-b4cd25dce4b3
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.barracuda.com
access-control-expose-headers: x-amz-cf-id
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hbCpl6E62k44MIKbXDkYyQ0Q0A9oL-UkvPVPHopV0jcHZDBcBCuNVA==
expires: Thu, 04 Jan 2024 17:32:11 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
295 B 154ms
59ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://blog.barracuda.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 840d758dea9f18e0-FRA
access-control-allow-headers: Content-Type

GET
H2 200 cuda.validator.js Show response
app.barracuda.com/js/cuda/ Frame 4ED0 25 KB
7 KB 345ms
343ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.validator.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6ffa07d2a244da24e7330335e14c1c7be5cff1477cfa8bf2baa33cefce5e5e04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 6380
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "62d5-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: BmIpuL3fOdg2qts4I5lbI1Bxz4PtR7sUo0EugcKJqf-hoAiDCH8EzQ==
expires: Sat, 04 Jan 2025 17:32:11 GMT

GET
H2 200 cuda.ajax.js Show response
app.barracuda.com/js/cuda/ Frame 4ED0 2 KB
1 KB 343ms
341ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.ajax.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ab24c94a6c443c60e36e879960bf136e69dc08402883c0292d3a44a8da98474a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 910
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "962-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: RTlbjBx6miCMQih3IHK5DMgy6JIV0vrTIeR_hRSF552RF68qJey7FA==
expires: Sat, 04 Jan 2025 17:32:11 GMT

GET
H2 200 cuda.ajax_promise.js Show response
app.barracuda.com/js/cuda/ Frame 4ED0 8 KB
3 KB 346ms
345ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.ajax_promise.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

a8ac87a96a84d65c3fa7fe825042545627dc24730ccfbc16582b97efdc785c50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 2237
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "1fd4-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: KToz9m2BUgcftN2jGxt9AL25rW0JVUmBsLv9ziveCZ5lk7KCb6lbzA==
expires: Sat, 04 Jan 2025 17:32:11 GMT

GET
H2 200 cuda.submit_btn_animator.js Show response
app.barracuda.com/js/cuda/ Frame 4ED0 2 KB
1 KB 342ms
340ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.submit_btn_animator.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6f4a9a6d7d17b485daf9995ce913842473dff469dd74fa8fe2b730471f000eaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 969
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "860-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: RmFAQpT8UoIiFSjQbUohHPEo-gRB8JK9GnA7R6Poqsf78guaR1JpIA==
expires: Sat, 04 Jan 2025 17:32:11 GMT

GET
H2 200 cuda.clearbit.js Show response
app.barracuda.com/js/cuda/ Frame 4ED0 6 KB
1 KB 347ms
346ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.clearbit.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

659ea9f7ac5d3c9037da23d13f85498a55c6d386c637dd2999bbcbc904084cd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 973
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "1872-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: i41DDVXwHApjtLAQ7mp1MeeM_9IfZb8y40EyPzNJZkftWODZ5nKLFA==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 proxima-nova400.woff2
app.barracuda.com/css/cuda/fonts/optimize/ Frame 4ED0 32 KB
32 KB 342ms
341ms Font
font/woff2 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/css/cuda/fonts/optimize/proxima-nova400.woff2

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ceb4ce0bba67a12e21af094eb24293d7ea8bffaffc237a1cd90394c7588eaec9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en
Origin: https://app.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 32696
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "7fb0-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: fPKdmrrzCzmuYvPkufLPPOzxP9ZuYMaBptBDEro_ot4IRLPQX7VLGA==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 proxima-nova600.woff2
app.barracuda.com/css/cuda/fonts/optimize/ Frame 4ED0 32 KB
33 KB 454ms
453ms Font
font/woff2 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/css/cuda/fonts/optimize/proxima-nova600.woff2

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ae55c313220f063fdb3dc157a89a22e6a20a400cdd5b639a5aabfa4ae91e476a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.barracuda.com/iframe/blog-subscribe-sidebar?lang=en
Origin: https://app.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 33119
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "8164-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 1MxpV8wGlmNXEHadqkDq2oZEyrnzQly0PnyyCSumHCGMDSk5CM3K6A==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 proxima-nova400.woff2
app.barracuda.com/css/cuda/fonts/optimize/ Frame D653 32 KB
32 KB 547ms
546ms Font
font/woff2 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/css/cuda/fonts/optimize/proxima-nova400.woff2

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/subscribe-blog?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ceb4ce0bba67a12e21af094eb24293d7ea8bffaffc237a1cd90394c7588eaec9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.barracuda.com/iframe/subscribe-blog?lang=en
Origin: https://app.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 32696
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "7fb0-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: -HT3eaw2ylYjDKLGxXelgxXmjcRN8ftd47y4AnepiHdkHRMf9yXqwg==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 proxima-nova600.woff2
app.barracuda.com/css/cuda/fonts/optimize/ Frame D653 32 KB
33 KB 559ms
559ms Font
font/woff2 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/css/cuda/fonts/optimize/proxima-nova600.woff2

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/subscribe-blog?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ae55c313220f063fdb3dc157a89a22e6a20a400cdd5b639a5aabfa4ae91e476a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.barracuda.com/iframe/subscribe-blog?lang=en
Origin: https://app.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 33119
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "8164-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: PnVsMzzjFeH3XlGCtdngBzJWyzTavQHu99jTwRiOCNekmNCsyIZ5OA==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 proxima-nova300.woff2
app.barracuda.com/css/cuda/fonts/optimize/ Frame D653 32 KB
32 KB 443ms
443ms Font
font/woff2 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/css/cuda/fonts/optimize/proxima-nova300.woff2

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/subscribe-blog?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

b87ef2efd898acfddc8308449b24a558eca1e77f8e66802f03fab8c5d063d92a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.barracuda.com/iframe/subscribe-blog?lang=en
Origin: https://app.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 32388
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "7e7c-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: mk8-E8fa0X7JKJ1t6m3ZBYo61Mm1laHAGbWBFCGO-yy6_0I5TobRmw==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 cuda.validator.js Show response
app.barracuda.com/js/cuda/ Frame D653 25 KB
7 KB 339ms
339ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.validator.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/subscribe-blog?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6ffa07d2a244da24e7330335e14c1c7be5cff1477cfa8bf2baa33cefce5e5e04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/subscribe-blog?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 6380
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "62d5-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: NE8SWadrNJ3GfRebOeVgENWuDfJreP8Xaw1Q1OYzmz_OwH8ilY-T2A==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 cuda.ajax.js Show response
app.barracuda.com/js/cuda/ Frame D653 2 KB
1 KB 448ms
447ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.ajax.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/subscribe-blog?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ab24c94a6c443c60e36e879960bf136e69dc08402883c0292d3a44a8da98474a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/subscribe-blog?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 910
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "962-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 3_FaIDGi17pjW3x_3QoysUEfn9qyLJv_cQYe1P4flfDsNNJr4bbXuQ==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 cuda.ajax_promise.js Show response
app.barracuda.com/js/cuda/ Frame D653 8 KB
3 KB 449ms
448ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.ajax_promise.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/subscribe-blog?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

a8ac87a96a84d65c3fa7fe825042545627dc24730ccfbc16582b97efdc785c50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/subscribe-blog?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 2237
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "1fd4-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: jACaiBpQqL9tEUXhFLpuIgvsaVV-VDbPME9Bj6xgSqcySqWooZO3tA==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 cuda.submit_btn_animator.js Show response
app.barracuda.com/js/cuda/ Frame D653 2 KB
1 KB 447ms
446ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.submit_btn_animator.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/subscribe-blog?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6f4a9a6d7d17b485daf9995ce913842473dff469dd74fa8fe2b730471f000eaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/subscribe-blog?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 969
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "860-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: pbksV0b9lyw3lmcqc38nuSyeU6y84B-Xz6umrRTsWYkcT3eqHKA1Bg==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 cuda.clearbit.js Show response
app.barracuda.com/js/cuda/ Frame D653 6 KB
1 KB 339ms
338ms Script
application/javascript 2600:9000:2240:e600:14:fd89:5ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.barracuda.com/js/cuda/cuda.clearbit.js?v=1704393657

Requested by

Host: app.barracuda.com
URL: https://app.barracuda.com/iframe/subscribe-blog?lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:e600:14:fd89:5ac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

659ea9f7ac5d3c9037da23d13f85498a55c6d386c637dd2999bbcbc904084cd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.barracuda.com/iframe/subscribe-blog?lang=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
content-length: 973
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Jan 2024 18:40:57 GMT
server: Apache
etag: "1872-60e23127ba040-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 5H_pSzzS86xNeZACU3_MVJUp_GDmJb_z5QtyLPwvCbhVpeiwKnffLQ==
expires: Sat, 04 Jan 2025 17:32:12 GMT

GET
H2 200 bg9s Show response
tag-logger.demandbase.com/ 0
419 B 236ms
126ms XHR
text/html 2600:9000:2449:bc00:1d:8d6d:3b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=hbCpl6E62k44MIKbXDkYyQ0Q0A9oL-UkvPVPHopV0jcHZDBcBCuNVA==&api-version=v2
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/kNx4tRUU.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2449:bc00:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
date: Fri, 05 Jan 2024 12:28:26 GMT
via: 1.1 c88ca2a75ca16a71cee4beefb2f6e6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 18240
x-amz-server-side-encryption: AES256
x-cache: Error from cloudfront
content-length: 0
last-modified: Tue, 07 Mar 2023 20:47:02 GMT
server: AmazonS3
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: AEblcKDz3rOsc9-kpCwvqw31ikLkgRqHOHwzvXCoHbI0gYHKr_13ZQ==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.5.0/ 325 KB
68 KB 53ms
52ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d139c3756ba4ea4e4672c12645de4977faa9ba7e0d550931d2086338fd72dfe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 17:32:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: AvbD4VHYe4H/QnyU6j8v5w==
age: 46055
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 69711
x-ms-lease-status: unlocked
last-modified: Thu, 27 Aug 2020 03:43:22 GMT
server: cloudflare
etag: 0x8D84A3B58DE8819
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 559cf6fc-501e-00a4-275f-143025000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840d758e4b753a61-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/aee8f648-186a-4267-b808-6efdd7d84e9c/a114c985-c2d1-49be-bbb7-248350861ed8/ 136 KB
23 KB 55ms
54ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/aee8f648-186a-4267-b808-6efdd7d84e9c/a114c985-c2d1-49be-bbb7-248350861ed8/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

625b05d59aadc6b5356b8b238108a1fcdf330275186ba33132cadb1237b1cd8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 66100
content-md5: gqN02mF+RQH+Omef7ox9FQ==
content-length: 23386
x-ms-lease-status: unlocked
last-modified: Tue, 26 Jul 2022 18:21:37 GMT
server: cloudflare
etag: 0x8DA6F33ADA1A209
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 45c7d938-a01e-009f-6f87-e37581000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840d758efff6925f-FRA
expires: Sat, 06 Jan 2024 17:32:12 GMT

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/6.5.0/assets/ 9 KB
3 KB 52ms
52ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.5.0/assets/otCenterRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4002d856e575601b351be144c9d7e4e6977286644fede72a7de1638844722aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 3ZrBbr/xQHzp7Lx6ANEcZw==
age: 66100
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2778
x-ms-lease-status: unlocked
last-modified: Thu, 27 Aug 2020 03:43:17 GMT
server: cloudflare
etag: 0x8D84A3B55C93760
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 49f56aaa-a01e-0026-08ef-eb719b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840d758f585d925f-FRA

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/6.5.0/assets/ 57 KB
14 KB 51ms
51ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.5.0/assets/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ea7f0a7844cada198d1e8a28343cc081d3631c716c9dd53d889e4b7feae04ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.barracuda.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 17:32:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: C3H4UUH4EphFQbkR0Bpbhg==
age: 66100
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14112
x-ms-lease-status: unlocked
last-modified: Thu, 27 Aug 2020 03:43:18 GMT
server: cloudflare
etag: 0x8D84A3B56497C4B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 276f099f-b01e-0058-6d33-0de1dc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 840d758f585f925f-FRA

GET
H2 200 l
use.typekit.net/af/2555e1/00000000000000007735e603/30/ 30 KB
30 KB 45ms
44ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2555e1/00000000000000007735e603/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fui0ano.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a33128c94dd3c425bc3f4a9ba389a1f3d7a75233e8cb788ea80f8f43a3d68423

Request headers

Referer: https://use.typekit.net/fui0ano.css
Origin: https://blog.barracuda.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 17:32:12 GMT
server: nginx
etag: "09d1a94c81035c62708e0a513ee76d7886d15a25"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 30704

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.printfriendly.com
URL: https://cdn.printfriendly.com/printfriendly.js

Domain: web.chtbl.com
URL: https://web.chtbl.com/track

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.barracuda.com/	1970-01-20 17:29:22	Name: cuda_lang_code Value: en
blog.barracuda.com/	1970-01-21 02:14:58	Name: _wchtbl_uid Value: 6ae3b649-7036-425f-ac8f-db60338aacb1
blog.barracuda.com/	1969-12-31 23:59:59	Name: _wchtbl_sid Value: 5c92efc4-8251-427c-80bc-f20bc205dcd0
app.barracuda.com/	1969-12-31 23:59:59	Name: barracuda_lang_code Value: en
app.barracuda.com/	1969-12-31 23:59:59	Name: barracuda_barracuda_referer Value: https%3A%2F%2Fblog.barracuda.com%2F
app.barracuda.com/	1969-12-31 23:59:59	Name: barracuda_tracking_query_string Value: lang%3Den
app.barracuda.com/	1970-01-20 17:28:03	Name: barracuda_ci_csrf_token Value: a3fb5a1475731fd7f2131eb88129563d
app.barracuda.com/	1969-12-31 23:59:59	Name: barracuda_ci_session Value: UGcKM1o2UT8AdABwUzxZP1xlBTxRI1J%2FDzBdJQV9Az4CagE%2BUV9eNlJgV3YIa1N0AjcGNgZhBWgPJFhiVjFSb100DDJRYwExBGVWYgxsXGlQZQpoWjNRNABrADRTY1k8XGIFN1E4Um8PYF1kBT0DZAI8AWhRYV49UmVXdghrU3QCNwY0BmMFaA8kWDJWdlJTXWYMY1E%2BAScEZlZ0DC5cf1A9CnpaOFE0ADsAOVMkWT9cZQU2US9SPQ9lXWcFIANiAjcBflEyXm1SMFd2CGtTdAI3BjQGYwVoDyRYLlZ1UmlddQxYUTsBMgRmVmkMKVx%2FUD0Kelo4UTAAPwA5UyRZQ1w6BXxRaFJgDzldNwUhA2ICKwFgUSBed1JTVz0IPlNjAmIGcgYgBXIPSFgPViZSPV03DClRagFuBCNWUAw0XDNQMAo9WjlRJQB3ADVTMlknXHUFR1FxUnwPOV0zBVkDMgJnAXJRO14sUj5XZQhjUz0CLwZpBjIFIQ9yWARWZ1JvXXMMblEsATwEd1Z%2BDH9cZlBvCjNaM1EyAD8AN1MyWTlcYAU%2FUTJSPQ9uXSs%3D
app.barracuda.com/	1969-12-31 23:59:59	Name: barracuda_new_locale Value: country_code%0Ade%0Astate_code%0A%FF0%FF%0Aregion_code%0Aemea%0Alang_code%0Aen%0A
.barracuda.com/	1970-01-21 02:13:31	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Fri+Jan+05+2024+18%3A32%3A12+GMT%2B0100+(Central+European+Standard+Time)&version=6.5.0&hosts=&landingPath=https%3A%2F%2Fblog.barracuda.com%2F2023%2F12%2F01%2Fmalware-101-file-system-evasion-memory-only-registry-resident&groups=C0001%3A1%2CC0005%3A0%2CC0002%3A0%2CC0004%3A0%2CC0003%3A0

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident Message: Refused to load the script 'https://cdn.printfriendly.com/printfriendly.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com *.hotjar.com unpkg.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://tag.demandbase.com/ Message: Refused to frame 'https://s.company-target.com/' because it violates the following Content Security Policy directive: "frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com *.vidyard.com unpkg.com".
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()
javascript	error	URL: https://blog.barracuda.com/2023/12/01/malware-101-file-system-evasion-memory-only-registry-resident Message: Access to XMLHttpRequest at 'https://web.chtbl.com/track' from origin 'https://blog.barracuda.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.chtbl.com/track Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-src 'self' app.qa.barracuda.com app.barracuda.com .facebook.com .youtube.com .vidyard.com unpkg.com script-src 'self' 'unsafe-inline' assets.adobedtm.com .pdst.fm .doubleclick.net .google-analytics.com .bing.com .googleadservices.com .facebook.net .techtarget.com .demandbase.com .googletagmanager.com munchkin.marketo.net .cookielaw.org .polyfill.io .adroll.com .licdn.com .mxpnl.com .chtbl.com .invoca.net .livehelpnow.net addsearch.com .youtube.com .searchcdn.com .vidyard.com .hotjar.com unpkg.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.company-target.com
app.barracuda.com
blog.barracuda.com
cdn.cookielaw.org
cdn.printfriendly.com
ext.chtbl.com
geolocation.onetrust.com
id.rlcdn.com
p.typekit.net
tag-logger.demandbase.com
tag.demandbase.com
use.typekit.net
web.chtbl.com
www.googletagmanager.com
cdn.printfriendly.com
web.chtbl.com
108.157.4.125
13.227.219.42
2600:9000:2176:9000:0:cc59:3900:93a1
2600:9000:2240:e600:14:fd89:5ac0:93a1
2600:9000:2449:bc00:1d:8d6d:3b40:93a1
2600:9000:2646:d400:a:b27c:d040:93a1
2606:4700:4400::6812:2089
2606:4700::6812:83ec
2a00:1450:4001:80e::2008
2a02:26f0:480:f::213:7ec6
2a02:26f0:480:f::213:7edb
35.244.174.68
4.234.25.19
03c30af9f99552ba2eff92617fdf160546d362aeb5885eba3592d25da5a31b56
0b79e8c3dcb7aeea8f62e4e2e695e60dbf779fe5a3595565cc856a70d1e576aa
0d49752a7a7d93d7e459fc189c58d305b9aa7d2b9bd923ac663a1548945bd12e
113cafa39568acba27f3f6ad96dcd5524e4287f6e8d4fdaf73404efb0f8b9b10
11d4663fa8f7dac0dc4d7097686c359a3771c4545fc050100f36e961874ec508
1636daeadf68320a8ff084924ab12632028d06a02bcb2de4febd953b14ab074b
19549c09d56fbb274e74f85be667fa6664961e7efdb9e9ef43f93f4011a4712e
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
20927593020931ba3c6a079c617c3d39f3e10652d02926534e0a8847298d844e
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2425711604ea242bbe21daa15ae93b57916cd24f2b7df7637dd7a9786fdf189a
27dc4f62298834987d3d8e5608c1af94c82ee3d18ee31858d39e0202697b5308
29abb1fb7cf50134f1124d0250ebf84ca38c8be090b37b0432d4f137c1c2fd31
2a8dd9b726407a57295a4610f42f2a0381337815b0f5db6131a9c89c23597718
30157fc7b6821278eee2e22d968e5f52dcd607803ea35d3cd62ad876d32afdcd
330fd6d564dff1313d98d4b80e4f7244d1ea1adfd8ea65b4f0bcc34d424137ae
34983ec5da74c95f7b9aba9e7abd42ca76b95cde4c06f476f6bfeb5547bd85ef
38e9ade7cb9f7a31a4525f2a70c4bdd2529340926202641bbbda8d655df8c0c3
3af87ea3baa934c23b40ec03e53ba0b75c9303cd27c07a601c96c41597cf2316
43ccd137975bf357e94674077ffaf2d46bbe8733b28e971056e4c9ea2a49a280
51c90151ae5d4cc09b6322953957a9f31a0e773817b9fd59b0145881f462932d
5d9788646c01ec15dec9fe42bc9435d6bc84ed63aed58276c2dd92780a62ddda
625b05d59aadc6b5356b8b238108a1fcdf330275186ba33132cadb1237b1cd8d
63bd6f8c19a70f0f46588e5dbc4a872b429a5e8a1f17f82453c34b1f14e833c6
659ea9f7ac5d3c9037da23d13f85498a55c6d386c637dd2999bbcbc904084cd3
6da7a8abdaa18cf9fa8f134e1de315971a8340de92d155bfbf3e62b5494e8621
6e4508938da05ea4e6455403e63617ff7f46ef761ca693bb567b089d1a35fd9e
6f4a9a6d7d17b485daf9995ce913842473dff469dd74fa8fe2b730471f000eaf
6ffa07d2a244da24e7330335e14c1c7be5cff1477cfa8bf2baa33cefce5e5e04
7abff666ecb3f4aa7ceb076cc27af4f404c83ad375b76b6aa1a999e844c6adb9
880482ff98e9d99ec808fa09fb517f3a193c5922c03d093ccf5e064f9fdc6b50
899a718e8ce9bec7c3dbf9495ee83ede0b55e1575b37b270f1aab20660f6b820
964b08d9a425ae147571d62dfabfef171b5882b94607e9137f42e17f6825cf4d
98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2
9ea7f0a7844cada198d1e8a28343cc081d3631c716c9dd53d889e4b7feae04ac
a0ab064e57ae58aa5e785a51416fa04a44bae33c08314181993a3d116495d940
a33128c94dd3c425bc3f4a9ba389a1f3d7a75233e8cb788ea80f8f43a3d68423
a4002d856e575601b351be144c9d7e4e6977286644fede72a7de1638844722aa
a5abdd6df1d760db1c6749fd92ce2d8a037cb411bc4849da3277cbedab35b8f5
a7e02a0a20001e61e65143e4930b318068f09692f4d7079dc7f26e0020613059
a8ac87a96a84d65c3fa7fe825042545627dc24730ccfbc16582b97efdc785c50
ab24c94a6c443c60e36e879960bf136e69dc08402883c0292d3a44a8da98474a
abca86efdf0b1aafabb4e60d904de64e144f9a84020cbe9914e6c945a4d5d87b
ae55c313220f063fdb3dc157a89a22e6a20a400cdd5b639a5aabfa4ae91e476a
aecc3b952de368f386ea1f775346bd5276c41ce17a5b3c1704589101961480e3
b07871da02311868c31ab6ac5a4e78cc877f118acd854857f6f51519f3ddbbc9
b825cc32ded55e1caa04b70f4b7f0f3010cfbbff4e1d89a035666b649ba2f782
b87ef2efd898acfddc8308449b24a558eca1e77f8e66802f03fab8c5d063d92a
c250924012fdc9ea9516b30650895201cd167dbd49c9d148924f30881abfa393
c38f95e28cdb0a26e5e8db009f2e2b39a23c8a055b31ee9f61a9033c4ea4b057
c40da8018356b16f1cb78babdfe38139c129d453b965fd6d0d9d8c637c063ca6
c4d04d2b6a041dde11c80d8332f983a58c1031c663ab4f42230899cb82adf4a7
c5f4c758c56da0e200a02337c176da0ab24cdacb89e85cf655e8ffd6a916e005
c6c9e7bc71a69020f203ec5a114f610838ce65bdfb18aa9540666cef71974151
ceb4ce0bba67a12e21af094eb24293d7ea8bffaffc237a1cd90394c7588eaec9
d139c3756ba4ea4e4672c12645de4977faa9ba7e0d550931d2086338fd72dfe9
d9c5b7e0dad2a67c57b30b5561515f54299dcca29984917cd93fd0e03ff9fd91
dfbb960bd83d748588476e7e26fc34b8ab093c3cb762b60268a8ce66350f283f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee536a0a449e09427b5693405097b4dc758bceed3e4cc35bd53a7ef83218b279

blog.barracuda.com Open in urlscan Pro 4.234.25.19 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

68 Requests

94 %HTTPS

69 %IPv6

10 Domains

14 Subdomains

14 IPs

3 Countries

2341 kBTransfer

4479 kBSize

10 Cookies

19 Outgoing links

Redirected requests

68 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.barracuda.com Open in urlscan Pro
4.234.25.19 Public Scan

Screenshot
Live screenshot

Full Image

68
Requests

94 %
HTTPS

69 %
IPv6

10
Domains

14
Subdomains

14
IPs

3
Countries

2341 kB
Transfer

4479 kB
Size

10
Cookies

68 HTTP transactions
5 data transactions