URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Submission: On November 07 via manual from IN — Scanned from DE

Summary

This website contacted 15 IPs in 3 countries across 11 domains to perform 104 HTTP transactions. The main IP is 2a02:26f0:780::210:ca08, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.welivesecurity.com. The Cisco Umbrella rank of the primary domain is 357873.
TLS certificate: Issued by Thawte ECC CA 2018 on January 24th 2023. Valid for: a year.
This is the only time www.welivesecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
18 2a02:26f0:780... 20940 (AKAMAI-ASN1)
28 52.142.86.50 8075 (MICROSOFT...)
1 9 2606:4700:10:... 13335 (CLOUDFLAR...)
5 199.232.196.134 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2620:1ec:bdf::63 8075 (MICROSOFT...)
4 151.101.128.134 54113 (FASTLY)
5 18.66.97.108 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
1 18.154.63.69 16509 (AMAZON-02)
18 2600:9000:205... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
104 15
Apex Domain
Subdomains
Transfer
30 esetstatic.com
web-assets.esetstatic.com
cdn.esetstatic.com — Cisco Umbrella Rank: 639448
4 MB
18 disquscdn.com
c.disquscdn.com — Cisco Umbrella Rank: 5610
358 KB
18 welivesecurity.com
www.welivesecurity.com — Cisco Umbrella Rank: 357873
2 MB
9 disqus.com
welivesecurity.disqus.com
disqus.com — Cisco Umbrella Rank: 1282
referrer.disqus.com — Cisco Umbrella Rank: 8050
57 KB
9 podbean.com
www.podbean.com — Cisco Umbrella Rank: 56537
357 KB
6 cloudfront.net
d8g345wuhgd7e.cloudfront.net
deow9bq0xqvbj.cloudfront.net
84 KB
5 gstatic.com
fonts.gstatic.com
81 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2462
21 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
183 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
1 KB
0 go-mpulse.net Failed
s.go-mpulse.net Failed
104 11
Domain Requested by
28 web-assets.esetstatic.com www.welivesecurity.com
18 c.disquscdn.com disqus.com
c.disquscdn.com
18 www.welivesecurity.com www.welivesecurity.com
9 www.podbean.com 1 redirects www.welivesecurity.com
www.podbean.com
5 fonts.gstatic.com fonts.googleapis.com
5 d8g345wuhgd7e.cloudfront.net www.podbean.com
4 referrer.disqus.com www.welivesecurity.com
4 disqus.com welivesecurity.disqus.com
c.disquscdn.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 region1.google-analytics.com www.googletagmanager.com
2 cdn.esetstatic.com www.googletagmanager.com
2 www.googletagmanager.com www.welivesecurity.com
www.googletagmanager.com
1 fonts.googleapis.com client
1 deow9bq0xqvbj.cloudfront.net www.podbean.com
1 welivesecurity.disqus.com www.welivesecurity.com
0 s.go-mpulse.net Failed www.welivesecurity.com
104 16
Subject Issuer Validity Valid
www.welivesecurity.com
Thawte ECC CA 2018
2023-01-24 -
2024-02-02
a year crt.sh
api.cms.eset.com
R3
2023-11-01 -
2024-01-30
3 months crt.sh
podbean.com
Cloudflare Inc ECC CA-3
2023-02-17 -
2024-02-17
a year crt.sh
*.disqus.com
Sectigo RSA Domain Validation Secure Server CA
2023-04-13 -
2024-04-20
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-10-16 -
2024-01-08
3 months crt.sh
cdn.esetstatic.com
Thawte RSA CA 2018
2022-11-11 -
2023-11-11
a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2022-12-08 -
2023-12-07
a year crt.sh
a.disquscdn.com
Amazon RSA 2048 M01
2023-08-31 -
2024-09-27
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-10-16 -
2024-01-08
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-10-16 -
2024-01-08
3 months crt.sh

This page contains 5 frames:

Primary Page: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Frame ID: AE4CA83ACB0241A1901A2AF1A84EEC26
Requests: 60 HTTP requests in this frame

Frame: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Frame ID: 7E59A5DD79F50E53069DBC2BFED4FEE4
Requests: 13 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Frame ID: 0078CD2C8E66D4287CF2B658587F0EB5
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
Frame ID: A077F3AF1AAB9C0498D12A83EB238624
Requests: 30 HTTP requests in this frame

Frame: https://www.podbean.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/61b90d1d/main.js
Frame ID: AF88A6D73C1BACCB57CC7142445D5054
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

MoustachedBouncer: Espionage against foreign diplomats in Belarus

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

104
Requests

97 %
HTTPS

64 %
IPv6

11
Domains

16
Subdomains

15
IPs

3
Countries

7220 kB
Transfer

10478 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71
  • https://www.podbean.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://www.podbean.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/61b90d1d/main.js

104 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
354 KB
51 KB
Document
General
Full URL
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ab4051fbd2ea8c5b8b014fe3d0da021ed063349bd41b35a4e1835486db8aad02
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=3600 public
content-encoding
gzip
content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-type
text/html; charset=UTF-8
date
Tue, 07 Nov 2023 10:15:30 GMT
expires
Tue, 07 Nov 2023 11:15:30 GMT
referrer-policy
no-referrer-when-downgrade
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
server-timing
cdn-cache; desc=REVALIDATE edge; dur=227 origin; dur=2907 ak_p; desc="1699352127364_34654724_744424998_313794_2266_8_18_255";dur=1
strict-transport-security
max-age=15724800
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,2
x-content-type-options
nosniff
x-edps-request-status
normal
x-xss-protection
1; mode=block
FedraSansAltPro-BookLF-405f3258.woff
www.welivesecurity.com/build/assets/
163 KB
167 KB
Font
General
Full URL
https://www.welivesecurity.com/build/assets/FedraSansAltPro-BookLF-405f3258.woff
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
405f32580b4440f0ddf2af9fcfd37fc9a863fde26b57b5623a9b188d61d47166
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status
normal
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=44, ak_p; desc="1699352130546_34654724_744428395_4402_1548_8_0_219";dur=1
content-length
166912
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 20 Jul 2023 00:44:42 GMT
etag
"64b8837a-28c00"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Fri, 19 Jul 2024 08:26:50 GMT
FedraSansAltPro-BoldLF-31f4bc72.woff
www.welivesecurity.com/build/assets/
162 KB
166 KB
Font
General
Full URL
https://www.welivesecurity.com/build/assets/FedraSansAltPro-BoldLF-31f4bc72.woff
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
31f4bc726f2849a3c8f77f8432b635d2d4529a3ff80b669fc9e21b0ed1c81ea7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status
normal
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="1699352130548_34654724_744428396_455_1422_10_0_219";dur=1
content-length
166288
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 20 Jul 2023 00:45:14 GMT
etag
"64b8839a-28990"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Fri, 19 Jul 2024 08:24:40 GMT
FedraSansAltPro-DemiLF-8885b886.woff
www.welivesecurity.com/build/assets/
164 KB
168 KB
Font
General
Full URL
https://www.welivesecurity.com/build/assets/FedraSansAltPro-DemiLF-8885b886.woff
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8885b88667beb8538140ecc550853e59d12e85fbd73dd70d4487b6cc757d8a2b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status
normal
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1699352130547_34654724_744428397_39_1450_10_0_219";dur=1
content-length
167780
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 20 Jul 2023 00:45:14 GMT
etag
"64b8839a-28f64"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Fri, 19 Jul 2024 08:26:50 GMT
moustache-bouncer-1920x1080.jpeg
web-assets.esetstatic.com/tn/-x425/wls/2023/2023-8/
54 KB
56 KB
Image
General
Full URL
https://web-assets.esetstatic.com/tn/-x425/wls/2023/2023-8/moustache-bouncer-1920x1080.jpeg
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f803a45cf4d9e8ba42835b13c1e7ec161d7ea7adf4490793a36758d7c2f1d7a8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff, nosniff
content-length
55772
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer-when-downgrade, no-referrer-when-downgrade
last-modified
Mon, 07 Aug 2023 06:39:04 GMT
etag
W/"64d09188-5fdf1"
x-frame-options
SAMEORIGIN, SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS, GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
https://web-assets.esetstatic.com, https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none', accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true, true
access-control-allow-headers
Content-Type, Content-Type
expires
Mon, 05 Feb 2024 10:15:31 GMT
article-header-995fa639.js
www.welivesecurity.com/build/assets/
442 B
4 KB
Script
General
Full URL
https://www.welivesecurity.com/build/assets/article-header-995fa639.js
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
606ea62b1a8a1e2b24b9e0eafef0757cea22f73f3956d6548611f7c26c4551b5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
x-edps-request-status
normal
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=11, ak_p; desc="1699352130547_34654724_744428398_1135_1456_8_0_219";dur=1
content-length
200
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 26 Oct 2023 13:19:59 GMT
etag
W/"653a66f4-1ba"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public
expires
Wed, 24 Jan 2024 13:18:50 GMT
app-8864fa1f.css
www.welivesecurity.com/build/assets/
297 KB
36 KB
Stylesheet
General
Full URL
https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8864fa1f3693203d1ba51b1478bcf3a746bc70fcf7cb0fe68f22e2f262b6eef7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
x-edps-request-status
normal
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=11, ak_p; desc="1699352130547_34654724_744428394_1121_1395_8_0_255";dur=1
content-length
32603
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 13 Oct 2023 09:07:03 GMT
etag
W/"6529083c-4a256"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
text/css
access-control-allow-origin
*
cache-control
public
expires
Thu, 11 Jan 2024 09:06:57 GMT
Matthieu-Faou.jpg
web-assets.esetstatic.com/tn/-x45/wls/2021/02/
1 KB
3 KB
Image
General
Full URL
https://web-assets.esetstatic.com/tn/-x45/wls/2021/02/Matthieu-Faou.jpg
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
77b819de55e006efc8ecdd1c227a4c1b6ea8b218ebe45bec90e6534791bceeb0
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff, nosniff
content-length
1398
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer-when-downgrade, no-referrer-when-downgrade
last-modified
Mon, 15 May 2023 12:15:32 GMT
etag
W/"64622264-50a67"
x-frame-options
SAMEORIGIN, SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS, GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
https://web-assets.esetstatic.com, https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none', accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true, true
access-control-allow-headers
Content-Type, Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
moustachedbouncer-timeline-edited.png
web-assets.esetstatic.com/wls/2023/2023-8/
90 KB
90 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/moustachedbouncer-timeline-edited.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
16ef334519f468f75f7e6e6925d0a33619fbc6252da70b95dfaffba54ae5f9f3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
91671
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 08:53:39 GMT
etag
"64ca1993-16617"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
picture1.png
web-assets.esetstatic.com/wls/2023/2023-8/
73 KB
73 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/picture1.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f287e8f1f1ca06ab9b9722754f161af276ade4f32260fe348779b150336cb87b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
74351
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:10:56 GMT
etag
"64ca1da0-1226f"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
jdrop.png
web-assets.esetstatic.com/wls/2023/2023-8/
61 KB
61 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/jdrop.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d9f3fc3166e2d314f58ab139c6db722a87d84f470f9f565b7c5f4f3bef1fc14b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
62065
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:12:57 GMT
etag
"64ca1e19-f271"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
update-js.png
web-assets.esetstatic.com/wls/2023/2023-8/
112 KB
113 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/update-js.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3afd484a2c1f034c849208f72ecc7c890a6a1eece516b9cdb32697c81cc4ce7e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
114693
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:14:02 GMT
etag
"64ca1e5a-1c005"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
slide1.jpeg
web-assets.esetstatic.com/wls/2023/2023-8/
79 KB
80 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/slide1.jpeg
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4d62357b4f7dba582b8a022436fc1962ed497886c9967fc326465664854d43bb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
80996
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:16:23 GMT
etag
"64ca1ee7-13c64"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
figure-6.png
web-assets.esetstatic.com/wls/2023/2023-8/
34 KB
35 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/figure-6.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5dc3e215513196ed7366d982c6802fd5700f6cfcc8a9230f392d9c4dce68dc9f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
34708
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:29:54 GMT
etag
"64ca2212-8794"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
edge-update.png
web-assets.esetstatic.com/wls/2023/2023-8/
13 KB
14 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/edge-update.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6b9315d604b1a0be9a4923956d291804ddbdb807ceae1b4f899dcbaff0c566c6
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
13451
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:32:14 GMT
etag
"64ca229e-348b"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
scheduled-tasks.png
web-assets.esetstatic.com/wls/2023/2023-8/
23 KB
23 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/scheduled-tasks.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5b48f6816b1d42e1a55c95be2ee612383e20c3b0ac092d8a8934a25ae34924c6
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
23148
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 12:30:14 GMT
etag
"64ca4c56-5a6c"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
dropper-2020.png
web-assets.esetstatic.com/wls/2023/2023-8/
26 KB
27 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/dropper-2020.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
09c92490e220e92585308be41cdc7e18132c396be2e2fb03c56b5d6d5fa2b6bb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
26958
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:33:13 GMT
etag
"64ca22d9-694e"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
2014-main-dropper.png
web-assets.esetstatic.com/wls/2023/2023-8/
40 KB
41 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/2014-main-dropper.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5d5d9e6176adb142f4754c0acc14377fbe497e5e7b525a25c4b6e83c851a87a1
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
41378
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 08:52:54 GMT
etag
"64ca1966-a1a2"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
2014-servicedll.png
web-assets.esetstatic.com/wls/2023/2023-8/
29 KB
29 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/2014-servicedll.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
39d2bbc6606d965c4feb5b107e90d14cd556bc9abac8417dd86862b078e3efa1
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
29209
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 08:52:54 GMT
etag
"64ca1966-7219"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:31 GMT
figure-11.png
web-assets.esetstatic.com/wls/2023/2023-8/
13 KB
14 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/figure-11.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0b79346856f6d7a243f62ac5ea59072eed76499c0a66e23aad7547a6fbef5d84
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
13135
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:42:45 GMT
etag
"64ca2515-334f"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
2014-encrypted-string.png
web-assets.esetstatic.com/wls/2023/2023-8/
6 KB
6 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/2014-encrypted-string.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6b20715fe428201c1d31a8a7a203133eb91d8bb83baabf985160805b1b54fd44
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
5780
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 08:52:54 GMT
etag
"64ca1966-1694"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:31 GMT
2014-log-file.png
web-assets.esetstatic.com/wls/2023/2023-8/
18 KB
18 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/2014-log-file.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8419011588b9ce653cc636c9b274257d8151cca4e5ad00eb46ad22bdd937866e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
18150
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 08:52:54 GMT
etag
"64ca1966-46e6"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
2014-lnk-parser.png
web-assets.esetstatic.com/wls/2023/2023-8/
52 KB
53 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/2014-lnk-parser.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2e2bd04830284b1213ff750c78c3bfc653a66619880750a8239250a298046c14
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
53291
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 08:52:54 GMT
etag
"64ca1966-d02b"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
2020-lnk-parser-1.png
web-assets.esetstatic.com/wls/2023/2023-8/
28 KB
29 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/2020-lnk-parser-1.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
757bce6845203c87f7a07b4f0aeda8e292a022bb642742acde30e7422f720e9f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
28592
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:46:21 GMT
etag
"64ca25ed-6fb0"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
figure16.png
web-assets.esetstatic.com/wls/2023/2023-8/
3 MB
3 MB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/figure16.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e8538d2c430441dbe08faf989e525daea9521bb2c6291fe76e4de21d02fb7f9c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
2874174
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:48:00 GMT
etag
"64ca2650-2bdb3e"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
figure-17.png
web-assets.esetstatic.com/wls/2023/2023-8/
12 KB
13 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/figure-17.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2bf9f000fd1e1420d98ad242d6ad9bfcd2a45536efc18fd44f558fbe85b337eb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
12543
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:49:57 GMT
etag
"64ca26c5-30ff"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
figure-18.png
web-assets.esetstatic.com/wls/2023/2023-8/
3 KB
4 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/figure-18.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6e90d72967b23843bd698bf0c2cb3fc06328c581ae4dafb58197e5367c5f1786
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
3147
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:51:49 GMT
etag
"64ca2735-c4b"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
keylogger.png
web-assets.esetstatic.com/wls/2023/2023-8/
44 KB
45 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/keylogger.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
feefe5f7fd9629ef08a9c4ac266e27fdbf0fd13412b4a7dd56ccbbe1692e834b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:30 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
45301
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:53:09 GMT
etag
"64ca2785-b0f5"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
figure-20.png
web-assets.esetstatic.com/wls/2023/2023-8/
5 KB
5 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/figure-20.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4eaf17f0efc0c1bf847b76a313d94fd0031111705c380b8becacbe3508116dc2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
4722
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:55:30 GMT
etag
"64ca2812-1272"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:31 GMT
figure-21.png
web-assets.esetstatic.com/wls/2023/2023-8/
86 KB
87 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/figure-21.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c2b12c08c3cee083b393f275b62c51fb6ceeddf44fb7a4a5ad7d8a15c5db10e9
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
88492
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:57:45 GMT
etag
"64ca2899-159ac"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
figure-22.png
web-assets.esetstatic.com/wls/2023/2023-8/
29 KB
30 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/figure-22.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ad545c3cc523a2bb322e47223eafc987dfa087fdf5bc18e8b24a879e51f88dc1
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
29613
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 09:58:46 GMT
etag
"64ca28d6-73ad"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:31 GMT
2022-plugin-dns-request.png
web-assets.esetstatic.com/wls/2023/2023-8/
11 KB
11 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/2022-plugin-dns-request.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a743078e9f936f9501549be5a1ca71f03914c80b588f687bcbe43b0b4063d658
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
10880
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 10:00:57 GMT
etag
"64ca2959-2a80"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
2022-dns-data-txt-1.png
web-assets.esetstatic.com/wls/2023/2023-8/
32 KB
33 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2023/2023-8/2022-dns-data-txt-1.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
09a63f4c2c6069eb36175c4f83c34fcea4aea1566514b97960f2ba5eeeb0382b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
32695
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 02 Aug 2023 10:02:09 GMT
etag
"64ca29a1-7fb7"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:31 GMT
eset-threat-intelligence.png
web-assets.esetstatic.com/wls/2022/12/
83 KB
84 KB
Image
General
Full URL
https://web-assets.esetstatic.com/wls/2022/12/eset-threat-intelligence.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.142.86.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9abd76a570978a6e72fbed97f1142cb2e7b4fa20b22a1241fefbce251416bf7e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15724800
x-content-type-options
nosniff
content-length
85433
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 14 May 2023 19:43:24 GMT
etag
"646139dc-14db9"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
https://web-assets.esetstatic.com
cache-control
max-age=7776000, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'none'; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Content-Type
expires
Mon, 05 Feb 2024 10:15:30 GMT
apt-activity-report-0b5f1a6d.png
www.welivesecurity.com/build/assets/
582 KB
586 KB
Image
General
Full URL
https://www.welivesecurity.com/build/assets/apt-activity-report-0b5f1a6d.png
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0b5f1a6d738d2c76b21d0e0d47794ba662936f6e0aaddc8757915a5daa597517
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status
normal
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1699352130697_34654724_744428568_92_1903_11_0_146";dur=1
content-length
596073
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Nov 2023 14:35:31 GMT
etag
"65450533-91869"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=7776000, public
accept-ranges
bytes
expires
Thu, 01 Feb 2024 14:36:44 GMT
app-7a4ecde0.js
www.welivesecurity.com/build/assets/
80 KB
25 KB
Script
General
Full URL
https://www.welivesecurity.com/build/assets/app-7a4ecde0.js
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8b67a0820b92ad626dd7204b203736274c68fa2cb1a107077d571e60f6dedf96
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
x-edps-request-status
normal
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=48, ak_p; desc="1699352130547_34654724_744428399_4803_1441_9_0_219";dur=1
content-length
22056
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Aug 2023 09:49:35 GMT
etag
W/"64dc9b1d-13f2d"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public
expires
Tue, 14 Nov 2023 09:48:39 GMT
search-7d9f58b7.js
www.welivesecurity.com/build/assets/
276 KB
88 KB
Script
General
Full URL
https://www.welivesecurity.com/build/assets/search-7d9f58b7.js
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
956f61e41e263b6074a58cbcb2eb181014e8c8e277388ebd98cc0d59921577f4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
x-edps-request-status
normal
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=8, ak_p; desc="1699352130548_34654724_744428400_935_1325_9_0_219";dur=1
content-length
86056
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Aug 2023 10:10:05 GMT
etag
W/"64dc9afe-44eae"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public
expires
Tue, 14 Nov 2023 09:55:36 GMT
_commonjsHelpers-042e6b4d.js
www.welivesecurity.com/build/assets/
725 B
4 KB
Script
General
Full URL
https://www.welivesecurity.com/build/assets/_commonjsHelpers-042e6b4d.js
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ed915d2176566b841f0e01e7632ce7a20b023cbcb4f5976a6015284fccd8a865
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
x-edps-request-status
normal
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=317, ak_p; desc="1699352130547_34654724_744428401_31817_1145_11_0_219";dur=1
content-length
330
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Aug 2023 09:50:52 GMT
etag
W/"64dc9b1d-2d5"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public
expires
Tue, 14 Nov 2023 09:50:50 GMT
prism-40494b65.css
www.welivesecurity.com/build/assets/
2 KB
4 KB
Stylesheet
General
Full URL
https://www.welivesecurity.com/build/assets/prism-40494b65.css
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
40494b653a0f9485c88432191eaace18e7dff8646f45114d6007fe19da129e34
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
x-edps-request-status
normal
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=72, ak_p; desc="1699352130693_34654724_744428565_8662_1730_9_0_182";dur=1
content-length
563
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 10 Aug 2023 12:33:18 GMT
etag
W/"64b8837a-6fa"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
text/css
access-control-allow-origin
*
cache-control
public
expires
Wed, 18 Oct 2023 08:35:09 GMT
prism-40d1b0a4.js
www.welivesecurity.com/build/assets/
66 KB
24 KB
Script
General
Full URL
https://www.welivesecurity.com/build/assets/prism-40d1b0a4.js
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6572478fbf8e29ee8109a22286fd9f82330fae739c518b58d5f37df25e17ea37
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
x-edps-request-status
normal
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=13, ak_p; desc="1699352130548_34654724_744428402_1456_1214_8_0_219";dur=1
content-length
20342
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Aug 2023 09:53:13 GMT
etag
W/"64dc9b11-10728"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public
expires
Tue, 14 Nov 2023 09:47:24 GMT
article-e3625c4c.css
www.welivesecurity.com/build/assets/
23 KB
8 KB
Stylesheet
General
Full URL
https://www.welivesecurity.com/build/assets/article-e3625c4c.css
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3625c4c1b10a8e8b5fb271f45549d6d68e0a9c462062fc927709ea7ab285ca5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
x-edps-request-status
normal
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=29, ak_p; desc="1699352130693_34654724_744428566_2881_1930_11_0_182";dur=1
content-length
4371
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 27 Jul 2023 14:11:49 GMT
etag
W/"64b8837a-5d19"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
text/css
access-control-allow-origin
*
cache-control
public
expires
Wed, 18 Oct 2023 08:22:41 GMT
article-fd027339.js
www.welivesecurity.com/build/assets/
140 KB
39 KB
Script
General
Full URL
https://www.welivesecurity.com/build/assets/article-fd027339.js
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e9d5fa7dbd42331253c178a9fb1ce2aaac7543c8667326489b58d4ab3a51abfd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
x-edps-request-status
normal
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=29, ak_p; desc="1699352130547_34654724_744428403_2926_1354_8_0_219";dur=1
content-length
36164
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 13 Oct 2023 09:06:28 GMT
etag
W/"6529081f-23021"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public
expires
Thu, 11 Jan 2024 09:06:27 GMT
7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/
0
0

/
www.podbean.com/player-v2/ Frame 7E59
17 KB
7 KB
Document
General
Full URL
https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c30fab4e51dfe05565d9448f492474a53ce1dd77e603dd3a62fb08167905abae
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
8224d0c1dce69159-FRA
content-encoding
gzip
content-type
text/html
date
Tue, 07 Nov 2023 10:15:31 GMT
last-modified
Mon, 06 Nov 2023 01:44:48 GMT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
truncated
/
671 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
644fbb688b94c602990a4988d379d439a5151ea782e06496cb6347cbbb64e49d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
image/svg+xml
FedraSansAltPro-MediumLF-261e3ac5.woff
www.welivesecurity.com/build/assets/
166 KB
170 KB
Font
General
Full URL
https://www.welivesecurity.com/build/assets/FedraSansAltPro-MediumLF-261e3ac5.woff
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
261e3ac5dbb4ba8069ecba539a13b971d2e147981f4573e993410d8bd6de0037
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status
normal
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=13, ak_p; desc="1699352130717_34654724_744428586_1269_1545_18_0_255";dur=1
content-length
170432
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 20 Jul 2023 14:40:48 GMT
etag
"64b94770-299c0"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Fri, 19 Jul 2024 16:25:46 GMT
FedraSansAltPro-BookItalicLF-4cad214a.woff
www.welivesecurity.com/build/assets/
162 KB
166 KB
Font
General
Full URL
https://www.welivesecurity.com/build/assets/FedraSansAltPro-BookItalicLF-4cad214a.woff
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4cad214a2eeb48599ea314d32d2685f6554fe548be21add2f606db059530506e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status
normal
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=26, ak_p; desc="1699352130719_34654724_744428592_2547_1367_13_0_255";dur=1
content-length
165752
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 25 Sep 2023 15:14:09 GMT
etag
"6511a3c1-28778"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Wed, 25 Sep 2024 10:51:36 GMT
FedraSansAltPro-BoldItalicLF-ec9eb351.woff
www.welivesecurity.com/build/assets/
169 KB
173 KB
Font
General
Full URL
https://www.welivesecurity.com/build/assets/FedraSansAltPro-BoldItalicLF-ec9eb351.woff
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ec9eb3515b0c462b663eb6e45a8c8d3de6993077cac8f05f30fbce263d1659c3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status
normal
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
date
Tue, 07 Nov 2023 10:15:30 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=112, ak_p; desc="1699352130719_34654724_744428593_11198_1355_7_0_255";dur=1
content-length
172828
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 16 Oct 2023 05:59:20 GMT
etag
"652cd138-2a31c"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Thu, 17 Oct 2024 19:03:25 GMT
7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/ Frame 0078
0
0

embed.js
welivesecurity.disqus.com/
78 KB
25 KB
Script
General
Full URL
https://welivesecurity.disqus.com/embed.js
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
8a794652e19438d5f44b73d439d216b05e7889b352d209e533cf9de3a0f0407a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 10:15:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=300; includeSubdomains
Server
openresty
Age
43
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
25484
FedraSansAltPro-LightLF-ec800a5b.woff
www.welivesecurity.com/build/assets/
159 KB
163 KB
Font
General
Full URL
https://www.welivesecurity.com/build/assets/FedraSansAltPro-LightLF-ec800a5b.woff
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:ca08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ec800a5bcb2d4e57adcc0c7ec3d69427ac3e392d4a0302891dd76fb80ffd0bfd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/build/assets/app-8864fa1f.css
Origin
https://www.welivesecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
x-edps-request-status
normal
x-content-type-options
nosniff
strict-transport-security
max-age=15724800
date
Tue, 07 Nov 2023 10:15:31 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=88, ak_p; desc="1699352131017_34654724_744428918_8748_1971_8_0_255";dur=1
content-length
162900
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 20 Jul 2023 00:44:42 GMT
etag
"64b8837a-27c54"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Fri, 19 Jul 2024 08:28:34 GMT
gtm.js
www.googletagmanager.com/
327 KB
105 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
faa008f814aa818069ce653c96e93006602380b53598d26446dffa2ba849da1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
107113
x-xss-protection
0
last-modified
Tue, 07 Nov 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 07 Nov 2023 10:15:31 GMT
app.d3b5e0c0.css
www.podbean.com/player-v2/css/ Frame 7E59
42 KB
7 KB
Stylesheet
General
Full URL
https://www.podbean.com/player-v2/css/app.d3b5e0c0.css
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7383c374850fea6e5ceefb672efacd2a022539b438836e9d9ab957acad9f898d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 06 Nov 2023 01:44:50 GMT
server
cloudflare
age
4260
cf-polished
origSize=42648
etag
W/"65484512-a698"
vary
Accept-Encoding
content-type
text/css
content-encoding
gzip
cache-control
max-age=86400
cf-ray
8224d0c4d95f9159-FRA
chunk-vendors.d4d98811.css
www.podbean.com/player-v2/css/ Frame 7E59
84 KB
17 KB
Stylesheet
General
Full URL
https://www.podbean.com/player-v2/css/chunk-vendors.d4d98811.css
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d5ff1a0615dad14a91c07bd20f46a127ce95304df3c018603a4f552e915bd0a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 06 Nov 2023 01:44:52 GMT
server
cloudflare
age
1330
cf-polished
origSize=85663
etag
W/"65484514-14e9f"
vary
Accept-Encoding
content-type
text/css
content-encoding
gzip
cache-control
max-age=86400
cf-ray
8224d0c4d9609159-FRA
app.7dccdfb0.js
www.podbean.com/player-v2/js/ Frame 7E59
104 KB
30 KB
Script
General
Full URL
https://www.podbean.com/player-v2/js/app.7dccdfb0.js
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e90148ce32dc521b550642fe6b01b23882950d5719f9e7e4d70c56bfa81224b5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 06 Nov 2023 01:44:51 GMT
server
cloudflare
age
2950
cf-polished
origSize=106267
etag
W/"65484513-19f1b"
vary
Accept-Encoding
content-type
application/javascript
content-encoding
gzip
cache-control
max-age=86400
cf-ray
8224d0c4d9629159-FRA
chunk-vendors.4c1b8e0c.js
www.podbean.com/player-v2/js/ Frame 7E59
967 KB
290 KB
Script
General
Full URL
https://www.podbean.com/player-v2/js/chunk-vendors.4c1b8e0c.js
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05ad1b3feedcde663d265a2c36cfb2f09b9da81b8f91b9ef65880fc6ec74a450
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 06 Nov 2023 01:44:59 GMT
server
cloudflare
age
1938
cf-polished
origSize=990386
etag
W/"6548451b-f1cb2"
vary
Accept-Encoding
content-type
application/javascript
content-encoding
gzip
cache-control
max-age=86400
cf-ray
8224d0c4d9639159-FRA
js
www.googletagmanager.com/gtag/
220 KB
78 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FBY6B30C4M&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0e61e73de213b2b6bb1bfd075987db8ae8864fa1eef21ad0bc19aa83fe5c29d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
79522
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 07 Nov 2023 10:15:31 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 07 Nov 2023 09:49:42 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
1549
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 07 Nov 2023 11:49:42 GMT
app.min.css
cdn.esetstatic.com/cookie-consent/v3/
20 KB
5 KB
Stylesheet
General
Full URL
https://cdn.esetstatic.com/cookie-consent/v3/app.min.css
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ddf0e65e326bc99627ac2d1df7babf8780bb64fe4fa08bb1a0e5d772fb2e3c94

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
content-encoding
br
last-modified
Wed, 30 Nov 2022 12:49:33 GMT
etag
W/"0x8DAD2D15474DB45"
vary
Accept-Encoding
x-azure-ref
20231107T101531Z-9s02r76ps92ct9c64au0pwd9d400000000hg000000027ds7
content-type
text/css
x-ms-request-id
6cba701b-801e-000c-29b7-1097b0000000
x-cache
TCP_HIT
x-ms-version
2018-03-28
app.min.js
cdn.esetstatic.com/cookie-consent/v3/
380 KB
140 KB
Script
General
Full URL
https://cdn.esetstatic.com/cookie-consent/v3/app.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3136ed18810649908a21e1af3d5ed10eb6f0b06f8e7653362e2303870aaf8b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
content-encoding
br
last-modified
Fri, 11 Nov 2022 13:55:52 GMT
etag
W/"0x8DAC3EC72913F28"
vary
Accept-Encoding
x-azure-ref
20231107T101531Z-9s02r76ps92ct9c64au0pwd9d400000000hg000000027ds8
content-type
text/javascript
x-ms-request-id
16d7c416-801e-0041-491a-11585c000000
x-cache
TCP_HIT
x-ms-version
2018-03-28
/
disqus.com/embed/comments/ Frame A077
8 KB
5 KB
Document
General
Full URL
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
Requested by
Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e7f4566d6dc58daf510bd56cdf9f8be668aadd99bd876e7669075351b6d81256
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
0
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection
keep-alive
Content-Encoding
gzip
Content-Length
3296
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type
text/html; charset=utf-8
Cross-Origin-Resource-Policy
cross-origin
Date
Tue, 07 Nov 2023 10:15:31 GMT
ETag
W/"lounge:view:9797558019.a97be6e311b6e6283eb5a9d46cfb80d9.2"
Last-Modified
Sun, 15 Oct 2023 15:18:58 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy
no-referrer-when-downgrade
Server
nginx
Strict-Transport-Security
max-age=300; includeSubdomains
Timing-Allow-Origin
*
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
event.gif
referrer.disqus.com/juggler/
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=8lavrjp2p78qat&experiment=prebidbidisrequired&variant=active&service=dynamic&area=top&product=embed&forum=welivesecurity&zone=thread&version=685fe71837a5e31e62ed92d8c3551184&page_url=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Aprebidbidisrequired%3Aactive&section=default&verb=call&adjective=1&forum_id=2152520
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 10:15:31 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
event.gif
referrer.disqus.com/juggler/
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=8lavrjp2p78qat&experiment=prebidbidisrequired&variant=active&service=dynamic&area=bottom&product=embed&forum=welivesecurity&zone=thread&version=685fe71837a5e31e62ed92d8c3551184&page_url=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Aprebidbidisrequired%3Aactive&section=default&verb=call&adjective=1&forum_id=2152520
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 10:15:31 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
iconfont.css
d8g345wuhgd7e.cloudfront.net/site/css/admin5/iconfont/ Frame 7E59
25 KB
5 KB
Stylesheet
General
Full URL
https://d8g345wuhgd7e.cloudfront.net/site/css/admin5/iconfont/iconfont.css
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/js/app.7dccdfb0.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-108.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
81c6b83370e67ce6ecf96bab811667aceda4568bde1e129ffd08efe36b2dc179

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id
_EEIfnawqM55LS4SZhDkPQFithWeWmDW
Content-Encoding
gzip
Via
1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
Date
Tue, 31 Oct 2023 10:17:07 GMT
X-Amz-Cf-Pop
FRA56-P2
Age
604705
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Mon, 31 Jul 2023 08:47:08 GMT
Server
AmazonS3
ETag
W/"3fb8086ca653fdb9177f55f2aa2fd9b7"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public,max-age=604800
X-Amz-Cf-Id
6zmpxh7ibSSFUiAGmmJIeFY0DDkwoKKz5yZewdDegNbThBY9U8Z9ug==
guxcg-14764d5-pb
www.podbean.com/player/ Frame 7E59
3 KB
1 KB
XHR
General
Full URL
https://www.podbean.com/player/guxcg-14764d5-pb?scode=&pfauth=&referrer=&order=&limit=&filter=&publish_start=&publish_end=&season=&tag=&ss=&touchable=false&type=classic
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/js/chunk-vendors.4c1b8e0c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02df3c4ef02c54fd7dfac200333f7a275ca6b26d886113d25249dd0b6c5a64c9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';manifest-src 'self';object-src 'none';worker-src 'self' blob:;
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:31 GMT
content-security-policy
frame-ancestors 'none';manifest-src 'self';object-src 'none';worker-src 'self' blob:;
content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
server
cloudflare
vary
Accept-Encoding, Accept
content-type
application/json; charset=UTF-8
s
s8
cf-ray
8224d0c6ecbe9159-FRA
collect
region1.google-analytics.com/g/
0
259 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-FBY6B30C4M&gtm=45je3b60v889440112z86269785&_p=1699352131050&gcd=11l1l1l1l1&cid=600974809.1699352132&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1699352131&sct=1&seg=0&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&dt=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&en=page_view&_fv=2&_nsi=1&_ss=2&ep.branch=en&ep.page_location_noquery=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&ep.hostname=www.welivesecurity.com&ep.useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.105%20Safari%2F537.36&ep.project_id=wls&ep.article_category=ESET%20Research&ep.article_date=2023%2F08%2F10&ep.article_section=(not%20set)&ep.author=Matthieu%20Faou&ep.blog_length=3k%2B&epn.publication_id=29694&ep.cookie_consent=b%3A1%7Ca%3A0%7Cm%3A0&tfd=4504
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FBY6B30C4M&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 10:15:32 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.welivesecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
3 B
213 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=700509572&t=pageview&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&ul=en-us&de=UTF-8&dt=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAIg~&cid=600974809.1699352132&tid=UA-37839312-1&_gid=1187401472.1699352132&_slc=1&gtm=45He3b60n71PMDGSMv6269785&cd1=ESET%20Research&cd2=Matthieu%20Faou&cd3=3k%2B&cd4=&cd5=2023-11-07T11%3A15%3A31.404%2B01%3A00&cd6=Office%20Hours&cd7=www.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&cd10=(not%20set)&cd11=en&cd12=not-a-bot&cd14=29694&cd15=2023%2F08%2F10&cd21=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.105%20Safari%2F537.36&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&gcd=11l1l1l1l1&z=166125316
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 10:15:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.welivesecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
Eset_research_profile_picture_jczkiu_300x300.png
deow9bq0xqvbj.cloudfront.net/image-logo/12873209/ Frame 7E59
6 KB
7 KB
Image
General
Full URL
https://deow9bq0xqvbj.cloudfront.net/image-logo/12873209/Eset_research_profile_picture_jczkiu_300x300.png
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.154.63.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-154-63-69.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb368ecc6adf8f5ee0f8539200037978990e6f0d3bd61e255fbfc1cc079d0103

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id
tnZO4TA8Ju3BdFW83i2zcCMUJuGjJt.A
Date
Tue, 07 Nov 2023 10:15:32 GMT
Via
1.1 d80c34bef63175e408b52241ca38d75e.cloudfront.net (CloudFront)
Last-Modified
Tue, 23 Nov 2021 10:54:19 GMT
Server
AmazonS3
X-Amz-Cf-Pop
DUS51-P4
Age
217559
ETag
"7dc41438678280c2d300dc9a79184a6e"
X-Cache
Hit from cloudfront
Content-Type
image/png
Cache-Control
public,max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6642
X-Amz-Cf-Id
HHHYD6w6-Xw7RyKcLbWcVNyvE63U-dfFQg5MCuISyUtHUi4utTI7cA==
apple-podcast.png
d8g345wuhgd7e.cloudfront.net/site/images/admin5/ Frame 7E59
46 KB
46 KB
Image
General
Full URL
https://d8g345wuhgd7e.cloudfront.net/site/images/admin5/apple-podcast.png
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-108.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8f12e963e7772718bf6db7cd88a2d99e1f26df6cce6358d27ead9a9ea01f9a3b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Wed, 01 Nov 2023 03:04:53 GMT
x-amz-version-id
nZ8AxBuJKqph2fbM6mYkonVUP19W_1BI
Via
1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA56-P2
Age
544239
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
46660
Last-Modified
Wed, 16 Aug 2023 03:04:15 GMT
Server
AmazonS3
ETag
"8d4417647c781c7a1cbce037e79b6882"
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
X-Amz-Cf-Id
h8MbbVZI-UQGRqltkj7FevEmU4Y9WLtK8fkWwugvN_xLvSqiwzrT_g==
google-podcast.png
d8g345wuhgd7e.cloudfront.net/site/images/admin5/ Frame 7E59
5 KB
5 KB
Image
General
Full URL
https://d8g345wuhgd7e.cloudfront.net/site/images/admin5/google-podcast.png
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-108.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7fcd842d5598c5e2f60cd3f5a5ecca32465d726c5653ed1d422a508563540ac0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Wed, 01 Nov 2023 01:08:17 GMT
x-amz-version-id
4t8P4jKROgJ3nppNxKPGS7pIX5QgmXaT
Via
1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
Last-Modified
Wed, 25 Aug 2021 06:44:32 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P2
Age
551235
ETag
"a21ea297a6fb6fccbbef0ef55ac37dae"
X-Cache
Hit from cloudfront
Content-Type
image/png
Cache-Control
public,max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5070
X-Amz-Cf-Id
zWEklqHY2XtQFt3cZZXdNhmjwaPlhJpm6wvdYuCxBkZwYbGW3rvr2A==
podbean-app.png
d8g345wuhgd7e.cloudfront.net/site/images/admin5/ Frame 7E59
11 KB
11 KB
Image
General
Full URL
https://d8g345wuhgd7e.cloudfront.net/site/images/admin5/podbean-app.png
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-108.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dafc1ba973219dc8cec5f350c812513bdf34144b1868f90e701e0f87f3dbdc1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id
PlPI5fzgOZdK_dIxlHqcvhCpvMsuSFzj
Date
Sat, 04 Nov 2023 21:48:06 GMT
Via
1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA56-P2
Age
217646
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
11128
Last-Modified
Tue, 07 Jul 2020 03:13:31 GMT
Server
AmazonS3
ETag
"f5a169492689fb32242600a65dae40dc"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
X-Amz-Cf-Id
Lwf4BYBwMZBNMg59lei8F3h3wkvxL-taXXtKihozZQsooSY45IJpiQ==
spotify.png
d8g345wuhgd7e.cloudfront.net/site/images/admin5/ Frame 7E59
8 KB
9 KB
Image
General
Full URL
https://d8g345wuhgd7e.cloudfront.net/site/images/admin5/spotify.png
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/player-v2/?i=guxcg-14764d5-pb&from=pb6admin&share=1&download=1&rtl=0&fonts=Arial&skin=f6f6f6&font-color=auto&logo_link=episode_page&btn-skin=0096a1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-108.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
374f9532448cb81aaf086c9d603092c9101a0ca760d82209fb0784da3c7acce3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.podbean.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Mon, 06 Nov 2023 16:45:29 GMT
x-amz-version-id
VJttPD.l.FOOB_m.KqmN5wc8fyax8LZf
Via
1.1 0baa339c02d06988c65d8623d1b3c6ec.cloudfront.net (CloudFront)
Last-Modified
Wed, 18 Aug 2021 08:48:23 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P2
Age
63003
ETag
"c3a607f60186be14e7b0381c30885b52"
X-Cache
Hit from cloudfront
Content-Type
image/png
Cache-Control
public,max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8236
X-Amz-Cf-Id
I1kWsY0iANr9Qj0ya-bqvm5yiONF_LykJkqR4mC3l4XcJT0yQHBxdQ==
main.js
www.podbean.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/61b90d1d/ Frame AF88
Redirect Chain
  • https://www.podbean.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://www.podbean.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/61b90d1d/main.js
7 KB
4 KB
Script
General
Full URL
https://www.podbean.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/61b90d1d/main.js
Requested by
Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Protocol
H2
Server
2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b023d530cf8135a10a4ae63df1cb4f1347f91865709d94df31941d2627c0027
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 10:15:32 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
gzip
server
cloudflare
vary
accept-encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
8224d0ca7a7d9159-FRA

Redirect headers

date
Tue, 07 Nov 2023 10:15:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
server
cloudflare
vary
accept-encoding
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/61b90d1d/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
8224d0c89f389159-FRA
truncated
/ Frame 7E59
4 KB
4 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Referer
Origin
https://www.podbean.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
lounge.load.685fe71837a5e31e62ed92d8c3551184.js
c.disquscdn.com/next/embed/ Frame A077
1 KB
1 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.load.685fe71837a5e31e62ed92d8c3551184.js
Requested by
Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
d258255f8d4b26a86043c320916e9f941173077c37cf4a574c8c0f7b197a98dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
Origin
https://disqus.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 01 Nov 2023 19:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
485741
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
630
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Wed, 01 Nov 2023 19:12:20 GMT
server
nginx
etag
"6542a314-276"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
xl2dWVYDqHcJ__cUgGoso7jlJS5X3-977ZMa3I5ZQ8GyJbLzFZz-MQ==
expires
Thu, 31 Oct 2024 19:19:51 GMT
common.bundle.3e8d5264f612390a04ecdea992b7df6b.js
c.disquscdn.com/next/embed/ Frame A077
280 KB
93 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.3e8d5264f612390a04ecdea992b7df6b.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.685fe71837a5e31e62ed92d8c3551184.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
dc14b3341a10d1867708850459c8ab87a5a4fef6f8f7ef1a68538e5b64d4ed9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Mon, 30 Oct 2023 17:45:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
664202
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94105
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Fri, 27 Oct 2023 19:23:37 GMT
server
nginx
etag
"653c0e39-16f99"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
TpSbHOubEx9sl_g07B8eoUze9rquyoxhSUd2rYJL-VrizvqZfg-xCA==
expires
Tue, 29 Oct 2024 17:45:30 GMT
8224d0c1dce69159
www.podbean.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame AF88
0
252 B
XHR
General
Full URL
https://www.podbean.com/cdn-cgi/challenge-platform/h/b/jsd/r/8224d0c1dce69159
Requested by
Host: www.podbean.com
URL: https://www.podbean.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:ca , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 07 Nov 2023 10:15:32 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
gzip
server
cloudflare
cf-ray
8224d0cd1e069159-FRA
content-type
text/plain; charset=UTF-8
lounge.dbc47866f009f9d6f1556cd58214d9a3.css
c.disquscdn.com/next/embed/styles/ Frame A077
233 KB
33 KB
Stylesheet
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.3e8d5264f612390a04ecdea992b7df6b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 30 May 2023 18:53:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
13879332
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
33282
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Tue, 30 May 2023 18:28:53 GMT
server
nginx
etag
"64764065-8202"
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
Ia3FrFPJA1IL9Q3tL1d44Dqr8A5I32EuRFlmUzNKMzwe-n8Z9DBCtQ==
expires
Wed, 29 May 2024 18:53:20 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=700509572&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&ul=en-us&de=UTF-8&dt=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=cookie%20consent&ea=cookie-consent-visible&_u=aDDAAEABAAAAACAAIg~&cid=600974809.1699352132&tid=UA-37839312-1&_gid=1187401472.1699352132&gtm=45He3b60n71PMDGSMv6269785&cd1=ESET%20Research&cd2=Matthieu%20Faou&cd3=3k%2B&cd4=&cd5=2023-11-07T11%3A15%3A32.730%2B01%3A00&cd6=Office%20Hours&cd7=www.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&cd10=(not%20set)&cd11=en&cd12=not-a-bot&cd14=29694&cd15=2023%2F08%2F10&cd20=600974809.1699352132&cd21=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.105%20Safari%2F537.36&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&gcd=11l1l1l1l1&z=1241318955
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 06:41:50 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
12822
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
lounge.bundle.ba0c3df892494c1973d91c84130fde4c.js
c.disquscdn.com/next/embed/ Frame A077
513 KB
129 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.ba0c3df892494c1973d91c84130fde4c.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.3e8d5264f612390a04ecdea992b7df6b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
8b2c02e3dcaf6c284e857beb30bd5459a3eab22b90aac5d5af254f4298c692fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 01 Nov 2023 19:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
485740
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
131041
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 01 Nov 2023 19:12:20 GMT
server
nginx
etag
"6542a314-1ffe1"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
A6WaaLrvpdijQ_mcQTwnz1xJOzSLpFtFL1xpOcAhhxh-ME_-qWY4oQ==
expires
Thu, 31 Oct 2024 19:19:52 GMT
config.js
disqus.com/next/ Frame A077
19 KB
19 KB
Script
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.3e8d5264f612390a04ecdea992b7df6b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
df411420efe3c7ca46a26c969ba790335e06c51f843f25b201a725724141f75b
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 10:15:32 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
57
X-Frame-Options
SAMEORIGIN
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
19162
X-XSS-Protection
1; mode=block
details
disqus.com/api/3.0/forums/ Frame A077
4 KB
4 KB
XHR
General
Full URL
https://disqus.com/api/3.0/forums/details?forum=welivesecurity&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.3e8d5264f612390a04ecdea992b7df6b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0bc3f92dc96660c065730c77963fb93c77d4a188cac56dfb42027c021b3bfc69
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 10:15:33 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Vary
Origin, Cookie
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type
application/json
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
3958
X-XSS-Protection
1; mode=block
css2
fonts.googleapis.com/ Frame A077
11 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 07 Nov 2023 10:15:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 07 Nov 2023 08:35:32 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 07 Nov 2023 10:15:33 GMT
loadReactions
disqus.com/api/3.0/threadReactions/ Frame A077
1 KB
2 KB
XHR
General
Full URL
https://disqus.com/api/3.0/threadReactions/loadReactions?thread=9797558019&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.3e8d5264f612390a04ecdea992b7df6b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a8d53db15b893b917fc27f03199c91dc6d7b81073973df3730100f45bd4e8464
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 10:15:33 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Vary
Origin, Cookie
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type
application/json
Cache-Control
stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
1351
X-XSS-Protection
1; mode=block
avatar92.jpg
c.disquscdn.com/uploads/forums/215/2520/ Frame A077
3 KB
4 KB
Image
General
Full URL
https://c.disquscdn.com/uploads/forums/215/2520/avatar92.jpg?1666017561
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
547d64d9586e701e83fd750596ba4ad00437294bbb2377e68d38823b0d097911
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Thu, 21 Sep 2023 00:17:22 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
4096690
x-cache
Hit from cloudfront
content-length
3099
x-xss-protection
1; mode=block
x-served-by
static-web-1
last-modified
Mon, 17 Oct 2022 14:39:22 GMT
server
nginx
etag
"03e2797add6e2cc784dc53b89eb72771"
content-type
image/jpeg
cache-control
max-age=31536000, public, immutable
accept-ranges
bytes
x-amz-cf-id
L5p0PikK4mm0aQ3DazLYWpZZKeCe76EhrRn37s1QrWJgKtjb9-zrSw==
expires
Fri, 20 Sep 2024 00:17:22 GMT
svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame A077
13 KB
13 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Thu, 21 Sep 2023 06:33:56 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
4074096
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
13079
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 20 Sep 2023 10:55:07 GMT
server
nginx
etag
"650acf8b-3317"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
_c19wdY5gVLrC9YnsahB2qcpKslgbtRiEmwT704SpFuJMzvYs2qZKg==
expires
Fri, 20 Sep 2024 06:33:56 GMT
loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame A077
3 KB
3 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Thu, 12 Jan 2023 03:03:01 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
25859551
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
2971
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Fri, 06 Jan 2023 19:06:43 GMT
server
nginx
etag
"63b87143-b9b"
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
NDjDy-khj5oY9tNA5dCDVfO0RaOsA-ajckLCUnk-X4Ntkur8dYGrwQ==
expires
Fri, 12 Jan 2024 03:03:01 GMT
email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg
c.disquscdn.com/next/embed/assets/img/ Frame A077
840 B
1 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 19 Apr 2023 18:37:18 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
17422694
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
840
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Tue, 18 Apr 2023 23:42:29 GMT
server
nginx
etag
"643f2ae5-348"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
Zu8yeKfsBjmlF1Yktl29zFecInvRC0dSJXFuf7ZJtpWRzUhdcHVBmA==
expires
Thu, 18 Apr 2024 18:37:18 GMT
privacy.8c96be6b50de1c3fab838c5f050e0be5.svg
c.disquscdn.com/next/embed/assets/img/ Frame A077
891 B
1 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 26 Jul 2023 18:48:11 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
8954841
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
891
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 26 Jul 2023 16:31:55 GMT
server
nginx
etag
"64c14a7b-37b"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
OiBqWHDsduEsOZv6H0LmBoXm-8jbP3zqiaocoPiwbQMx1fSSTywxzw==
expires
Thu, 25 Jul 2024 18:48:11 GMT
warning.3bc0b4bff6c268a4ceaf404014b9be42.svg
c.disquscdn.com/next/embed/assets/img/ Frame A077
605 B
1 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Mon, 18 Sep 2023 00:48:06 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
4354045
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
605
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 13 Sep 2023 20:48:30 GMT
server
nginx
etag
"6502201e-25d"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
LyG0GPcGqLyUaQR0PEGNt77SKwVgBZ3HW2ApeqYzf4y7P9ZZ0oyx_g==
expires
Tue, 17 Sep 2024 00:48:06 GMT
sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame A077
2 KB
2 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 17 Jan 2023 06:16:10 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
25415962
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1763
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Thu, 12 Jan 2023 21:51:05 GMT
server
nginx
etag
"63c080c9-6e3"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
qc8FoxUB2KfzKk--UPGSlRW7kRQzLF0oh0ZKiDQRFxqWIzrXQ32N1Q==
expires
Wed, 17 Jan 2024 06:16:10 GMT
icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame A077
8 KB
8 KB
Font
General
Full URL
https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Origin
https://disqus.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Sat, 22 Jul 2023 02:00:22 GMT
via
1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
9360910
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
7900
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 12 Jul 2023 14:04:56 GMT
server
nginx
etag
"64aeb308-1edc"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
idbCWuXtaxy9TPzTxWXLL9xu0gszsv-I-GCMYTcRXxSwCCmUPmzbKQ==
expires
Sun, 21 Jul 2024 02:00:22 GMT
lounge_dynamic.gif
referrer.disqus.com/juggler/telemetry/ Frame A077
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/telemetry/lounge_dynamic.gif?embed=67&frame=1182&asset=202&render=2&total=1423&frame_rtt=230&config_rtt=9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 10:15:33 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A077
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://disqus.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 18:18:43 GMT
x-content-type-options
nosniff
age
57410
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Nov 2024 18:18:43 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A077
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://disqus.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 19:40:17 GMT
x-content-type-options
nosniff
age
52516
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Nov 2024 19:40:17 GMT
KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A077
17 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://disqus.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 07:27:52 GMT
x-content-type-options
nosniff
age
355661
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17368
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Nov 2024 07:27:52 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A077
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://disqus.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 31 Oct 2023 17:26:14 GMT
x-content-type-options
nosniff
age
578959
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Oct 2024 17:26:14 GMT
KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A077
17 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://disqus.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 20:27:18 GMT
x-content-type-options
nosniff
age
308895
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17032
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Nov 2024 20:27:18 GMT
event.gif
referrer.disqus.com/juggler/ Frame A077
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=286&event=init_embed&thread=9797558019&forum=welivesecurity&forum_id=2152520&imp=8lavrjp2p78qat&thread_slug=29694&user_type=anon&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&theme=next&dnt=0&tracking_enabled=0&experiment=prebidbidisrequired&variant=active&service=dynamic&promoted_enabled=true&max_enabled=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 10:15:33 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame A077
8 KB
8 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 07 Nov 2023 10:11:38 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
235
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
8170
x-xss-protection
1; mode=block
x-served-by
static-web-1
last-modified
Wed, 01 Nov 2023 19:12:20 GMT
server
nginx
etag
"6542a314-1fea"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
CEnSyquv1d6FT_PNPOiuHL29QPaQfS-WJlxNyoicjbOK70zhcvAODw==
expires
Tue, 07 Nov 2023 10:16:38 GMT
funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame A077
9 KB
9 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 07 Nov 2023 10:15:00 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
34
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
8883
x-xss-protection
1; mode=block
x-served-by
static-web-1
last-modified
Wed, 01 Nov 2023 19:12:20 GMT
server
nginx
etag
"6542a314-22b3"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
WMO_9mGuGFvtzIOjtwHVmixSqOMkBs1QhMgFAgqmDDqDKNkrQTSU1A==
expires
Tue, 07 Nov 2023 10:19:59 GMT
love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame A077
12 KB
12 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 07 Nov 2023 10:14:21 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
73
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
11910
x-xss-protection
1; mode=block
x-served-by
static-web-1
last-modified
Wed, 01 Nov 2023 19:12:20 GMT
server
nginx
etag
"6542a314-2e86"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
OTltRfGQKwc6EkfrrDJJ9sti_VxfBdnLztGvhJwlbBWWR7dj77SR-g==
expires
Tue, 07 Nov 2023 10:19:20 GMT
surprised-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame A077
7 KB
8 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/surprised-512x512.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 07 Nov 2023 10:14:36 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
57
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
7308
x-xss-protection
1; mode=block
x-served-by
static-web-2
last-modified
Wed, 01 Nov 2023 19:12:20 GMT
server
nginx
etag
"6542a314-1c8c"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
fTX_f4RmWN2w1WnPXiQD-yNNlik1vpQ6w8noJTa1sI-XUIRk_hSraw==
expires
Tue, 07 Nov 2023 10:19:36 GMT
angry-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame A077
20 KB
21 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/angry-512x512.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 07 Nov 2023 10:14:07 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
86
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
20675
x-xss-protection
1; mode=block
x-served-by
static-web-2
last-modified
Wed, 01 Nov 2023 19:12:20 GMT
server
nginx
etag
"6542a314-50c3"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
jqatk_CteAsoaLM7Y47rv9UGdR9l5YGJ9aJW2S7pwcOIHILGAClIJw==
expires
Tue, 07 Nov 2023 10:19:07 GMT
sad-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame A077
9 KB
9 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/sad-512x512.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&t_e=29694&t_d=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&t_t=29694&s_o=default&l=en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 07 Nov 2023 10:10:54 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA6-C1
age
281
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
8986
x-xss-protection
1; mode=block
x-served-by
static-web-2
last-modified
Wed, 01 Nov 2023 19:12:20 GMT
server
nginx
etag
"6542a314-231a"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
uAqCMW-J5rgqNxPie57vYiMj1xmy5LJY0MSIkRzJWtE_sHtJ2ugnOg==
expires
Tue, 07 Nov 2023 10:15:52 GMT
collect
region1.google-analytics.com/g/
0
45 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-FBY6B30C4M&gtm=45je3b60v889440112z86269785&_p=1699352131050&gcd=11l1l1l1l1&cid=600974809.1699352132&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=2&sid=1699352131&sct=1&seg=0&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&dt=MoustachedBouncer%3A%20Espionage%20against%20foreign%20diplomats%20in%20Belarus&en=cookie_consent_visible&ep.branch=en&ep.page_location_noquery=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoustachedbouncer-espionage-against-foreign-diplomats-in-belarus%2F&ep.hostname=www.welivesecurity.com&ep.useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.105%20Safari%2F537.36&ep.project_id=wls&ep.article_category=ESET%20Research&ep.article_date=2023%2F08%2F10&ep.article_section=(not%20set)&ep.author=Matthieu%20Faou&ep.blog_length=3k%2B&epn.publication_id=29694&ep.cookie_consent=b%3A1%7Ca%3A0%7Cm%3A0&_et=969&tfd=10489
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FBY6B30C4M&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 10:15:37 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.welivesecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s.go-mpulse.net
URL
https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Domain
s.go-mpulse.net
URL
https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| documentPictureInPicture object| $current_language object| BOOMR_mq string| BOOMR_API_key object| BOOMR number| BOOMR_lstart function| disqus_config object| dataLayer number| uidEvent object| __VUE_INSTANCE_SETTERS__ boolean| __INTLIFY_PROD_DEVTOOLS__ boolean| __VUE_I18N_FULL_INSTALL__ boolean| __VUE_I18N_LEGACY_API__ boolean| __VUE__ object| Prism object| DISQUS object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady string| myDomain object| links object| gaGlobal object| gaplugins object| gaData object| regeneratorRuntime boolean| cookie_debug number| BOOMR_onload object| $cookiebar

8 Cookies

Domain/Path Name / Value
www.welivesecurity.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IjYzam5xSmtVSWloc1pZMUk0c2IxNWc9PSIsInZhbHVlIjoiQzJXMUR4Y2FvaUFyaE16ZDg3MWtFQlAwczlKSFc0TEttbUZiRnJnbXgxQWZ4QmMzYXJaYW0wZzB0dVEwaEJWdCtSQXZkZm9ZY3NmNUhuT2tDWER3UHdaaWRraXFnbnJ1ZkRnM3pLUWt0a05aUFg1Uk5FSHJVSUFoZVJ5cTZUSGgiLCJtYWMiOiI3YmQwMDIxMDZmNDdiZmQ5MWQxZjlhZTZmODBlNDU3ZThiY2NmNzc5OGY3NTFjMmVlM2ZiNTc0MjM0NjNjMzEyIiwidGFnIjoiIn0%3D
www.welivesecurity.com/ Name: welivesecurity_session
Value: eyJpdiI6ImUwWm43VUVVMlA0eldQc1BKOFhFbEE9PSIsInZhbHVlIjoibEkxM3NKREU0S1BXd0hMdXJLRWZhZ3ZWdTlXNmdBcnc4cU5uZ2lpaDg0dDBOMGZIMEx1NisreXorS3R3Z3ZQRDZkZGpJaVdoY09IT2l5U3FXRXJoMXZaOXNLTStINi9pRGs4WTRjZnFuQWtvMUZ2WUVPNmVHMXBmMi9ETTVxNzIiLCJtYWMiOiIzNDQzMjg2NDRmOWQ3Zjc5OGVjMzI3NWY0ODUxMmY4NjZmMmJhYzE1MjIzOWUyYWNiZDQzZmVlNjNmOTk2MmM5IiwidGFnIjoiIn0%3D
.welivesecurity.com/ Name: TS01239cf7
Value: 0142213e1a9cfa3f648b36d65683fc19508fb661167c33c5d4a18060c8efc4b8ddc3aab3bbae71e73c0f210047274324815815fa05
.welivesecurity.com/ Name: AKA_A2
Value: A
.welivesecurity.com/ Name: _ga
Value: GA1.2.600974809.1699352132
.welivesecurity.com/ Name: _gid
Value: GA1.2.1187401472.1699352132
.podbean.com/ Name: cf_clearance
Value: ONub68_a1ote2p_seobmXgZnjN_KEV6mHYVJYrY74JA-1699352132-0-1-18881d84.b9065327.4f894264-0.2.1699352132
.welivesecurity.com/ Name: _ga_FBY6B30C4M
Value: GS1.1.1699352131.1.0.1699352132.0.0.0

14 Console Messages

Source Level URL
Text
security error URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/(Line 55)
Message:
Refused to load the script 'https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: about:blank
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/(Line 55)
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/(Line 55)
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/(Line 55)
Message:
Refused to load the script 'https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: about:blank
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://welivesecurity.disqus.com/embed.js(Line 46)
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://welivesecurity.disqus.com/embed.js(Line 46)
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://welivesecurity.disqus.com/embed.js(Line 46)
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://welivesecurity.disqus.com/embed.js(Line 46)
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://welivesecurity.disqus.com/embed.js(Line 46)
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://welivesecurity.disqus.com/
Message:
Refused to frame 'https://tempest.services.disqus.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com".
security error URL: https://welivesecurity.disqus.com/
Message:
Refused to frame 'https://tempest.services.disqus.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security max-age=15724800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.disquscdn.com
cdn.esetstatic.com
d8g345wuhgd7e.cloudfront.net
deow9bq0xqvbj.cloudfront.net
disqus.com
fonts.googleapis.com
fonts.gstatic.com
referrer.disqus.com
region1.google-analytics.com
s.go-mpulse.net
web-assets.esetstatic.com
welivesecurity.disqus.com
www.google-analytics.com
www.googletagmanager.com
www.podbean.com
www.welivesecurity.com
s.go-mpulse.net
151.101.128.134
18.154.63.69
18.66.97.108
199.232.196.134
2001:4860:4802:34::36
2600:9000:2057:ca00:6:8656:f5c0:93a1
2606:4700:10::6816:ca
2620:1ec:bdf::63
2a00:1450:4001:813::2008
2a00:1450:4001:81c::200a
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2003
2a02:26f0:780::210:ca08
52.142.86.50
02df3c4ef02c54fd7dfac200333f7a275ca6b26d886113d25249dd0b6c5a64c9
0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8
05ad1b3feedcde663d265a2c36cfb2f09b9da81b8f91b9ef65880fc6ec74a450
068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95
09a63f4c2c6069eb36175c4f83c34fcea4aea1566514b97960f2ba5eeeb0382b
09c92490e220e92585308be41cdc7e18132c396be2e2fb03c56b5d6d5fa2b6bb
0b5f1a6d738d2c76b21d0e0d47794ba662936f6e0aaddc8757915a5daa597517
0b79346856f6d7a243f62ac5ea59072eed76499c0a66e23aad7547a6fbef5d84
0bc3f92dc96660c065730c77963fb93c77d4a188cac56dfb42027c021b3bfc69
0e61e73de213b2b6bb1bfd075987db8ae8864fa1eef21ad0bc19aa83fe5c29d3
11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a
16ef334519f468f75f7e6e6925d0a33619fbc6252da70b95dfaffba54ae5f9f3
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
261e3ac5dbb4ba8069ecba539a13b971d2e147981f4573e993410d8bd6de0037
2bf9f000fd1e1420d98ad242d6ad9bfcd2a45536efc18fd44f558fbe85b337eb
2e2bd04830284b1213ff750c78c3bfc653a66619880750a8239250a298046c14
31f4bc726f2849a3c8f77f8432b635d2d4529a3ff80b669fc9e21b0ed1c81ea7
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
374f9532448cb81aaf086c9d603092c9101a0ca760d82209fb0784da3c7acce3
39d2bbc6606d965c4feb5b107e90d14cd556bc9abac8417dd86862b078e3efa1
3afd484a2c1f034c849208f72ecc7c890a6a1eece516b9cdb32697c81cc4ce7e
3b023d530cf8135a10a4ae63df1cb4f1347f91865709d94df31941d2627c0027
40494b653a0f9485c88432191eaace18e7dff8646f45114d6007fe19da129e34
405f32580b4440f0ddf2af9fcfd37fc9a863fde26b57b5623a9b188d61d47166
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4cad214a2eeb48599ea314d32d2685f6554fe548be21add2f606db059530506e
4d62357b4f7dba582b8a022436fc1962ed497886c9967fc326465664854d43bb
4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
4eaf17f0efc0c1bf847b76a313d94fd0031111705c380b8becacbe3508116dc2
547d64d9586e701e83fd750596ba4ad00437294bbb2377e68d38823b0d097911
5b48f6816b1d42e1a55c95be2ee612383e20c3b0ac092d8a8934a25ae34924c6
5d5d9e6176adb142f4754c0acc14377fbe497e5e7b525a25c4b6e83c851a87a1
5d5ff1a0615dad14a91c07bd20f46a127ce95304df3c018603a4f552e915bd0a
5dc3e215513196ed7366d982c6802fd5700f6cfcc8a9230f392d9c4dce68dc9f
606ea62b1a8a1e2b24b9e0eafef0757cea22f73f3956d6548611f7c26c4551b5
61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59
644fbb688b94c602990a4988d379d439a5151ea782e06496cb6347cbbb64e49d
6572478fbf8e29ee8109a22286fd9f82330fae739c518b58d5f37df25e17ea37
6b20715fe428201c1d31a8a7a203133eb91d8bb83baabf985160805b1b54fd44
6b9315d604b1a0be9a4923956d291804ddbdb807ceae1b4f899dcbaff0c566c6
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
6e90d72967b23843bd698bf0c2cb3fc06328c581ae4dafb58197e5367c5f1786
7383c374850fea6e5ceefb672efacd2a022539b438836e9d9ab957acad9f898d
757bce6845203c87f7a07b4f0aeda8e292a022bb642742acde30e7422f720e9f
77b819de55e006efc8ecdd1c227a4c1b6ea8b218ebe45bec90e6534791bceeb0
7fcd842d5598c5e2f60cd3f5a5ecca32465d726c5653ed1d422a508563540ac0
81c6b83370e67ce6ecf96bab811667aceda4568bde1e129ffd08efe36b2dc179
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8419011588b9ce653cc636c9b274257d8151cca4e5ad00eb46ad22bdd937866e
8864fa1f3693203d1ba51b1478bcf3a746bc70fcf7cb0fe68f22e2f262b6eef7
8885b88667beb8538140ecc550853e59d12e85fbd73dd70d4487b6cc757d8a2b
8a794652e19438d5f44b73d439d216b05e7889b352d209e533cf9de3a0f0407a
8b2c02e3dcaf6c284e857beb30bd5459a3eab22b90aac5d5af254f4298c692fb
8b67a0820b92ad626dd7204b203736274c68fa2cb1a107077d571e60f6dedf96
8f12e963e7772718bf6db7cd88a2d99e1f26df6cce6358d27ead9a9ea01f9a3b
956f61e41e263b6074a58cbcb2eb181014e8c8e277388ebd98cc0d59921577f4
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
9abd76a570978a6e72fbed97f1142cb2e7b4fa20b22a1241fefbce251416bf7e
a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69
a743078e9f936f9501549be5a1ca71f03914c80b588f687bcbe43b0b4063d658
a8d53db15b893b917fc27f03199c91dc6d7b81073973df3730100f45bd4e8464
ab4051fbd2ea8c5b8b014fe3d0da021ed063349bd41b35a4e1835486db8aad02
ad545c3cc523a2bb322e47223eafc987dfa087fdf5bc18e8b24a879e51f88dc1
aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
c2b12c08c3cee083b393f275b62c51fb6ceeddf44fb7a4a5ad7d8a15c5db10e9
c30fab4e51dfe05565d9448f492474a53ce1dd77e603dd3a62fb08167905abae
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d258255f8d4b26a86043c320916e9f941173077c37cf4a574c8c0f7b197a98dc
d9f3fc3166e2d314f58ab139c6db722a87d84f470f9f565b7c5f4f3bef1fc14b
dafc1ba973219dc8cec5f350c812513bdf34144b1868f90e701e0f87f3dbdc1f
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984
dc14b3341a10d1867708850459c8ab87a5a4fef6f8f7ef1a68538e5b64d4ed9e
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
ddf0e65e326bc99627ac2d1df7babf8780bb64fe4fa08bb1a0e5d772fb2e3c94
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df411420efe3c7ca46a26c969ba790335e06c51f843f25b201a725724141f75b
e3136ed18810649908a21e1af3d5ed10eb6f0b06f8e7653362e2303870aaf8b8
e3625c4c1b10a8e8b5fb271f45549d6d68e0a9c462062fc927709ea7ab285ca5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
e7f4566d6dc58daf510bd56cdf9f8be668aadd99bd876e7669075351b6d81256
e8538d2c430441dbe08faf989e525daea9521bb2c6291fe76e4de21d02fb7f9c
e90148ce32dc521b550642fe6b01b23882950d5719f9e7e4d70c56bfa81224b5
e9d5fa7dbd42331253c178a9fb1ce2aaac7543c8667326489b58d4ab3a51abfd
ec800a5bcb2d4e57adcc0c7ec3d69427ac3e392d4a0302891dd76fb80ffd0bfd
ec9eb3515b0c462b663eb6e45a8c8d3de6993077cac8f05f30fbce263d1659c3
ed915d2176566b841f0e01e7632ce7a20b023cbcb4f5976a6015284fccd8a865
f287e8f1f1ca06ab9b9722754f161af276ade4f32260fe348779b150336cb87b
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f803a45cf4d9e8ba42835b13c1e7ec161d7ea7adf4490793a36758d7c2f1d7a8
faa008f814aa818069ce653c96e93006602380b53598d26446dffa2ba849da1b
fb368ecc6adf8f5ee0f8539200037978990e6f0d3bd61e255fbfc1cc079d0103
feefe5f7fd9629ef08a9c4ac266e27fdbf0fd13412b4a7dd56ccbbe1692e834b