URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Submission: On July 12 via api from TR — Scanned from DE

Summary

This website contacted 48 IPs in 5 countries across 30 domains to perform 171 HTTP transactions. The main IP is 2606:4700::6812:1d4a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com. The Cisco Umbrella rank of the primary domain is 63196.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 28th 2024. Valid for: a year.
This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
53 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:223... 16509 (AMAZON-02)
1 151.101.2.132 54113 (FASTLY)
9 2606:4700::68... 13335 (CLOUDFLAR...)
1 54.155.176.252 16509 (AMAZON-02)
2 52.17.195.126 16509 (AMAZON-02)
7 104.17.70.206 13335 (CLOUDFLAR...)
7 2600:1f18:e8a... 14618 (AMAZON-AES)
1 2606:4700:440... 13335 (CLOUDFLAR...)
3 54.244.10.119 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 142.250.185.164 15169 (GOOGLE)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 88.221.60.75 16625 (AKAMAI-AS)
11 2.17.100.193 20940 (AKAMAI-ASN1)
1 4 2600:9000:26d... 16509 (AMAZON-02)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
5 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 2606:4700:440... 13335 (CLOUDFLAR...)
3 172.64.150.44 13335 (CLOUDFLAR...)
1 35.244.142.80 15169 (GOOGLE)
1 18.172.103.101 16509 (AMAZON-02)
1 34.238.149.65 14618 (AMAZON-AES)
1 2600:9000:237... 16509 (AMAZON-02)
6 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.186.67 15169 (GOOGLE)
1 2 142.250.186.166 15169 (GOOGLE)
1 142.250.185.70 15169 (GOOGLE)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 34.111.208.231 396982 (GOOGLE-CL...)
1 37.252.173.215 29990 (ASN-APPNEX)
1 2a02:26f0:ab0... 20940 (AKAMAI-ASN1)
1 2a05:d018:cc3... 16509 (AMAZON-02)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 34.249.128.42 16509 (AMAZON-02)
1 13.35.58.58 16509 (AMAZON-02)
1 18.66.122.72 16509 (AMAZON-02)
2 76.223.9.105 16509 (AMAZON-02)
1 44.212.189.233 14618 (AMAZON-AES)
2 34.210.219.79 16509 (AMAZON-02)
4 104.16.118.43 13335 (CLOUDFLAR...)
1 104.16.117.43 13335 (CLOUDFLAR...)
1 34.212.4.35 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
171 48
Apex Domain
Subdomains
Transfer
60 zscaler.com
www.zscaler.com — Cisco Umbrella Rank: 63196
info.zscaler.com — Cisco Umbrella Rank: 541194
1 MB
12 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5073
c.6sc.co — Cisco Umbrella Rank: 6994
ipv6.6sc.co — Cisco Umbrella Rank: 5182
b.6sc.co — Cisco Umbrella Rank: 3153
22 KB
9 crazyegg.com
script.crazyegg.com — Cisco Umbrella Rank: 2603
tracking.crazyegg.com — Cisco Umbrella Rank: 4950
pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 6156
assets-tracking.crazyegg.com — Cisco Umbrella Rank: 5929
87 KB
9 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 332
183 KB
8 iseaskies.com
ob.iseaskies.com — Cisco Umbrella Rank: 717812
obs.iseaskies.com — Cisco Umbrella Rank: 535256
40 KB
7 google.com
www.google.com — Cisco Umbrella Rank: 5
region1.analytics.google.com — Cisco Umbrella Rank: 3541
6 intellimize.co
cdn.intellimize.co — Cisco Umbrella Rank: 48265
api.intellimize.co — Cisco Umbrella Rank: 39962
log.intellimize.co — Cisco Umbrella Rank: 37734
97 KB
5 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4279
ws-assets.zoominfo.com — Cisco Umbrella Rank: 11815
30 KB
5 bing.com
bat.bing.com — Cisco Umbrella Rank: 326
31 KB
5 adroll.com
s.adroll.com — Cisco Umbrella Rank: 3250
d.adroll.com — Cisco Umbrella Rank: 1635
30 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 333
px4.ads.linkedin.com — Cisco Umbrella Rank: 5939
2 KB
4 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 133
8541430.fls.doubleclick.net — Cisco Umbrella Rank: 311941
ad.doubleclick.net — Cisco Umbrella Rank: 169
1 KB
4 mountain.com
dx.mountain.com — Cisco Umbrella Rank: 5778
px.mountain.com — Cisco Umbrella Rank: 5827
gs.mountain.com — Cisco Umbrella Rank: 11846
11 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 72
398 KB
3 zi-scripts.com
js.zi-scripts.com — Cisco Umbrella Rank: 6036
4 KB
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 23740
ibc-flow.techtarget.com — Cisco Umbrella Rank: 21319
2 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 8140
706 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 116
4 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 191
74 KB
1 acsbapp.com
acsbapp.com — Cisco Umbrella Rank: 4259
cdn.acsbapp.com Failed
93 KB
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 486
699 B
1 google.de
www.google.de — Cisco Umbrella Rank: 9452
63 B
1 rudderlabs.com
cdn.rudderlabs.com — Cisco Umbrella Rank: 9971
35 KB
1 adsrvr.org
js.adsrvr.org — Cisco Umbrella Rank: 1479
insight.adsrvr.org Failed
5 KB
1 pdst.fm
cdn.pdst.fm — Cisco Umbrella Rank: 4001
22 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 779
14 KB
1 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3688
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 589
295 B
1 intellimizeio.com
117186981.intellimizeio.com — Cisco Umbrella Rank: 742024
0 rudderstack.com Failed
api.rudderstack.com Failed
171 30
Domain Requested by
53 www.zscaler.com www.zscaler.com
js.zi-scripts.com
9 cdn.cookielaw.org www.zscaler.com
cdn.cookielaw.org
8 b.6sc.co
7 obs.iseaskies.com ob.iseaskies.com
www.zscaler.com
7 info.zscaler.com www.zscaler.com
info.zscaler.com
6 region1.analytics.google.com www.googletagmanager.com
6 script.crazyegg.com www.googletagmanager.com
script.crazyegg.com
5 bat.bing.com www.googletagmanager.com
bat.bing.com
4 ws.zoominfo.com js.zi-scripts.com
ws-assets.zoominfo.com
4 s.adroll.com 1 redirects www.googletagmanager.com
s.adroll.com
4 www.googletagmanager.com www.zscaler.com
www.googletagmanager.com
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 js.zi-scripts.com www.zscaler.com
js.zi-scripts.com
3 log.intellimize.co cdn.intellimize.co
2 px.mountain.com dx.mountain.com
px.mountain.com
2 epsilon.6sense.com j.6sc.co
2 www.facebook.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 8541430.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 connect.facebook.net www.zscaler.com
connect.facebook.net
2 j.6sc.co www.googletagmanager.com
j.6sc.co
2 api.intellimize.co cdn.intellimize.co
1 acsbapp.com www.zscaler.com
1 gs.mountain.com px.mountain.com
1 ws-assets.zoominfo.com js.zi-scripts.com
1 assets-tracking.crazyegg.com script.crazyegg.com
1 pagestates-tracking.crazyegg.com script.crazyegg.com
1 tracking.crazyegg.com script.crazyegg.com
1 d.adroll.com s.adroll.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 secure.adnxs.com j.6sc.co
1 px4.ads.linkedin.com
1 ad.doubleclick.net
1 www.google.de
1 stats.g.doubleclick.net www.googletagmanager.com
1 cdn.rudderlabs.com www.zscaler.com
1 dx.mountain.com www.zscaler.com
1 js.adsrvr.org www.googletagmanager.com
1 cdn.pdst.fm www.zscaler.com
1 trk.techtarget.com www.zscaler.com
1 snap.licdn.com www.googletagmanager.com
1 munchkin.marketo.net www.zscaler.com
1 www.google.com www.googletagmanager.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 117186981.intellimizeio.com cdn.intellimize.co
1 cdn.intellimize.co www.zscaler.com
1 ob.iseaskies.com www.zscaler.com
0 cdn.acsbapp.com Failed acsbapp.com
0 api.rudderstack.com Failed cdn.rudderlabs.com
0 insight.adsrvr.org Failed js.adsrvr.org
171 51
Subject Issuer Validity Valid
www.zscaler.com
DigiCert SHA2 Extended Validation Server CA
2024-02-28 -
2025-02-23
a year crt.sh
*.iseaskies.com
Amazon RSA 2048 M02
2024-06-18 -
2025-07-18
a year crt.sh
cdn.intellimize.co
R3
2024-05-14 -
2024-08-12
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2024-03-01 -
2024-12-31
10 months crt.sh
*.intellimizeio.com
Amazon RSA 2048 M03
2023-10-25 -
2024-11-22
a year crt.sh
api.intellimize.co
Amazon RSA 2048 M02
2023-10-25 -
2024-11-22
a year crt.sh
info.zscaler.com
Cloudflare Inc ECC CA-3
2023-10-08 -
2024-10-07
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2023-11-13 -
2024-11-12
a year crt.sh
log.intellimize.co
Amazon RSA 2048 M03
2023-10-24 -
2024-11-21
a year crt.sh
*.google-analytics.com
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
*.google.com
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
script.crazyegg.com
E1
2024-06-03 -
2024-09-01
3 months crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2023-12-08 -
2024-12-11
a year crt.sh
6sc.co
R11
2024-07-03 -
2024-10-01
3 months crt.sh
s.adroll.com
Amazon RSA 2048 M02
2024-05-03 -
2025-06-01
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04
2024-06-19 -
2024-12-16
6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-04-20 -
2024-07-19
3 months crt.sh
trk.techtarget.com
GTS CA 1P5
2024-05-24 -
2024-08-22
3 months crt.sh
zi-scripts.com
GTS CA 1P5
2024-05-27 -
2024-08-25
3 months crt.sh
cdn.pdst.fm
WR3
2024-05-17 -
2024-08-15
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2024-04-23 -
2025-05-25
a year crt.sh
*.mountain.com
Go Daddy Secure Certificate Authority - G2
2024-05-23 -
2025-06-24
a year crt.sh
*.rudderlabs.com
Amazon RSA 2048 M03
2024-05-14 -
2025-06-12
a year crt.sh
*.g.doubleclick.net
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
*.google.de
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
*.doubleclick.net
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-07-01 -
2025-01-01
6 months crt.sh
ibc-flow.techtarget.com
WR3
2024-07-02 -
2024-09-30
3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2024-02-14 -
2025-03-16
a year crt.sh
d.adroll.com
Amazon RSA 2048 M01
2023-10-09 -
2024-11-07
a year crt.sh
crazyegg.com
Amazon RSA 2048 M03
2024-05-24 -
2025-06-23
a year crt.sh
*.6sense.com
Amazon RSA 2048 M03
2024-03-31 -
2025-04-29
a year crt.sh
44.212.189.233
Sectigo RSA Domain Validation Secure Server CA
2024-01-26 -
2025-02-15
a year crt.sh
zoominfo.com
E5
2024-06-17 -
2024-09-15
3 months crt.sh
acsbapp.com
WE1
2024-06-20 -
2024-09-18
3 months crt.sh

This page contains 5 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Frame ID: 5707CC932EE3DA4FC562360C44359BB3
Requests: 161 HTTP requests in this frame

Frame: https://117186981.intellimizeio.com/storage.html
Frame ID: 6AAC8A74C81772B3304C010E6228F5B6
Requests: 1 HTTP requests in this frame

Frame: https://info.zscaler.com/index.php/form/XDFrame
Frame ID: 4A14FCD8D9D955AC32F911949A9663AF
Requests: 2 HTTP requests in this frame

Frame: https://8541430.fls.doubleclick.net/activityi;dc_pre=CJusrdW2oIcDFVhnHgIdsYMiXg;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1;ps=1;pcor=617760998;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4790v9189953520z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1
Frame ID: B6320DBF9C7BDE0D8313EA7D41DAC64A
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&upid=27hmsyx&upv=1.1.0
Frame ID: FB19CB3DA66585F8A50AAA95D9A20DF5
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:a|s)\.adroll\.com

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

171
Requests

94 %
HTTPS

43 %
IPv6

30
Domains

51
Subdomains

48
IPs

5
Countries

2592 kB
Transfer

7646 kB
Size

43
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 106
  • https://8541430.fls.doubleclick.net/activityi;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1;ps=1;pcor=617760998;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4790v9189953520z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1 HTTP 302
  • https://8541430.fls.doubleclick.net/activityi;dc_pre=CJusrdW2oIcDFVhnHgIdsYMiXg;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1;ps=1;pcor=617760998;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4790v9189953520z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1
Request Chain 113
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720750371843&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1 HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720750371843&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&e_ipv6=AQJdtNYD9YNI-gAAAZCktvS8c999Xrj6F8Xjh5h3kH7mNOdEJT9OB1zBzmGyNCCbJGlca0yV
Request Chain 114
  • https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js HTTP 302
  • https://s.adroll.com/j/pre/index.js

171 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request dodgebox-deep-dive-updated-arsenal-apt41-part-1
www.zscaler.com/blogs/security-research/
425 KB
75 KB
Document
General
Full URL
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Next.js
Resource Hash
31c0f218e3455c2a2bddeab89ea1bc84fd88006c188858560c27babba88f4b6b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/;
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age
360
cache-control
public,max-age=0,must-revalidate
cache-status
"Netlify Edge"; hit
cf-cache-status
DYNAMIC
cf-ray
8a1d82b48f313669-FRA
content-encoding
br
content-security-policy
default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/;
content-type
text/html; charset=utf-8
date
Fri, 12 Jul 2024 02:12:50 GMT
netlify-vary
header=x-nextjs-data|x-next-debug-logging|Accept-Encoding,cookie=__prerender_bypass|__next_preview_data
server
cloudflare
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN https://cms.zscaler.com
x-nextjs-date
Fri, 12 Jul 2024 02:09:12 GMT
x-nf-request-id
01J2JBDV7WS7K8DAQ28H7CEK3D
x-powered-by
Next.js
x-xss-protection
1; mode=block
1395e54b70b06b444656a2f40c135374.js
ob.iseaskies.com/i/
103 KB
38 KB
Script
General
Full URL
https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:b000:c:d449:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Caddy /
Resource Hash
d06d5e37644f6addafd8e549dbd74a48bf443b4b06b75172009bc56cd38c42f8

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 20:06:04 GMT
content-encoding
gzip
via
1.1 0162e02b2d0212054988a68716227daa.cloudfront.net (CloudFront)
server
Caddy
x-amz-cf-pop
FRA56-P5
age
22142
etag
"19b6a-lQjTGzpNIpjLyi1dMtcyZJOfQoo"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=43200
content-length
38468
x-amz-cf-id
cn91YpxCngOdoZRSyB4N2-w1Ik-pgeF9bzkUfzGLeSrsVjmSv8ZiSA==
expires
Fri, 12 Jul 2024 08:03:48 GMT
117186981.js
cdn.intellimize.co/snippet/
386 KB
95 KB
Script
General
Full URL
https://cdn.intellimize.co/snippet/117186981.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
43c880020f0066f53b26eb86950864824babe58c4ec316f8598417219acaa432
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-served-by
cache-fra-etou8220041-FRA
date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
168
x-timer
S1720750370.249455,VS0,VE1
etag
"073e721f0954ebc96b57517e8cd70d65d--gzip"
vary
Intellimize-Namespace, Intellimize-StatusModule, Accept-Encoding
x-cache
HIT
content-type
application/javascript;charset=utf-8
cache-control
max-age=0, must-revalidate
accept-ranges
bytes
content-length
96831
x-cache-hits
0
OtAutoBlock.js
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/
170 KB
27 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/OtAutoBlock.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e7e36f3f88692d69244aa905916aabc0e00bcc987bbc4cef85324e8c3733266
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
48147
content-md5
xD1AeAP0mkjc7DsdK25Fqg==
content-length
27724
x-ms-lease-status
unlocked
last-modified
Wed, 26 Jun 2024 09:57:51 GMT
server
cloudflare
etag
0x8DC95C670FC37F2
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
91e37ac3-e01e-0042-16af-c7b89e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a1d82b62c1d9262-FRA
expires
Sat, 13 Jul 2024 02:12:50 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XOljGHrVMK6J8mT+Nl48OQ==
age
66634
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Wed, 10 Jul 2024 06:35:23 GMT
server
cloudflare
etag
0x8DCA0AA79F8EE11
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
7f47775b-701e-0003-78f9-d2908d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a1d82b62c1e9262-FRA
image
www.zscaler.com/_next/
296 KB
296 KB
Image
General
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fblog-tile-img-700x467-ransomware%2520copy.jpeg&w=3840&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e363ebde1a4d256bd695d54e646deaa72ced39ea8dd4db84d9622a433b8cbc13
Security Headers
Name Value
Content-Security-Policy ,
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCVHEMBK8G9SR7A0C63
date
Fri, 12 Jul 2024 02:12:50 GMT
content-security-policy
,
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload
cf-cache-status
DYNAMIC
age
52466
cross-origin-resource-policy
cross-origin
content-length
302809
last-modified
Thu, 11 Jul 2024 11:38:24 GMT
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server
cloudflare
cache-status
"Netlify Edge"; fwd=stale
vary
Accept
content-type
image/avif
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a1d82b5bfe43669-FRA
219e54771de95554-s.p.woff2
www.zscaler.com/_next/static/media/
37 KB
37 KB
Font
General
Full URL
https://www.zscaler.com/_next/static/media/219e54771de95554-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCVDQJ3W8HQ3JSK954C
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
age
21018
cache-status
"Netlify Edge"; hit
etag
"babaa13f5c4ebc035bab259b01678acd-ssl"
content-type
font/woff2
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
8a1d82b5bfdb3669-FRA
content-length
37876
86085b213eb89904-s.p.woff2
www.zscaler.com/_next/static/media/
39 KB
39 KB
Font
General
Full URL
https://www.zscaler.com/_next/static/media/86085b213eb89904-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCXKQWVKTTRCTB37VNX
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
age
21018
cache-status
"Netlify Edge"; hit
etag
"894b88dea44b3eea86047b5a14f70bd6-ssl"
content-type
font/woff2
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
8a1d82b5bfde3669-FRA
content-length
40264
9cdafb0650413334-s.p.woff2
www.zscaler.com/_next/static/media/
39 KB
40 KB
Font
General
Full URL
https://www.zscaler.com/_next/static/media/9cdafb0650413334-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCXXSXJHN95QNRDV3BF
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
age
51813
cache-status
"Netlify Edge"; hit
etag
"df72b7565a3dbb7f09aca50548800425-ssl"
content-type
font/woff2
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
8a1d82b5bfdf3669-FRA
content-length
40336
4012cc4b67ad157d-s.p.woff2
www.zscaler.com/_next/static/media/
9 KB
10 KB
Font
General
Full URL
https://www.zscaler.com/_next/static/media/4012cc4b67ad157d-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCW54QDZQGA9SDCKZKD
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
age
52498
cache-status
"Netlify Edge"; hit
etag
"c6972ec112502e69799d66e6952e00da-ssl"
content-type
font/woff2
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
8a1d82b5bfe03669-FRA
content-length
9592
41998fdc1b8220a0-s.p.woff2
www.zscaler.com/_next/static/media/
9 KB
10 KB
Font
General
Full URL
https://www.zscaler.com/_next/static/media/41998fdc1b8220a0-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCYCTVA0YWQ8T92H11N
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
age
51891
cache-status
"Netlify Edge"; hit
etag
"9bd07d3df76f4f2bde51ff4f6856a884-ssl"
content-type
font/woff2
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
8a1d82b5bfe13669-FRA
content-length
9620
edb9f1eb1c1a7ead-s.p.woff2
www.zscaler.com/_next/static/media/
9 KB
9 KB
Font
General
Full URL
https://www.zscaler.com/_next/static/media/edb9f1eb1c1a7ead-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCYHT9PWSFZ9Y6PTZTE
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
age
51986
cache-status
"Netlify Edge"; hit
etag
"05b344f4b2133542bb04a3fa3940eb19-ssl"
content-type
font/woff2
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
8a1d82b5bfe23669-FRA
content-length
8780
ce9b84dce7581e2b-s.p.woff2
www.zscaler.com/_next/static/media/
9 KB
9 KB
Font
General
Full URL
https://www.zscaler.com/_next/static/media/ce9b84dce7581e2b-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD4BJTAP2QBTG5B9NAN
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
age
52397
cache-status
"Netlify Edge"; hit
etag
"6f9138b6bf5773aec5477a54d805b48a-ssl"
content-type
font/woff2
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
8a1d82b5bfe33669-FRA
content-length
8764
d5e9b57557ce294f.css
www.zscaler.com/_next/static/css/
102 KB
21 KB
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/d5e9b57557ce294f.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
101b9bde526650e874429f01df4b9a53660d9c328a072bef8a31607d27f35d0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBT29T2V09X6473REB7
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51891
cache-status
"Netlify Edge"; hit
etag
W/"09779461a6297a2f63f2dce383e68f99-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fb53669-FRA
b0bb3f2a3b7edfcf.css
www.zscaler.com/_next/static/css/
93 KB
10 KB
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/b0bb3f2a3b7edfcf.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b313dd302550e78e611dd129c0fc501e5544450488c199b44eb20107f69eba3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBT5GKD841XPE6WPP78
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
38114
cache-status
"Netlify Edge"; hit
etag
W/"e42921e5c093e8e5a448834c416651ca-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fb63669-FRA
d5d8f2847c08eecd.css
www.zscaler.com/_next/static/css/
76 KB
10 KB
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/d5d8f2847c08eecd.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
464a2a89ca6b0b827fd9598bf6d2dccf5f072cacf0b0f0423f7d30f0e97ce135
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBM1N7H24HMQF0SG1S7
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51891
cache-status
"Netlify Edge"; hit
etag
W/"a195c39c18bdcd9ea82cf23ccd282a73-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fb73669-FRA
60ab7ffa9f7999ec.css
www.zscaler.com/_next/static/css/
849 B
390 B
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/60ab7ffa9f7999ec.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBV6CJ1GZ3N3K1KC1NQ
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
52022
cache-status
"Netlify Edge"; hit
etag
W/"5c59d05d39e571427d40dd8d09b3cdb1-ssl"
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fb83669-FRA
54b114f76a2643a4.css
www.zscaler.com/_next/static/css/
14 KB
2 KB
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/54b114f76a2643a4.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBV9MKVFYWARPJWWJZ8
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
52023
cache-status
"Netlify Edge"; hit
etag
W/"b3b28bba19cd8cc9e623e240c2173191-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fb93669-FRA
f5464589614907bb.css
www.zscaler.com/_next/static/css/
6 KB
1 KB
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/f5464589614907bb.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87565af07d1cabde211838c4025996136c7bb2db2507c920c0e36eb92924611a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBVW5QRHXBAN4B6T943
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51461
cache-status
"Netlify Edge"; hit
etag
W/"18314490c5b1ab3d98a7816fd0e87e72-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fba3669-FRA
455227249223c84c.css
www.zscaler.com/_next/static/css/
7 KB
1 KB
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/455227249223c84c.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBRSF2F4WSC7MYN8NGW
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
47285
cache-status
"Netlify Edge"; hit
etag
W/"5e804ffd42b47c9b8cd3dd20a421e789-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fbc3669-FRA
b6d3c529ebda7335.css
www.zscaler.com/_next/static/css/
18 KB
3 KB
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/b6d3c529ebda7335.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cfc7e7ef1b5a3b8ca8dc185554f0a13e93b88e1ea66e131cb8d8a922039aca7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBZR7VKF0FEDCY4HM76
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51954
cache-status
"Netlify Edge"; hit
etag
W/"81a94e2ddda02a299099b2c339671b41-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fbd3669-FRA
d34fc117d4462dbb.css
www.zscaler.com/_next/static/css/
7 KB
1 KB
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/d34fc117d4462dbb.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBWB39SF03B70QR9MTM
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51891
cache-status
"Netlify Edge"; hit
etag
W/"2a8acaa7178d13abe2617ddf64fd1a8d-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fbe3669-FRA
e27f531b9a37c033.css
www.zscaler.com/_next/static/css/
93 KB
12 KB
Stylesheet
General
Full URL
https://www.zscaler.com/_next/static/css/e27f531b9a37c033.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d204de42c94a582ed354d118362d3258d28bd540353a85b4f60c84ea3e2c2d58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVBQ8WQ1CESWKGGFDWH8
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51679
cache-status
"Netlify Edge"; hit
etag
W/"2f825818564ce44e115bbc92553160b0-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b57fc03669-FRA
7566.d1be4a11c0638f59.js
www.zscaler.com/_next/static/chunks/
10 KB
4 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/7566.d1be4a11c0638f59.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af26d202b6d2736172ff073329e6f14d009024925757d31c4b4bde701bcde4e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCXAKMTNNMD5XH3T8JK
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51986
cache-status
"Netlify Edge"; hit
etag
W/"40e13db5fda0d9eebd6071a9cb3cc974-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bfe63669-FRA
6738.730a2c798cb6864c.js
www.zscaler.com/_next/static/chunks/
12 KB
4 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/6738.730a2c798cb6864c.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
974c75cae56258569c9e08ba3e7c89556dfa21cb979b1106d91171d20c42d82b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD3VQM9C2EE3HY3XRVA
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51986
cache-status
"Netlify Edge"; hit
etag
W/"28a804022535c867a74150c42c38caa7-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bfe83669-FRA
537.8ad21235b8edef2f.js
www.zscaler.com/_next/static/chunks/
604 B
434 B
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/537.8ad21235b8edef2f.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD21YSS7PCE4VHVG764
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
52235
cache-status
"Netlify Edge"; hit
etag
W/"d9f5c31ba3339a24433c535485fd1646-ssl"
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bfe93669-FRA
8338.3539dfc7fa5c0856.js
www.zscaler.com/_next/static/chunks/
112 KB
36 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/8338.3539dfc7fa5c0856.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82597ca5e9f0b28679550d3daf2838062560cb46eae1c623b8ed40704ae82dc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCZTCH0AW7F7PDH5SAD
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51374
cache-status
"Netlify Edge"; hit
etag
W/"c9fdf90c0e8e740d5985bf02b6b033d1-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bfea3669-FRA
4194.070e0240ce0515d3.js
www.zscaler.com/_next/static/chunks/
3 KB
1 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/4194.070e0240ce0515d3.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2d13675b5f834ac007b37d59e7dc7b216dce2beefc3111ecfb91b321987685b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD27VZFDFQDJT5GDCET
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51987
cache-status
"Netlify Edge"; hit
etag
W/"cab4aa8f11b883ed204fc3635d9b7ded-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bfeb3669-FRA
9775.4e644e67504dd055.js
www.zscaler.com/_next/static/chunks/
3 KB
1 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/9775.4e644e67504dd055.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
538fcc9b374b95f2ffa196d787ca885a3509d02ff1f4adbbb05089a9c83ba72f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD6TQQKAXVA22BCWXZ1
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51954
cache-status
"Netlify Edge"; hit
etag
W/"1caedf0572f93a14d23c7c465901329f-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bfec3669-FRA
1306.30fcfd274fc12aa4.js
www.zscaler.com/_next/static/chunks/
9 KB
3 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/1306.30fcfd274fc12aa4.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b05f7b79179d50668be76cd6b4ba41ddb162deb9e674ade630e9942b4e7c335
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD5DKSS4KR6FRDKT319
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51813
cache-status
"Netlify Edge"; hit
etag
W/"d7d191f8aca8571f70f012a18d173ce2-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bfed3669-FRA
2284.69c038dad74418e7.js
www.zscaler.com/_next/static/chunks/
3 KB
2 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/2284.69c038dad74418e7.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
910c87a7713a41f3e459123f902e195eee2fb9eee25a9aa58566ea73c1914eb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD2SZZVFFRXEHEE1HJV
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51460
cache-status
"Netlify Edge"; hit
etag
W/"641bb9be7c6555ddb1e9d3041a67bc79-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bfee3669-FRA
893.dd6f1c903a6e7573.js
www.zscaler.com/_next/static/chunks/
43 KB
14 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/893.dd6f1c903a6e7573.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e89b63ab295246ae2aeb6c6084e9ff457edb842c2e7a4cc378e0fef45589d60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD23YB8Q2KYK19PQTQX
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
52062
cache-status
"Netlify Edge"; hit
etag
W/"6e3ff926a8bce305b16afadecabae622-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bff03669-FRA
webpack-8e7d39158b930c2a.js
www.zscaler.com/_next/static/chunks/
11 KB
6 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/webpack-8e7d39158b930c2a.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52048c0a408bad15148e9734bae7bc41703fa0cea42b1f341f35a81eaaa510ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD6R96A74FFF94SNYQE
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
52498
cache-status
"Netlify Edge"; hit
etag
W/"34a7fad736f03b9c745a8ade6ab501a9-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bff33669-FRA
framework-0e8d27528ba61906.js
www.zscaler.com/_next/static/chunks/
138 KB
45 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/framework-0e8d27528ba61906.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd06da99f01b4d5e3fc4c54e4e3cf4ae18803c08bc113e4cb923638d6e683278
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD7SRQ1FDFW4Y7ENZZY
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51515
cache-status
"Netlify Edge"; hit
etag
W/"6a439261d41a2394a03e0a4354d7bfdd-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bff43669-FRA
main-7c8d262537cac334.js
www.zscaler.com/_next/static/chunks/
111 KB
33 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c52c74d5f72fba35bbb92461ac20ea6d80b9e826d28369d5fa6010d9838508ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVCZNHPH8ECP0AKTMS12
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
6811
cache-status
"Netlify Edge"; hit
etag
W/"16b7038049448ed0734707b3e7f45ff7-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bff63669-FRA
_app-43cb7510efd06ccb.js
www.zscaler.com/_next/static/chunks/pages/
368 KB
122 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/pages/_app-43cb7510efd06ccb.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3618b2465cc3685ffb2dd728fc10a62ba02d648f199b33875b43d11465793e75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD1NFBTZEFNTRATSFP8
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51952
cache-status
"Netlify Edge"; hit
etag
W/"9e5ddcbc00ee308adb47c6ed20dd8479-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bff73669-FRA
845-ce9c6f66aaa246a5.js
www.zscaler.com/_next/static/chunks/
260 KB
71 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/845-ce9c6f66aaa246a5.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb884d14291b689486d86d9774a99cc035a2390b22eeb0315fd899a247e155f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD2N5WQ2Q4SKY3RXP6R
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51954
cache-status
"Netlify Edge"; hit
etag
W/"7ed183e8f2623269d70c3397ce4e8e3a-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bff83669-FRA
5865-a280b85a1b3f871e.js
www.zscaler.com/_next/static/chunks/
135 KB
38 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/5865-a280b85a1b3f871e.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31d8f5d0e01807256c12d40c18410385c9a9985fed650f5537a5450f0582cce6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD3DS7ATA2FXHXQ65GX
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51813
cache-status
"Netlify Edge"; hit
etag
W/"9b2bffcd6aaba13434b34808d1fa362d-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bffa3669-FRA
544-962ec0e04edd4a24.js
www.zscaler.com/_next/static/chunks/
81 KB
21 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/544-962ec0e04edd4a24.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1ef5d985cdacad95db115e8007eea747a495199d3b1c936c8c50c7064090ff0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD5CPW88KXMBKAP7MP0
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
52058
cache-status
"Netlify Edge"; hit
etag
W/"d9d98fe3563c62e0fb5a0cfa8d3d3e31-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bffb3669-FRA
1576-3d6906e839b5d284.js
www.zscaler.com/_next/static/chunks/
149 KB
32 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/1576-3d6906e839b5d284.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb0ae2d781e8cc758d26e9284dae2326d4b91f90b876ff202889d5f91f62aba0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD8KVFKE4FV73DDTE19
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51461
cache-status
"Netlify Edge"; hit
etag
W/"eee56e0d5ca3b25286b5d3f6e99a1ae3-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bffc3669-FRA
%5B...slug%5D-14c53034c5d855b3.js
www.zscaler.com/_next/static/chunks/pages/blogs/
3 KB
2 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/pages/blogs/%5B...slug%5D-14c53034c5d855b3.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e7a5698fcf9228a9ddf6f83291dc0d8e0d618bf1db73585c6d72b1009ff20fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD1K66KJ2G0HQ2CMX5R
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
48945
cache-status
"Netlify Edge"; hit
etag
W/"2849430e59bb163d085ffa7a8cda30de-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bffd3669-FRA
_buildManifest.js
www.zscaler.com/_next/static/nbqKRZvZLdJt8I5cnfKOu/
3 KB
1 KB
Script
General
Full URL
https://www.zscaler.com/_next/static/nbqKRZvZLdJt8I5cnfKOu/_buildManifest.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2748381a1e0a6d88bf41ceee8e3ee315e6aa538facb893e219db84dc40cab9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD65V963HT6Z1DDDRT6
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
52022
cache-status
"Netlify Edge"; hit
etag
W/"feadbdd8c718c34c166a6b4e8e7f36fb-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bffe3669-FRA
_ssgManifest.js
www.zscaler.com/_next/static/nbqKRZvZLdJt8I5cnfKOu/
417 B
282 B
Script
General
Full URL
https://www.zscaler.com/_next/static/nbqKRZvZLdJt8I5cnfKOu/_ssgManifest.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc1a746e4540f4be2f9172e2403669d454784c6ff4e5394e5c89f6d24f22af83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVD8C7NJJ5R829CP8BZB
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51954
cache-status
"Netlify Edge"; hit
etag
W/"9e56531e829a109b15c8b03429c19e6a-ssl"
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b5bfff3669-FRA
email-decode.min.js
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
818 B
Script
General
Full URL
https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
last-modified
Fri, 05 Jul 2024 14:30:09 GMT
server
cloudflare
content-encoding
gzip
etag
W/"66880371-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
8a1d82b5b8013669-FRA
expires
Sun, 14 Jul 2024 02:12:50 GMT
dodgebox_figure_1.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/
46 KB
46 KB
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/dodgebox_figure_1.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4cf0a0878e248f71538780f86f7da42e479d4d26a488a14e3bd1fe654027c546
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
content-length
46730
cf-resized
internal=ok/d q=0 n=276+175 c=0+0 v=2024.6.0 l=46730
last-modified
Tue, 09 Jul 2024 15:21:58 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfjN_0Q2pZsHwigC3Kh6fPq5PA1gWqs-rDoNB_ezzVDw"
vary
Accept, Accept-Encoding
warning
cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
content-type
image/webp
cache-control
max-age=300
accept-ranges
bytes
cf-ray
8a1d82b698773669-FRA
3e894970-e3e9-4783-85e9-7c38eedbfbbf.json
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/3e894970-e3e9-4783-85e9-7c38eedbfbbf.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b0cd39d290a1403b6303c049dceebac871d07a5f776b53f4e425ec2235d16a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
50727
content-md5
oj+Dp3bF+hHUZlalRDGEBg==
content-length
1840
x-ms-lease-status
unlocked
last-modified
Wed, 26 Jun 2024 09:57:50 GMT
server
cloudflare
etag
0x8DC95C6709730F1
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
609ffdb0-a01e-000a-38af-c78a03000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a1d82b749bf4d88-FRA
expires
Sat, 13 Jul 2024 02:12:50 GMT
7763.d758ee891eda7402.js
www.zscaler.com/_next/static/chunks/
1 KB
816 B
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/7763.d758ee891eda7402.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-8e7d39158b930c2a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVKGTP35E0ZXJ2XYFAV4
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51952
cache-status
"Netlify Edge"; hit
etag
W/"17febf2951ad34c7eeeef4016c7b0b2f-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b708b33669-FRA
5551.c4fb596d5a66633e.js
www.zscaler.com/_next/static/chunks/
1000 B
712 B
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/5551.c4fb596d5a66633e.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-8e7d39158b930c2a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVKH8E4JCNPR8GYJTZFX
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
52020
cache-status
"Netlify Edge"; hit
etag
W/"a6691d54597182ea40834fe228daf31e-ssl"
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b708b53669-FRA
6023.ccb3fff03c4fa91a.js
www.zscaler.com/_next/static/chunks/
1 KB
730 B
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/6023.ccb3fff03c4fa91a.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-8e7d39158b930c2a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVKMEFA2PV7ERCRXPJXY
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
52496
cache-status
"Netlify Edge"; hit
etag
W/"cdf67233aa350887f94d408f802c7482-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b718b73669-FRA
790.d7dc94c2ef6f512f.js
www.zscaler.com/_next/static/chunks/
1 KB
840 B
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/790.d7dc94c2ef6f512f.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-8e7d39158b930c2a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVKK53GNTRFJRJ6F94HA
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51889
cache-status
"Netlify Edge"; hit
etag
W/"a1ea44e59828d3f7a982ea32905c6987-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b718b83669-FRA
6831.3072668993ea221f.js
www.zscaler.com/_next/static/chunks/
1 KB
721 B
Script
General
Full URL
https://www.zscaler.com/_next/static/chunks/6831.3072668993ea221f.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-8e7d39158b930c2a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVKM5RQ8Q7CEW8Z76EYG
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51952
cache-status
"Netlify Edge"; hit
etag
W/"e6955a7112f40e9844da8900d4e701a7-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b718b93669-FRA
storage.html
117186981.intellimizeio.com/ Frame 6AAC
0
0
Document
General
Full URL
https://117186981.intellimizeio.com/storage.html
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.155.176.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-155-176-252.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.zscaler.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
5628
content-type
text/html; charset=utf-8
date
Fri, 12 Jul 2024 02:12:50 GMT
etag
W/"15fc-Uk1A5QrccB7iUltcerqKsVx8Uo0"
strict-transport-security
max-age=15552000; includeSubDomains
x-powered-by
Express
117186981
api.intellimize.co/context-v2/
437 B
589 B
Fetch
General
Full URL
https://api.intellimize.co/context-v2/117186981
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.17.195.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-195-126.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2036fd495b0b68f1b7c7d7b9744ca0e57cd3fa827a6b85d7714c9537f580ddb0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
0
image
www.zscaler.com/_next/
38 KB
38 KB
Image
General
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fkimsuky_cover_image_v2%2520copy_0.jpeg&w=600&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/5865-a280b85a1b3f871e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e98ebd4041010e01df2e124d17e054116bd1f2e41def6e190fb18602b264db98
Security Headers
Name Value
Content-Security-Policy ,
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVQE6ZWBHZCWN2W1KKCF
date
Fri, 12 Jul 2024 02:12:50 GMT
content-security-policy
,
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload
cf-cache-status
DYNAMIC
age
52460
cross-origin-resource-policy
cross-origin
content-length
38919
last-modified
Thu, 11 Jul 2024 11:38:30 GMT
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server
cloudflare
cache-status
"Netlify Edge"; fwd=stale
vary
Accept
content-type
image/avif
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a1d82b7d9293669-FRA
image
www.zscaler.com/_next/
18 KB
18 KB
Image
General
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2F----category-images%2Fadvanced-persistent-threats%2Fzscaler-blog-advanced-persistent-threats-3_0.jpg&w=600&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/5865-a280b85a1b3f871e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
610b07d719732b2c51e03ec1e20eae956f86785bca4582be086347bfd17a7235
Security Headers
Name Value
Content-Security-Policy ,
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVQC5Z4F6TS96VNP1H0P
date
Fri, 12 Jul 2024 02:12:50 GMT
content-security-policy
,
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload
cf-cache-status
DYNAMIC
age
52459
cross-origin-resource-policy
cross-origin
content-length
17999
last-modified
Thu, 11 Jul 2024 11:38:31 GMT
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server
cloudflare
cache-status
"Netlify Edge"; fwd=stale
vary
Accept
content-type
image/avif
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a1d82b7d92a3669-FRA
image
www.zscaler.com/_next/
42 KB
42 KB
Image
General
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2F----category-images%2Fcyber-security%2Fzscaler-blog-cyber-security-1%25402x.jpg&w=600&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/5865-a280b85a1b3f871e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa456b8f12644c4b7679d7721ddf863aac565bcd4a12cf8c9644911a68301368
Security Headers
Name Value
Content-Security-Policy ,
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVQBP041AHQ7F85SHW61
date
Fri, 12 Jul 2024 02:12:50 GMT
content-security-policy
,
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload
cf-cache-status
DYNAMIC
age
52459
cross-origin-resource-policy
cross-origin
content-length
42551
last-modified
Thu, 11 Jul 2024 11:38:31 GMT
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server
cloudflare
cache-status
"Netlify Edge"; fwd=stale
vary
Accept
content-type
image/avif
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a1d82b7d92b3669-FRA
forms2.min.js
info.zscaler.com/js/forms2/js/
199 KB
67 KB
Script
General
Full URL
https://info.zscaler.com/js/forms2/js/forms2.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 30 May 2024 20:57:39 GMT
server
cloudflare
age
4263
etag
"36277e-31b30-619b21e0856c0"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
8a1d82b88cc54516-TXL
expires
Fri, 12 Jul 2024 06:12:50 GMT
b0bb3f2a3b7edfcf.css
www.zscaler.com/_next/static/css/
93 KB
93 B
Fetch
General
Full URL
https://www.zscaler.com/_next/static/css/b0bb3f2a3b7edfcf.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b313dd302550e78e611dd129c0fc501e5544450488c199b44eb20107f69eba3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVRAV2XQRDQDHVKMC3N0
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
38114
cache-status
"Netlify Edge"; hit
etag
W/"e42921e5c093e8e5a448834c416651ca-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b7f93f3669-FRA
d5d8f2847c08eecd.css
www.zscaler.com/_next/static/css/
76 KB
135 B
Fetch
General
Full URL
https://www.zscaler.com/_next/static/css/d5d8f2847c08eecd.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
464a2a89ca6b0b827fd9598bf6d2dccf5f072cacf0b0f0423f7d30f0e97ce135
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVR68DHDATXK9F296WRG
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
51891
cache-status
"Netlify Edge"; hit
etag
W/"a195c39c18bdcd9ea82cf23ccd282a73-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82b7f9463669-FRA
ct
obs.iseaskies.com/
4 KB
1 KB
Script
General
Full URL
https://obs.iseaskies.com/ct?id=60409&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1720750370564&hl=2&op=0&ag=589913651&rand=136712801559228115872095511008185471903808616560607888217018641050751187086910101595&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDUzMl0sWyJhYm5jaCIsMTddLFstMSwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTI5LCItIl0sWy01MywiMTAwIl0sWy01OCwiLSJdLFstOCwiLSJdLFstMjYsIntcInRqaHNcIjo5MTcxODU2LFwidWpoc1wiOjY5NjE0ODQsXCJqaHNsXCI6NDI5NDcwNTE1Mn0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFstMzQsIi0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTQ0LCIwLDAsMCw1Il0sWy00NywiRXVyb3BlL0JlcmxpbixkZSxsYXRuLGdyZWdvcnkiXSxbLTYwLDIwNV0sWy02MSwie1wid2dzbFwiOlwiNDtyZWFkb25seV9hbmRfcmVhZHdyaXRlX3N0b3JhZ2VfdGV4dHVyZXM7cGFja2VkXzR4OF9pbnRlZ2VyX2RvdF9wcm9kdWN0O3VucmVzdHJpY3RlZF9wb2ludGVyX3BhcmFtZXRlcnM7cG9pbnRlcl9jb21wb3NpdGVfYWNjZXNzO1wiLFwicGNmXCI6XCJiZ3JhOHVub3JtXCJ9Il0sWzM3LCJbMzMxNjIyNDA0OSxmdW5jdGlvbihuZXdWYWx1ZSkge1xuICAgICAgICAgICAgICBhZGRDb250ZW50V2luZG93UHJveHkodGhpcylcbiAgICAgICAgICAgICAgLy8gUmVzZXQgcHJvcGVydHksIHRoZSBob29rIGlzIG9ubHkgbmVlZGVkIG9uY2VcbiAgICAgICAgICAgICAgT2JqZWN0LmRlZmluZVByb3BlcnR5KGlmcmFtZSwgJ3NyY2RvYycsIHtcbiAgICAgICAgICAgICAgICBjb25maWd1cmFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHdyaXRhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB2YWx1ZTogX3NyY2RvY1xuICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICBfaWZyYW1lLnNyY2RvYyA9IG5ld1ZhbHVlXG4gICAgICAgICAgICB9XSJdLFstNywiLSJdLFstMTgsIlswLDAsMCwxXSJdLFstMTksIlsxODAsMTgwLDE4MCwxODAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyODUsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCIsMTYwMCwxMjAwXSJdLFstMzksIltcIjIwMDMwMTA3XCIsMixcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCx0cnVlLDgsZmFsc2UsbnVsbCw1LHRydWUsdHJ1ZSxudWxsLDAsdHJ1ZSx0cnVlXSJdLFstNDAsIjMzIl0sWy00MywiMDAwMDAwMDEwMTAwMDAwMTAwMTExMDExMDAxMDExMDEwMDAwMDEiXSxbLTQ5LCItIl0sWy01MSwiLSJdLFstNTQsIntcImhcIjpbXCJfM1wiLFwiMjg3Mjg5OTMyMFwiLFwiXzFcIixcIjc2Njc2MzE4XCJdLFwiZFwiOltdLFwiYlwiOltcIjExNzY3Mjg3ODdcIixcIjEzMDQ4MDgwNzRcIl0sXCJzXCI6MX0iXSxbLTY0LCJbMCxcIlwiLFtdXSJdLFstNjcsIi0iXSxbLTksIisiXSxbLTI1LCItIl0sWy01MCwiLSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy00LCItIl0sWy0yNywiWzEwMCwxMCwwLFwiNGdcIixudWxsXSJdLFstMjgsImVuLVVTLGVuIl0sWy0zNSwiWzE3MjA3NTAzNzA0MzgsLTJdIl0sWy00OCwiMCwwIl0sWy02NiwiZ2VvbG9jYXRpb24sc3RvcmFnZWFjY2VzcyxnYW1lcGFkLGNoZWN0LG1pZGksZGlzcGxheWNhcHR1cmUsdXNiLGJyb3dzaW5ndG9waWNzLHBpY3R1cmVpbnBpY3R1cmUscHVibGlja2V5Y3JlZGVudGlhbHNnZXQsbG9jYWxmb250cyxvdHBjcmVkZW50aWFscyxlbmNyeXB0ZWRtZWRpYSxjaHNhdmVkYXRhLGNodWFmdWxsdmVyc2lvbmxpc3QsY2h1YXdvdzY0LHNoYXJlZHN0b3JhZ2UsY2hkb3dubGluayxjaHByZWZlcnNjb2xvcnNjaGVtZSxzeW5jeGhyLGNodWFtb2RlbCxjaHByZWZlcnNyZWR1Y2VkdHJhbnNwYXJlbmN5LHNlcmlhbCxjYW1lcmEsY2hwcmVmZXJzcmVkdWNlZG1vdGlvbixwcml2YXRlc3RhdGV0b2tlbmlzc3VhbmNlLGlkZW50aXR5Y3JlZGVudGlhbHNnZXQsY2h1YWZ1bGx2ZXJzaW9uLGZ1bGxzY3JlZW4sY2hkcHIsdW5sb2FkLGtleWJvYXJkbWFwLGNodWFwbGF0Zm9ybSxzaGFyZWRzdG9yYWdlc2VsZWN0dXJsLGd5cm9zY29wZSxpbnRlcmVzdGNvaG9ydCxjaHVhbW9iaWxlLHdpbmRvd21hbmFnZW1lbnQsY2h1YSxwdWJsaWNrZXljcmVkZW50aWFsc2NyZWF0ZSxtYWduZXRvbWV0ZXIsYWNjZWxlcm9tZXRlcixwcml2YXRlc3RhdGV0b2tlbnJlZGVtcHRpb24sY2h1YWFyY2gseHJzcGF0aWFsdHJhY2tpbmcsY2h1YWZvcm1mYWN0b3JzLGlkbGVkZXRlY3Rpb24sY2h1YXBsYXRmb3JtdmVyc2lvbixjaHdpZHRoLGNsaXBib2FyZHJlYWQsY2h2aWV3cG9ydHdpZHRoLGNvbXB1dGVwcmVzc3VyZSxwYXltZW50LGNodmlld3BvcnRoZWlnaHQsY2hydHQsYXV0b3BsYXksY3Jvc3NvcmlnaW5pc29sYXRlZCxoaWQsY2h1YWJpdG5lc3Msc2NyZWVud2FrZWxvY2sscHJpdmF0ZWFnZ3JlZ2F0aW9uLGNsaXBib2FyZHdyaXRlLGF0dHJpYnV0aW9ucmVwb3J0aW5nLGNoZGV2aWNlbWVtb3J5LG1pY3JvcGhvbmUiXSxbLTY4LCItIl0sWy0yMywiKyJdLFstMjQsIltdIl0sWy0zMiwiLSJdLFstNjUsIi0iXSxbLTY5LCJMaW51eCB4ODZfNjR8R29vZ2xlIEluYy58OHwxM3x8MCJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiaW50ZWwgaW5jLlwiLFwiclwiOlwiaW50ZWwgaXJpcyBvcGVuZ2wgZW5naW5lXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjMsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjoxOTMwODIwMjc5LFwic2VjXCI6XCJcIn0iXSxbLTQ1LCItIl0sWy02MiwiODAiXSxbLTIsIjUsZUFIV1gxL2YzcXpDdmJrdXltUXdnbElhRjNwRXNSRUVUcG9WZEZWQlFRcFJjUkJGU0tJSWdpUklyMEtoSlJxcFNBdENBa1FIcEl6eWJiWHBtWnIvNS9kOTZiemN1U0FQSi9HdCJdLFstNSwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIixcInR3aXR0ZXI6dGl0bGVcIixcInR3aXR0ZXI6ZGVzY3JpcHRpb25cIl19Il0sWy0xMiwibnVsbCJdLFstMTUsIi0iXSxbLTIwLCItIl0sWy02LCItIl0sWy0xMCwiLSJdLFstMTMsIi0iXSxbLTE0LCItIl0sWy0yMSwiLSJdLFstMzMsIi0iXSxbLTM2LCJbXCI0LzNcIixcIjQvM1wiXSJdLFstMzgsImksLTEsLTEsMCwwLDE2LDAsMCw4OCwxODUsLTEsMCw0NDEuMSwsNjgwLDY4MSJdLFstNDEsIi0iXSxbLTQ2LCIwIl0sWy01NywiV0UwWlYxeE9jVmhYWFZWY1N4Y0ZXbFpVU1V4TlhGMEhHV0pZU2hsWVNVbFZRR1FaRVZ4UFdGVVpXRTBaQlZoWFZsZEFWRlpNU2djWkVRTU9Bd2dNQ1FvSkFSQVZHUVZZVjFaWFFGUldURW9IQXdnQkF3b0pFQlZZVFJsNFMwdFlRQmRmWEJrUlVVMU5TVW9ERmhaV1d4ZFFTbHhZU2xKUVhFb1hXbFpVRmxBV0NBb0FERndNRFZzT0NWc0pEMXNORFEwUERBOVlDMThOQ1ZvSUNnd0tEZzBYVTBvRENBTVBEZzBPQ0JBVldFMFpTeGtSVVUxTlNVb0RGaFpXV3hkUVNseFlTbEpRWEVvWFdsWlVGbEFXQ0FvQURGd01EVnNPQ1ZzSkQxc05EUTBQREE5WUMxOE5DVm9JQ2d3S0RnMFhVMG9EQ0FNT0NRNFBDeEE9Il0sWy01OSwiZGVmYXVsdCJdLFstNjMsIjAiXSxbImJuY2giLDIzMl0sWy0xNiwiMCJdLFstMTcsIjEzIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNTIsIi0iXSxbLTU1LCIwIl0sWyJkZGIiLCIwLDYsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDIsMCwwLDYsMSwwLDAsMCwwLDAsMCwxLDAsMCwyLDAsNSwwLDAsMCwwLDAsMCwwLDAsMCJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMSw0LDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDMsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDMsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsNCwwLDAsMCwwLDAsMCwwLDAsMCJdXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=2Tpooq7X3t&pto=683&ver=61&gac=-&mei=&ap=&fe=1&duid=1.1720750370.FNRnVPRnGPKA8Y5f&suid=1.1720750370.adRxWfFbtlaag12E&tuid=1.1720750370.4U0zBw12LAXsMjw9&fbc=-&gtm=-&it=52%2C253%2C175&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=jx.2.0%3B&sck=-&io=aGA2Og%3D%3D
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
6be6a088c82891484a874b7fa90b917c48f53843fd48cd088b643a2a81618508

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-type
text/javascript
pragma
no-cache
date
Fri, 12 Jul 2024 02:12:50 GMT
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
1134
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
295 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8a1d82b8bf63190b-FRA
access-control-allow-headers
Content-Type
clientlogger
log.intellimize.co/
3 B
316 B
Ping
General
Full URL
https://log.intellimize.co/clientlogger
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.244.10.119 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-244-10-119.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
0
image
www.zscaler.com/_next/
159 KB
159 KB
Image
General
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fblog-tile-img-700x467-ransomware%2520copy.jpeg&w=1920&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b05fdaf745a54b8e0c4b4b9d6f2f89c5870f1bcf505e6318749be75ce7b6faa
Security Headers
Name Value
Content-Security-Policy ,
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDVSW1FF1JF3TZFHRKN4C
date
Fri, 12 Jul 2024 02:12:50 GMT
content-security-policy
,
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload
cf-cache-status
DYNAMIC
age
52335
cross-origin-resource-policy
cross-origin
content-length
162891
last-modified
Thu, 11 Jul 2024 11:40:36 GMT
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server
cloudflare
cache-status
"Netlify Edge"; fwd=stale
vary
Accept
content-type
image/avif
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a1d82b859783669-FRA
117186981
api.intellimize.co/prediction/
68 B
379 B
Fetch
General
Full URL
https://api.intellimize.co/prediction/117186981
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.17.195.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-195-126.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
36d285646fbea25535bf092bda915ae8f6aca78526502f7d99a7678fab3189ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202403.1.0/
442 KB
107 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
s7qm2vbmUNglr6Jt5k9KHA==
age
29446
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
109676
x-ms-lease-status
unlocked
last-modified
Thu, 21 Mar 2024 07:04:35 GMT
server
cloudflare
etag
0x8DC49752A75EB01
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f463857b-001e-005d-3a08-7c3307000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a1d82b91d4b9262-FRA
logger
log.intellimize.co/
3 B
324 B
Ping
General
Full URL
https://log.intellimize.co/logger
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.244.10.119 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-244-10-119.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
0
logger
log.intellimize.co/
3 B
324 B
Ping
General
Full URL
https://log.intellimize.co/logger
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.244.10.119 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-244-10-119.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
0
en.json
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/7e39d72d-1927-46f7-a0e0-f2afc442f33f/
126 KB
28 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/7e39d72d-1927-46f7-a0e0-f2afc442f33f/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f23f53e414e418ba0b70cf9106982d493e4d3554fc1929533737d4f595f89f7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
56953
content-md5
SCNd+VjPycUxIbADx7mHRw==
content-length
28323
x-ms-lease-status
unlocked
last-modified
Wed, 26 Jun 2024 09:56:03 GMT
server
cloudflare
etag
0x8DC95C630A2F321
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
944beea8-c01e-001a-6daf-c7bce5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a1d82b9cb5b4d88-FRA
expires
Sat, 13 Jul 2024 02:12:50 GMT
getForm
info.zscaler.com/index.php/form/
6 KB
2 KB
Script
General
Full URL
https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=7971&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&callback=jQuery371009360948310668249_1720750370743&_=1720750370744
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
959f418a7c1a1e100c35c5b2c32363feff3b193e76e3c911270484078beccfa9

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
server
cloudflare
cf-ray
8a1d82b9de744516-TXL
cached
true
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
getForm
info.zscaler.com/index.php/form/
6 KB
2 KB
Script
General
Full URL
https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=1944&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&callback=jQuery371009360948310668249_1720750370745&_=1720750370746
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5a06f8f00aca1f396d2adc417c8a863787dcee4eed50755d34af10690715f23

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
server
cloudflare
cf-ray
8a1d82b9de7a4516-TXL
cached
true
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
otFlat.json
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
KLWFssuowJEtDumTaVZD/A==
age
60530
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3041
x-ms-lease-status
unlocked
last-modified
Thu, 21 Mar 2024 07:04:28 GMT
server
cloudflare
etag
0x8DC497526A04834
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
3a650741-801e-007e-6dd1-9ba6b0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a1d82ba3ba44d88-FRA
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/
5 KB
2 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
k7yGPxSf903pvrcZkZ/tnw==
age
5564
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1738
x-ms-lease-status
unlocked
last-modified
Thu, 21 Mar 2024 07:04:30 GMT
server
cloudflare
etag
0x8DC497527AB27B4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
4bf9e8d1-801e-00a5-22d1-9b608d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a1d82ba3ba54d88-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/
24 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
4ErYmXXFNbMLrnc9DrDTsg==
age
68713
x-ms-lease-status
unlocked
last-modified
Thu, 21 Mar 2024 07:04:40 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
5e879149-f01e-0016-51d1-9bc020000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8a1d82ba3ba64d88-FRA
forms2.css
info.zscaler.com/js/forms2/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://info.zscaler.com/js/forms2/css/forms2.css
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 30 May 2024 20:57:39 GMT
server
cloudflare
age
401
etag
"362776-3437-619b21e0856c0"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8a1d82ba7f4d4516-TXL
content-length
2623
expires
Fri, 12 Jul 2024 06:12:50 GMT
forms2-theme-round.css
info.zscaler.com/js/forms2/css/
4 KB
1 KB
Stylesheet
General
Full URL
https://info.zscaler.com/js/forms2/css/forms2-theme-round.css
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 30 May 2024 20:57:39 GMT
server
cloudflare
age
401
etag
"3040222-e46-619b21e0856c0"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8a1d82ba7f4e4516-TXL
content-length
968
expires
Fri, 12 Jul 2024 06:12:50 GMT
zscaler-variation-icon-white.png
cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a48-f85f-7774-95d7-08faa6aa3c7b/12ee0f04-1958-4b33-a1d4-12aaee5a0f25/
1 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a48-f85f-7774-95d7-08faa6aa3c7b/12ee0f04-1958-4b33-a1d4-12aaee5a0f25/zscaler-variation-icon-white.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 12 Jul 2024 02:12:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
AjwaatmEihRgIitZTQhd5w==
age
49060
content-length
1448
x-ms-lease-status
unlocked
last-modified
Thu, 21 Mar 2024 07:22:44 GMT
server
cloudflare
etag
0x8DC4977B36FCFB2
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
11b1ed99-101e-008a-538e-7b6232000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a1d82baadfa9262-FRA
tc_imp.gif
obs.iseaskies.com/tracker/
43 B
102 B
Image
General
Full URL
https://obs.iseaskies.com/tracker/tc_imp.gif?e=37dfbd8ee84e001268eec030ea448d9d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5811896d2e17071a10acf9f29f6740d781805224364efd29720c8e3ddb339400620c76905a535f61515994eb3a4a77be26bb25cb43e2916af05365ac097c7a1bdb50ef4ef497d7d63ebb2807ff7ecaa8556d8e0e3143714493d60265f760b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf7288ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e8289b468933b08d6a89a7f4c1ea6353cad911037b8dbf927dc04f845b38c4eca1ed9d36d9a6d279c9b22da6198cefab6cdb3f11338ae6bf2fbb9234e2bfb94248efe01e0141a54954309da8dcec8cff18021853bd79fa29873f867342483692c978490446ad6e575ae06e79e57d971a87a500452c722b842cbd5a87cae803e881ff79edbd7648016477feb08471c6c4a6ed1e330f40b94ca8064fdcd2bbd802bd993e4f23dd7e1b604283e89a90604fd90491442f4acba67b828dfbb4ee5e132a03ef567c011964195ba36d5083bf6fdca74352d335b7f4a5857eab29e70c05ce603171478bced10818a121ea0aac3a8eb3db1b1bda9d8bcd6a559452ee6559aa40f3cf01f3c4e892724257efc69b26405d0a99d71800bd42682b72fcfbe11907b0f203c037c139cc0f8da3c7b5599044495d3d9bdaccb53059eb7a17c96cf707bc4d3123c6af88dd85621b321995c8307e037980ec6cb14f1a62fe3988ace854162ee8d2771d633ffd9a2a1049d72351107946f4650b2a45f919a6aa8c7fda83693f0e7487f3f2ebb6bb919b816f7d83d843851205f3b7a7de15d8b813052b97191f3977dbe993bde302ffe402b2d9d9dc31648aa34acda02d015301e4bbb392c85aad76bcc57209ee013ebad9afe823eab35165f4fb57e374e8ed24c0aa8368c93dd3fcd97b51c577cbe787459409e6b0fb5c8aa414ece002484ced81fdbdebbd34b76ef72a90d6955c552313f8881164b8acaf196bfe751f330a56ddc39d3cf5f86fff22b2bfdd90391cfacb8c5efc4927711d9a4375f983c9b168f01a2b769bac5cdc963e3c5c7f2f9467a94e0e7e2519817f112643e4d3b91c96761ce6fbc0c89c963e0&cri=2Tpooq7X3t&ts=407&cb=1720750370971
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
2566a574-3645-4cd2-b3c6-1417c368284b
https://www.zscaler.com/
261 B
0
Other
General
Full URL
blob:https://www.zscaler.com/2566a574-3645-4cd2-b3c6-1417c368284b
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
082f56a5765f3be29c1faa6afb330aa259290b729a2e7a187c45379cc9f48e20

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length
261
Content-Type
a191f96f-82d7-4bc1-8733-07ecd84bfde5
https://www.zscaler.com/
529 B
0
Other
General
Full URL
blob:https://www.zscaler.com/a191f96f-82d7-4bc1-8733-07ecd84bfde5
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bf6516457600ff741e33b46cfcd794bef4ef2774f5cc4ae05cdf5fcc04e4b749

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length
529
Content-Type
XDFrame
info.zscaler.com/index.php/form/ Frame 4A14
2 KB
896 B
Document
General
Full URL
https://info.zscaler.com/index.php/form/XDFrame
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
8a1d82bb88e34516-TXL
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 12 Jul 2024 02:12:51 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
forms2.min.js
info.zscaler.com/js/forms2/js/ Frame 4A14
199 KB
0
Script
General
Full URL
https://info.zscaler.com/js/forms2/js/forms2.min.js
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://info.zscaler.com/index.php/form/XDFrame
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 30 May 2024 20:57:39 GMT
server
cloudflare
age
4263
etag
"36277e-31b30-619b21e0856c0"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
8a1d82b88cc54516-TXL
expires
Fri, 12 Jul 2024 06:12:50 GMT
favicon-32x32.ico
www.zscaler.com/favicons/
4 KB
1002 B
Other
General
Full URL
https://www.zscaler.com/favicons/favicon-32x32.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J2JBDWFYQPT1C6TT79MYECJ3
date
Fri, 12 Jul 2024 02:12:51 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
age
6437
cache-status
"Netlify Edge"; hit
etag
W/"5d00c0de27c65c78efe08fbcbcd851cd-ssl"
vary
Accept-Encoding
content-type
image/vnd.microsoft.icon
cache-control
public,max-age=0,must-revalidate
cf-ray
8a1d82bcbbc63669-FRA
gtm.js
www.googletagmanager.com/
372 KB
119 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8c9a6d871df32bfc6af2cafbfe3c8eb914933df37a98299bbe165e1fe4bdc147
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
121786
x-xss-protection
0
last-modified
Fri, 12 Jul 2024 01:00:20 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 12 Jul 2024 02:12:51 GMT
collect
www.google.com/ccm/
0
0
Ping
General
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&frm=0&rnd=990233989.1720750372&auid=1123585620.1720750372&npa=1&gtm=45He4790v71607006za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&tft=1720750371590&tfd=1708&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f4.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

js
www.googletagmanager.com/gtag/
333 KB
109 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
853ef94c99bfac6b4acd949c99d13c8327f6082ee340d40e7a0b1ab9b17400ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
110987
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 12 Jul 2024 02:12:51 GMT
6635.js
script.crazyegg.com/pages/scripts/0097/
7 KB
3 KB
Script
General
Full URL
https://script.crazyegg.com/pages/scripts/0097/6635.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a59b02412916fa4c417db1a41052abc8eefafd56224747dfd7524bec268ad714

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
gzip
cf-cache-status
HIT
age
16150
cf-polished
origSize=6998
ce-version
11.5.237
cf-bgj
minify
last-modified
Thu, 11 Jul 2024 21:43:40 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
8a1d82bf2944bbaa-FRA
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.221.60.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-60-75.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Fri, 12 Jul 2024 02:12:51 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Mar 2023 01:24:48 GMT
Server
AkamaiNetStorage
ETag
"cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
729
6934ae2b-4c76-4229-97d0-8f637b004b88.js
j.6sc.co/j/
4 KB
2 KB
Script
General
Full URL
https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
uLuCr1hhLpJjZt0sFSB89FSJa4YqIrE7
content-encoding
gzip
date
Fri, 12 Jul 2024 02:12:51 GMT
x-amz-cf-pop
FRA60-P1
x-amz-server-side-encryption
AES256
x-amz-meta-content-type
application/json
content-length
1178
pragma
no-cache
last-modified
Tue, 02 May 2023 17:36:47 GMT
server
AmazonS3
etag
"afb8c61166e7f50fe6d7ab7b6377733c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
x-amz-cf-id
pE9tinuLUd5M2XuaLIXy0hrVV83hzPqjSQLfD46vz9YCYnJQXn4qvg==
expires
Fri, 12 Jul 2024 02:12:51 GMT
roundtrip.js
s.adroll.com/j/
88 KB
27 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:aa00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
02b5db103f24a7395fa2623b371ea764e2948337147de780911dc2fcdec49458

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Amz-Version-Id
fsiDuzy5vys3wCM7hYlFnR.TBXHQSKgT
Content-Encoding
gzip
Via
1.1 b2825f5e779aaa7a75e20fcfeee23920.cloudfront.net (CloudFront)
Date
Fri, 12 Jul 2024 02:00:14 GMT
Age
759
X-Amz-Cf-Pop
MUC50-P4
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Thu, 04 Jul 2024 15:21:58 GMT
Server
AmazonS3
Etag
W/"c3ca7e6129306d41ac549ab4c252c99b"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Max-Age
600
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
wx_T52g0HDcpG1qbdCFIGzi5fKUmzg9m2QSd81PU9febhHo-zbboZw==
insight.min.js
snap.licdn.com/li.lms-analytics/
38 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 11 Jul 2024 09:19:33 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=62258
accept-ranges
bytes
content-length
14011
destination
www.googletagmanager.com/gtag/
282 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-812494211&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bab7d4cb9d54135d521e26f2b1bc18b9e068678e7b33bdbf0e6354d4ad88ea07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
96258
x-xss-protection
0
last-modified
Fri, 12 Jul 2024 01:00:20 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 12 Jul 2024 02:12:51 GMT
bat.js
bat.bing.com/
47 KB
14 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a97bc8ec679a82ec782bd76c7302c0ca394c1ad672450f86f87bee5e0ec06b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Fri, 12 Jul 2024 02:12:50 GMT
last-modified
Mon, 08 Jul 2024 16:08:41 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7C37F058A6414C32BAABDE04E956C007 Ref B: FRA31EDGE0221 Ref C: 2024-07-12T02:12:51Z
etag
"804a6d1951d1da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13828
destination
www.googletagmanager.com/gtag/
211 KB
76 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-8541430&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5cc980583cabc553427f9b5d5fdb361e959c0725d976ed948f6b7b8200f37372
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77946
x-xss-protection
0
last-modified
Fri, 12 Jul 2024 01:00:20 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 12 Jul 2024 02:12:51 GMT
fbevents.js
connect.facebook.net/en_US/
223 KB
60 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 12 Jul 2024 02:12:51 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58653
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=40, rtx=0, c=12, mss=1297, tbw=2810, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
zoXJYN1ZSId/jLIOUQpOWNHA8L6Js5GA2fwqAG4sMicYTLj7XNelStaRN063yJtBG2G8cvnUGLZkcd0jI6h0/g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
tracking.js
trk.techtarget.com/
3 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:24c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
age
37324
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
8a1d82bf6efc71df-FRA
expires
Fri, 12 Jul 2024 02:32:51 GMT
zi-tag.js
js.zi-scripts.com/
9 KB
3 KB
Script
General
Full URL
https://js.zi-scripts.com/zi-tag.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
x-amz-version-id
az1JGSQ.qou05rXeP8ubGTGmlUNWgCp9
via
1.1 2100d540f999998fa77c167c10cba074.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
TXL50-P5
age
52999
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 24 Jun 2024 11:29:23 GMT
server
cloudflare
etag
W/"e3c441f75699329acb887bf918f755c9"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8a1d82bf18bc58f0-TXL
x-amz-cf-id
nXAiruxUsOR2t574bVIprRXWijao_79q73TpenMogKhthHOvR7T1Sg==
ping.min.js
cdn.pdst.fm/
22 KB
22 KB
Script
General
Full URL
https://cdn.pdst.fm/ping.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
80.142.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 01:38:13 GMT
age
2078
x-guploader-uploadid
ACJd0NrMaO-W-MgjW2yJM7IRG2MakzlHoXU3sJfaJdaAkUuNevhvxJGZ1bgLwCBH4tx4Hn8aFaXnvOwDpg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22096
last-modified
Tue, 25 Jun 2024 13:55:49 GMT
server
UploadServer
etag
"4eddeec95afda969b3d1b2fb970c1eb1"
x-goog-generation
1719323749654301
x-goog-hash
crc32c=NZyeaA==, md5=Tt3uyVr9qWmz0bL7lwwesQ==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
22096
accept-ranges
bytes
content-type
text/javascript
expires
Fri, 12 Jul 2024 02:38:13 GMT
up_loader.1.1.0.js
js.adsrvr.org/
12 KB
5 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.172.103.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-172-103-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 11 Jul 2024 05:01:33 GMT
Content-Encoding
gzip
Via
1.1 84c3894c21a4640fb5c0efcf95646dca.cloudfront.net (CloudFront)
Last-Modified
Fri, 07 Jun 2024 09:20:53 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P8
Age
76280
x-amz-server-side-encryption
AES256
ETag
W/"a7eb6794e868fe870db350518165c868"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
FCHTtkd2VWLjOssMeKjWCdEKc9N71cWAIZJGmryXjJVB2Ew4m6geuw==
spx
dx.mountain.com/
25 KB
7 KB
Script
General
Full URL
https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&cb=28265585095103196term=value
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.238.149.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-238-149-65.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
38345bfe481893e3db8217b2b743a08e4f10d8a3b7548864b8f7647eeab4e15c

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
content-encoding
gzip
server
istio-envoy
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding
chunked
content-type
application/javascript;charset=utf-8
x-envoy-upstream-service-time
3
be
spx-prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
rudder-analytics.min.js
cdn.rudderlabs.com/v1.1/
122 KB
35 KB
Script
General
Full URL
https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:b600:16:a497:9700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6983cc4d5da374c36c01d4ef660385b7ae33de35414550bfc04c925d311ca5bc

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
br
via
1.1 66a008dd3c1b49635fc036a68872758c.cloudfront.net (CloudFront)
last-modified
Mon, 08 Jul 2024 05:24:11 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
46
x-amz-server-side-encryption
AES256
etag
W/"b1f322cbb2bcd09bc1d43a72ebbdc10e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
IKIeKL1G95OOh2T6og4khPaBACKP-j_x82RyJlGy8c5eiRsWZtPtMg==
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4790v883639532z871607006za200zb71607006&_p=1720750371313&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&tt=(not%20set)&cid=1782288955.1720750372&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1720750371&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&dt=DodgeBox%20%7C%20ThreatLabz&en=page_view&_fv=1&_nsi=1&_ss=1&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20240710&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Yin%20Hong%20Chang&ep.author_name_2=Sudeep%20Singh&ep.nid=81006&epn.hit_timestamp=1720750371632&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&ep.loading_time_seconds=0&ep.z_error=false&up.clientid=(not%20set)&up.debug_info=id%3DGTM-5SLZFK%26v%3D516%26debug%3Dfalse&up.firmographic_name_domain=(not%20set)%20((not%20set))&up.firmographic_location=(not%20set)%3B%20(not%20set)%3B%20(not%20set)%3B%20&up.firmographic_revenue=(not%20set)&up.firmographic_employee=(not%20set)&tfd=1856&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
254 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=1782288955.1720750372&gtm=45je4790v883639532z871607006za200zb71607006&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4790v883639532z871607006za200zb71607006&_p=1720750371313&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&tt=(not%20set)&cid=1782288955.1720750372&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&sid=1720750371&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&dt=DodgeBox%20%7C%20ThreatLabz&_s=2&tfd=1876&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4790v883639532z871607006za200zb71607006&_p=1720750371313&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&tt=(not%20set)&cid=1782288955.1720750372&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=Ag&_s=3&sid=1720750371&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&dt=DodgeBox%20%7C%20ThreatLabz&en=form_interaction&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20240710&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Yin%20Hong%20Chang&ep.author_name_2=Sudeep%20Singh&ep.nid=81006&epn.hit_timestamp=1720750371615&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=7971&_et=6&tfd=1881&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4790v883639532za200zb71607006&_p=1720750371313&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&tt=(not%20set)&cid=1782288955.1720750372&ul=de-de&sr=1600x1200&are=1&frm=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAg&_s=4&sid=1720750371&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&dt=DodgeBox%20%7C%20ThreatLabz&en=marketo_form_view&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20240710&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Yin%20Hong%20Chang&ep.author_name_2=Sudeep%20Singh&ep.nid=81006&epn.hit_timestamp=1720750371615&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=7971&_et=1&tfd=1885&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4790v883639532z871607006za200zb71607006&_p=1720750371313&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&tt=(not%20set)&cid=1782288955.1720750372&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=Ag&_s=5&sid=1720750371&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&dt=DodgeBox%20%7C%20ThreatLabz&en=form_interaction&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20240710&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Yin%20Hong%20Chang&ep.author_name_2=Sudeep%20Singh&ep.nid=81006&epn.hit_timestamp=1720750371620&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=1944&_et=1&tfd=1901&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-10SPJ4YJL9&cid=1782288955.1720750372&gtm=45je4790v883639532z871607006za200zb71607006&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1&npa=1&frm=0&z=2001237320
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CJusrdW2oIcDFVhnHgIdsYMiXg;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd...
8541430.fls.doubleclick.net/ Frame B632
Redirect Chain
  • https://8541430.fls.doubleclick.net/activityi;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2...
  • https://8541430.fls.doubleclick.net/activityi;dc_pre=CJusrdW2oIcDFVhnHgIdsYMiXg;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler...
0
0
Document
General
Full URL
https://8541430.fls.doubleclick.net/activityi;dc_pre=CJusrdW2oIcDFVhnHgIdsYMiXg;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1;ps=1;pcor=617760998;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4790v9189953520z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-8541430&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
399
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jul 2024 02:12:52 GMT
expires
Fri, 12 Jul 2024 02:12:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jul 2024 02:12:51 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://8541430.fls.doubleclick.net/activityi;dc_pre=CJusrdW2oIcDFVhnHgIdsYMiXg;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1;ps=1;pcor=617760998;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4790v9189953520z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activity;register_conversion=1;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-...
ad.doubleclick.net/
0
23 B
Image
General
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=8541430;type=zscal00;cat=zscal0;ord=3927239548681;npa=1;auiddc=1123585620.1720750372;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1;ps=1;pcor=617760998;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4790v9189953520z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"4672576184233354722"}],"aggregatable_trigger_data":[{"filters":[{"14":["94252198"]}],"key_piece":"0x4dc62c3de9caa51f","source_keys":["12","13","14","15","16","17","18","19","20","21","14961884","14961885","14961886","14961887","634854592","634854593","634854594","634854595","638137204","638137205","638137206","638137207","900068780","900068781","900068782","900068783"]},{"key_piece":"0xec26e57b502945ef","not_filters":{"14":["94252198"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","14961884","14961885","14961886","14961887","634854592","634854593","634854594","634854595","638137204","638137205","638137206","638137207","900068780","900068781","900068782","900068783"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"14961884":655,"14961885":655,"14961886":655,"14961887":63569,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"634854592":163,"634854593":163,"634854594":163,"634854595":15892,"638137204":327,"638137205":327,"638137206":327,"638137207":31784,"900068780":40,"900068781":40,"900068782":40,"900068783":3973},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"3077864534784376085","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"4672576184233354722","filters":[{"14":["94252198"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"4672576184233354722","filters":[{"14":["94252198"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"4672576184233354722","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"4672576184233354722","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["8541430"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
6si.min.js
j.6sc.co/
66 KB
18 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4d3dab569c7b9e24ba3484873769a6b4a34bd3ab4ef6ff53b1c5a5c60f7d5663
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 14 Jun 2024 00:42:44 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"666b9204-10980"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
18315
expires
Fri, 12 Jul 2024 02:12:51 GMT
www.zscaler.com.json
script.crazyegg.com/pages/data-scripts/0097/6635/site/
97 KB
11 KB
XHR
General
Full URL
https://script.crazyegg.com/pages/data-scripts/0097/6635/site/www.zscaler.com.json?t=1
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f0c337dcc8b75a5b1ed89e8a9e12860b5a023bb14a92ef1c6ac629541a5d1f7

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
gzip
cf-cache-status
HIT
age
16420
ce-version
11.5.237
content-length
10541
last-modified
Thu, 11 Jul 2024 21:39:11 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a1d82c0af969b77-FRA
getSubscriptions
js.zi-scripts.com/unified/v1/master/
199 B
682 B
Fetch
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a2a019102f4fd91b863e1030b90c84020242dcc4d62e94053f1f2210c98e6333

Request headers

visited_url
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Referer
https://www.zscaler.com/
Authorization
Bearer e6609b6e9a1669129391
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
via
1.1 584d7d1dfdb42e5bab983f65bcf240a4.cloudfront.net (CloudFront)
content-encoding
gzip
cf-cache-status
DYNAMIC
x-amz-cf-pop
TXL50-P5
x-powered-by
Express
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
apigw-requestid
axudyiIFPHcEPxQ=
server
cloudflare
etag
W/"c7-2gpZPMnQBw1UH2cmOvrTX7T7HHY"
access-control-allow-methods
POST, GET, OPTIONS, PATCH, DELETE, PUT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.zscaler.com
cf-ray
8a1d82c3a8bd44f8-TXL
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-Amp-Device-Id, X-Amp-Session-Id
x-amz-cf-id
bnoSvDaPUhGbJS1LEM0Qwws4gzKrvEtm5VvOkGke2AzFQQGZ80EZjA==
getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame
0
0
Preflight
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,visited_url
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
authorization,content-type,visited_url
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
apigw-requestid
axuduheMvHcEPdw=
cf-cache-status
DYNAMIC
cf-ray
8a1d82c08c8d44f8-TXL
date
Fri, 12 Jul 2024 02:12:52 GMT
server
cloudflare
vary
Access-Control-Request-Headers
via
1.1 584d7d1dfdb42e5bab983f65bcf240a4.cloudfront.net (CloudFront)
x-amz-cf-id
zX7kjBDoYm7BMruub3TvaJmFzO3KDr7Ikkrsl0tU234av-bDjqaqlQ==
x-amz-cf-pop
TXL50-P5
x-cache
Miss from cloudfront
x-powered-by
Express
attribution_trigger
px.ads.linkedin.com/
2 B
812 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=33962&time=1720750371843&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
*
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
content-encoding
gzip
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: DF3359815EBC46379EA097A87626FA6B Ref B: FRAEDGE2021 Ref C: 2024-07-12T02:12:51Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-lor1
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYdA2qsUD638j+l1RjVQQ==
x-fs-uuid
00061d036aac503eb7f23fa5d518d541
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720750371843&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720750371843&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&e_ipv6=A...
0
264 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720750371843&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&e_ipv6=AQJdtNYD9YNI-gAAAZCktvS8c999Xrj6F8Xjh5h3kH7mNOdEJT9OB1zBzmGyNCCbJGlca0yV
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: F730EC1869A143E9AEDF06A3B73DD8DF Ref B: FRAEDGE1318 Ref C: 2024-07-12T02:12:52Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYdA2qwEQ3tsqu5OTf3wQ==

Redirect headers

date
Fri, 12 Jul 2024 02:12:51 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 07AD43E588A141FBB8C40C6F2AF17BA3 Ref B: FRAEDGE1708 Ref C: 2024-07-12T02:12:51Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720750371843&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&e_ipv6=AQJdtNYD9YNI-gAAAZCktvS8c999Xrj6F8Xjh5h3kH7mNOdEJT9OB1zBzmGyNCCbJGlca0yV
x-li-proto
http/2
content-length
0
x-li-uuid
AAYdA2qr50S/LWjA7FdSSg==
index.js
s.adroll.com/j/pre/
Redirect Chain
  • https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js
  • https://s.adroll.com/j/pre/index.js
0
756 B
Script
General
Full URL
https://s.adroll.com/j/pre/index.js
Protocol
HTTP/1.1
Server
2600:9000:26da:aa00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Amz-Version-Id
nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date
Thu, 11 Jul 2024 15:19:34 GMT
Via
1.1 b2825f5e779aaa7a75e20fcfeee23920.cloudfront.net (CloudFront)
Age
39198
X-Amz-Cf-Pop
MUC50-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Wed, 15 Jan 2020 23:54:18 GMT
Server
AmazonS3
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
az8dJWxBaLJatxGZCtEc6IvzTbX9gQ1yTOIIhj-jIC1Qlg6KdsbFhg==

Redirect headers

Date
Thu, 11 Jul 2024 15:28:40 GMT
Via
1.1 b2825f5e779aaa7a75e20fcfeee23920.cloudfront.net (CloudFront)
Age
38651
X-Amz-Cf-Pop
MUC50-P4
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Location
https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
lfeulCqNqcKW3QLdjuwOKso0Co7dtFCjvnw-jOTtwqRqvp3sLRffxg==
index.js
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/
0
809 B
Script
General
Full URL
https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:aa00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Amz-Version-Id
VPlH8bNiePea_2CTDrYv.JP7EmN2wJpy
Date
Fri, 12 Jul 2024 02:08:52 GMT
Via
1.1 b2825f5e779aaa7a75e20fcfeee23920.cloudfront.net (CloudFront)
Age
2519
X-Amz-Cf-Pop
MUC50-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Tue, 09 Jul 2024 12:05:18 GMT
Server
AmazonS3
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Max-Age
600
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
1zsrQVJSQ5c6WypulrmfN1x4wKODzSeb4Ld7Tsn5S1NG8MMDLyvHUg==
gif.gif
ibc-flow.techtarget.com/a/
43 B
441 B
XHR
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1720750371849&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
2334982
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
via
1.1 google
x-guploader-uploadid
ACJd0NotG1cGFFZiZ1Ggl1qoONPE3P5gJZ6c6C1hjoxJ8kuXY3Jm7l5Fuc6FLEyRvKclU0CNLUI
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Fri, 12 Jul 2024 03:12:52 GMT
gif.gif
ibc-flow.techtarget.com/a/ Frame
0
0
Preflight
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1720750371849&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Fri, 12 Jul 2024 02:12:52 GMT
expires
Fri, 12 Jul 2024 02:12:52 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
ACJd0NqyTpONeIKZuUILug3YQXZfbF-LeXxd8h-AFoszTklFisTHcX1G61cRvVaHHi5RKV7jInQ
26354555.js
bat.bing.com/p/action/
2 KB
958 B
Script
General
Full URL
https://bat.bing.com/p/action/26354555.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
937d88897bd84da1ef68639717fd9ec8638bb9f68b7d5833c9e6a29e6c52d920
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Fri, 12 Jul 2024 02:12:51 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E83A5B00498249408EF14BA8D98DAA2D Ref B: FRA31EDGE0221 Ref C: 2024-07-12T02:12:51Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=60
1778897272132032
connect.facebook.net/signals/config/
71 KB
15 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1778897272132032?v=2.9.161&r=stable&domain=www.zscaler.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0c23f1b514dc8298404453e6be34ecd3bc364fc48a4874d0b5e52d25de8c6784
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 12 Jul 2024 02:12:51 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=44, rtx=0, c=65, mss=1297, tbw=64198, tp=-1, tpl=-1, uplat=79, ullat=0
pragma
public
x-fb-debug
fFzuUTgJO9wIcdFCa2DP8h5PdDyG/st0230kUbhJDGRiq9fQWkjpxAuEfMAM4Lc5q87l2hhYbi7N++y9gKFyLw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
getuidj
secure.adnxs.com/
11 B
699 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:52 GMT
an-x-request-uuid
f4000cf2-1735-4267-a973-d29d2244f8f2
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.zscaler.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
80.255.7.117; 80.255.7.117; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
11
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/
7 B
193 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
20 B
310 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ea6ecf1121b28cde9737ba4ecd724e15881f0caebb6f3db01b771ef911ff17b5

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:52 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.zscaler.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a01:4a0:1338:93::12
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1720750371980_34901565_382547920_23_935_39_51_219";dur=1
content-length
20
expires
Fri, 12 Jul 2024 02:12:52 GMT
up
insight.adsrvr.org/track/ Frame FB19
0
0

26354555
bat.bing.com/p/insights/t/
711 B
883 B
Script
General
Full URL
https://bat.bing.com/p/insights/t/26354555
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/26354555.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c9010233d0ba307c61a0ab1f5aec2a855fe94eff9c9899c902b44be9ce544b2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
-1
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Fri, 12 Jul 2024 02:12:51 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 1A2C6837D87F446883E95B34A557EDCC Ref B: FRA31EDGE0221 Ref C: 2024-07-12T02:12:51Z
vary
Accept-Encoding
x-azure-ref
20240712T021251Z-17f9d98b578ws4rw04gvequ96000000002cg000000007dkg
content-type
application/x-javascript
x-cache
CONFIG_NOCACHE
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
604
request-context
appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
ULSJHTPGTZGY3EPPZSKHKS
d.adroll.com/consent/check/
524 B
617 B
Script
General
Full URL
https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS?pv=1895708389.5000172&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&_s=12b62f318e04dd6cf698ccf116aab7bd&_b=2
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:cc3:fe04:117a:ce3a:dc4d:8d18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
476da3a92ba2ae47596581eab4d67f3771edb396de9672678bfacfaec90f7d64

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
server
nginx/1.22.1
content-length
524
content-type
application/javascript
mon
obs.iseaskies.com/
0
147 B
XHR
General
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://www.zscaler.com
date
Fri, 12 Jul 2024 02:12:52 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
1cb0fe96622d360e640b6ca18b5ba2ec.js
script.crazyegg.com/pages/versioned/common-scripts/
101 KB
34 KB
Script
General
Full URL
https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
747b3bdf8958ba6ea546f95ee4255f40cdb156a5e61cb7c0b4324f77181c7991

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Sun, 30 Jun 2024 16:56:32 GMT
server
cloudflare
age
24809
cf-polished
origSize=103828
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
timing-allow-origin
*
cf-ray
8a1d82c10a8bbbaa-FRA
/
api.rudderstack.com/sourceConfig/
0
0

/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&rl=&if=false&ts=1720750372038&sw=1600&sh=1200&v=2.9.161&r=stable&ec=0&o=4126&fbp=fb.1.1720750372036.842317434777512568&cs_est=true&ler=empty&cdl=API_unavailable&it=1720750371886&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=36, rtx=0, c=10, mss=1297, tbw=2791, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 12 Jul 2024 02:12:52 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
4 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&rl=&if=false&ts=1720750372038&sw=1600&sh=1200&v=2.9.161&r=stable&ec=0&o=4126&fbp=fb.1.1720750372036.842317434777512568&cs_est=true&ler=empty&cdl=API_unavailable&it=1720750371886&coo=false&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x3b296dc5458c63f9","source_keys":["1","2"]},{"key_piece":"0xd6ce7ed1eabafdd5","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Fri, 12 Jul 2024 02:12:52 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7390566572501274091", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=36, rtx=0, c=10, mss=1297, tbw=3109, tp=-1, tpl=-1, uplat=149, ullat=0
pragma
no-cache
x-fb-debug
7IovOBIP5IPkCH6Xg1uoriW4LF8SBvbjeCyeouu0R4A1a1XLex//bMzyqUp30BpgAwCcYssqhZkuhPtqvTpxOw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7390566572501274091"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
mon
obs.iseaskies.com/
0
16 B
XHR
General
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://www.zscaler.com
date
Fri, 12 Jul 2024 02:12:52 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
clock
tracking.crazyegg.com/
38 B
145 B
XHR
General
Full URL
https://tracking.crazyegg.com/clock?t=1720750372062&tk=80f93ae68d664369d14c6654f4ff8042
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.128.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-128-42.eu-west-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
03afc8ae1588fd4afde2a0c2fb028c8d50bd7c801de73f4592ff9d2c4f5e1b02

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 12 Jul 2024 02:12:52 GMT
cache-control
no-store
server
awselb/2.0
content-length
38
content-type
text/plain
healthcheck
pagestates-tracking.crazyegg.com/
19 B
462 B
XHR
General
Full URL
https://pagestates-tracking.crazyegg.com/healthcheck
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-58.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 01:43:28 GMT
via
1.1 6a5eda21ba47fc7b4d3ca7ac7a9ac958.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
age
25576165
x-cache
Hit from cloudfront
content-length
19
last-modified
Fri, 08 Jul 2022 22:25:51 GMT
server
AmazonS3
etag
"d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age
31536000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
accept-ranges
bytes
x-amz-cf-id
yOp1cmxWdQhUHlEKZ3RI2-vRD2F3GePEg3Pjsx1Jxit6kOzYQiPWhw==
healthcheck
assets-tracking.crazyegg.com/
19 B
461 B
XHR
General
Full URL
https://assets-tracking.crazyegg.com/healthcheck
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-72.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 01:23:29 GMT
via
1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
age
17714964
x-cache
Hit from cloudfront
content-length
19
last-modified
Fri, 08 Jul 2022 22:25:51 GMT
server
AmazonS3
etag
"d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age
31536000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
accept-ranges
bytes
x-amz-cf-id
6LgmatC7mYZV0KRWWfucbaXK9RU53T78pmMixWws6gE9W_Le2qSIaQ==
www.zscaler.com.json
script.crazyegg.com/pages/data-scripts/0097/6635/sampling/
154 B
238 B
XHR
General
Full URL
https://script.crazyegg.com/pages/data-scripts/0097/6635/sampling/www.zscaler.com.json?t=477986
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e98aa581b29facc90e4d84fcd13f3bf4e879d57765243f77c7036873d03fa794

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
content-encoding
gzip
cf-cache-status
HIT
age
16421
ce-version
11.5.237
content-length
145
last-modified
Thu, 11 Jul 2024 21:39:11 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a1d82c1882d9b77-FRA
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=30e07f37-d557-4b1f-8b68-6e742d20749c&session=5ea7b062-a10a-4340-854c-23abdaa93662&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A93%3A%3A12%22%7D&isIframe=false&m=%7B%22description%22%3A%22Part%201%20%7C%20ThreatLabz%20uncovers%20new%20tooling%20from%20APT41%20including%20DodgeBox%2C%20which%20uses%20advanced%20evasion%20techniques%20to%20deploy%20the%20MoonWalk%20backdoor%20that%20leverages%20Google%20Drive%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&pageViewId=562dfd87-3ceb-48b3-8163-17aff3a09f08&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:52 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 12 Jul 2024 02:12:52 GMT
b2b1a130-df8a-45ee-98d3-a28fec5747c8
https://www.zscaler.com/
45 B
0
Other
General
Full URL
blob:https://www.zscaler.com/b2b1a130-df8a-45ee-98d3-a28fec5747c8
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length
45
Content-Type
text/javascript
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=30e07f37-d557-4b1f-8b68-6e742d20749c&session=5ea7b062-a10a-4340-854c-23abdaa93662&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A51%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Part%201%20%7C%20ThreatLabz%20uncovers%20new%20tooling%20from%20APT41%20including%20DodgeBox%2C%20which%20uses%20advanced%20evasion%20techniques%20to%20deploy%20the%20MoonWalk%20backdoor%20that%20leverages%20Google%20Drive%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&pageViewId=562dfd87-3ceb-48b3-8163-17aff3a09f08&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:52 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 12 Jul 2024 02:12:52 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=30e07f37-d557-4b1f-8b68-6e742d20749c&session=5ea7b062-a10a-4340-854c-23abdaa93662&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22ab9750bca4342498694e239e304dd3a9%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%221dc729230d6b8d19bab5e6236d81f60c4dca0823%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%226934ae2b-4c76-4229-97d0-8f637b004b88%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A51%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Part%201%20%7C%20ThreatLabz%20uncovers%20new%20tooling%20from%20APT41%20including%20DodgeBox%2C%20which%20uses%20advanced%20evasion%20techniques%20to%20deploy%20the%20MoonWalk%20backdoor%20that%20leverages%20Google%20Drive%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&pageViewId=562dfd87-3ceb-48b3-8163-17aff3a09f08&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:52 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 12 Jul 2024 02:12:52 GMT
details
epsilon.6sense.com/v3/company/
725 B
706 B
XHR
General
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash
9aebfbc0236ccff41bb8bfe3e7ab44961b66545f59002d1f7712b6e15eb3c2c1

Request headers

Referer
https://www.zscaler.com/
Authorization
Token 1dc729230d6b8d19bab5e6236d81f60c4dca0823
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID
WebTag 6934ae2b-4c76-4229-97d0-8f637b004b88

Response headers

x-trace-id
2700325419482028090
date
Fri, 12 Jul 2024 02:12:52 GMT
content-encoding
gzip
server
nginx
vary
Origin, Accept-Encoding
content-type
application/json
x-6si-region
eu-central-1a
access-control-allow-origin
https://www.zscaler.com
access-control-expose-headers
X-6si-Region
access-control-allow-credentials
true
timing-allow-origin
https://6sense.com, https://www.ssga.com
content-length
387
details
epsilon.6sense.com/v3/company/ Frame
0
0
Preflight
General
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.zscaler.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
date
Fri, 12 Jul 2024 02:12:52 GMT
server
nginx
timing-allow-origin
https://6sense.com, https://www.ssga.com
x-6si-region
eu-central-1a
x-trace-id
3859123043831898782
0.7.32
bat.bing.com/p/insights/s/
35 KB
15 KB
Script
General
Full URL
https://bat.bing.com/p/insights/s/0.7.32
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/insights/t/26354555
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ARR/3.0
Resource Hash
ad367e536c20c594229b6d90ac4097730886eac4f8e11b07e908e584a62b1268
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Fri, 12 Jul 2024 02:12:51 GMT
x-powered-by
ARR/3.0
x-cache
CONFIG_NOCACHE
x-fd-int-roxy-purgeid
51562430
content-length
14999
last-modified
Fri, 10 May 2024 17:30:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 2C177F69DE99461A9B5377C74AF0CA4C Ref B: FRA31EDGE0221 Ref C: 2024-07-12T02:12:52Z
etag
W/"0x8DC7116E7C400CE"
vary
Accept-Encoding
x-azure-ref
20240712T021252Z-17b86c5c69fgdpwqv6qvpn2bes00000000y0000000000prm
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
34d9ee7c-501e-0029-774c-d310af000000
cache-control
public, max-age=86400
x-ms-version
2018-03-28
is
44.212.189.233/
32 B
437 B
Fetch
General
Full URL
https://44.212.189.233/is
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&cb=28265585095103196term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.212.189.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-212-189-233.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
b9746f8380519e2071a4a72c48d2afe6a4e90fdbc1f1ea471bd4cf857f7d2774

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain;charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
2
connection
close
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
content-length
32
x-application-context
application:prod:8080
2d719718-d527-4beb-87c8-589a7c80e973
https://www.zscaler.com/
43 B
0
Image
General
Full URL
blob:https://www.zscaler.com/2d719718-d527-4beb-87c8-589a7c80e973
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length
43
Content-Type
image/gif
ca6be1649b2c6bd5aa79ebaa229fa676.js
script.crazyegg.com/pages/versioned/trackingpagestate-scripts/
20 KB
8 KB
Script
General
Full URL
https://script.crazyegg.com/pages/versioned/trackingpagestate-scripts/ca6be1649b2c6bd5aa79ebaa229fa676.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7701282ea59743a1d336ee5ede4e6805ca9572c28ad013fa956fb39f18de0d69

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 11 Jul 2024 18:56:14 GMT
server
cloudflare
age
24809
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
timing-allow-origin
*
cf-ray
8a1d82c2bc01bbaa-FRA
211c97ac-e2e6-4dd7-8a34-8af75c98a4f6
https://www.zscaler.com/
241 B
0
Other
General
Full URL
blob:https://www.zscaler.com/211c97ac-e2e6-4dd7-8a34-8af75c98a4f6
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
024e41c582154068167df60396174022322fae5b74c245e2085f1c57f5bb60aa

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length
241
Content-Type
text/javascript
a
bat.bing.com/p/insights/c/
0
208 B
XHR
General
Full URL
https://bat.bing.com/p/insights/c/a
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/insights/s/0.7.32
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/x-webinsights-gzip
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 12 Jul 2024 02:12:51 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 9B67B3030F324872A281A4523D1EFBD2 Ref B: FRA31EDGE0221 Ref C: 2024-07-12T02:12:52Z
vary
Origin
x-cache
CONFIG_NOCACHE
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
request-context
appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
cf002f9117e70ef1a1dd0008c9c1be41.js
script.crazyegg.com/pages/versioned/tracking-scripts/
92 KB
30 KB
Script
General
Full URL
https://script.crazyegg.com/pages/versioned/tracking-scripts/cf002f9117e70ef1a1dd0008c9c1be41.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2168b67e80fac2eb8902789f3e31c92269fd82f0635c59ad6d924994e995f6c

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:52 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 17:58:37 GMT
server
cloudflare
age
24668
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
timing-allow-origin
*
cf-ray
8a1d82c31c46bbaa-FRA
/
px.ads.linkedin.com/wa/
0
194 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 12 Jul 2024 02:12:51 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: AAC93EBA23AC4093B546AC38A3442010 Ref B: FRAEDGE1708 Ref C: 2024-07-12T02:12:52Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
access-control-allow-origin
https://www.zscaler.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYdA2qykbyHrUqqWndaPw==
st
px.mountain.com/
2 KB
1 KB
Script
General
Full URL
https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=1782288955.1720750372&shpt=DodgeBox%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720750371%22%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%221782288955.1720750372%22%2C%22shpt%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221782288955.1720750372%22%2C%22mntnis%22%3A%22GL9vJHgJLLQgxUYHRKgs2Ouh9cJ14LVn%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A3%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1782288955.1720750372&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720750371%22%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&cb=28265585095103196term%3Dvalue&shoid=%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Cga4%3Dtrue
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&cb=28265585095103196term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.210.219.79 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-210-219-79.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
3de5d6bf8914245504307cd7f9eeb1079611cbaf991eaa56c50c1e06cbc48495

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:53 GMT
content-encoding
gzip
server
istio-envoy
transfer-encoding
chunked
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time
1
connection
close
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=30e07f37-d557-4b1f-8b68-6e742d20749c&session=5ea7b062-a10a-4340-854c-23abdaa93662&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A51%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Part%201%20%7C%20ThreatLabz%20uncovers%20new%20tooling%20from%20APT41%20including%20DodgeBox%2C%20which%20uses%20advanced%20evasion%20techniques%20to%20deploy%20the%20MoonWalk%20backdoor%20that%20leverages%20Google%20Drive%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&pageViewId=562dfd87-3ceb-48b3-8163-17aff3a09f08&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:53 GMT
x-content-type-options
nosniff
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 12 Jul 2024 02:12:53 GMT
mon
obs.iseaskies.com/
0
39 B
XHR
General
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://www.zscaler.com
date
Fri, 12 Jul 2024 02:12:53 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
/
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ Frame
0
0
Preflight
General
Full URL
https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
_vtok,_zitok,content-type,visited-url
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin
https://www.zscaler.com
allow
GET,HEAD
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8a1d82c789fc6a73-TXL
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 12 Jul 2024 02:12:53 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
x-robots-tag
noindex, nofollow
formcomplete.js
ws-assets.zoominfo.com/
90 KB
27 KB
Script
General
Full URL
https://ws-assets.zoominfo.com/formcomplete.js
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:53 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
age
2906
x-guploader-uploadid
ACJd0NruuSfX8TJ3X1-IGJk89mC0eRxvSSXN3I2Ed79qBw00TtbLOV2f0xclHzhbTwPwv7CHdJc
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 16 May 2024 10:14:37 GMT
server
cloudflare
etag
W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash
crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation
1715854477710382
content-type
application/javascript
cache-control
public, max-age=3600
x-goog-stored-content-length
91778
cf-ray
8a1d82c78b3a44f2-TXL
expires
Fri, 12 Jul 2024 02:24:27 GMT
/
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/
3 KB
2 KB
Fetch
General
Full URL
https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f8c0947a20f4a94c0014f95751170729f48635258bc7c680ecaa184ebda9e9a9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

visited-url
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Referer
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
_vtok
ODAuMjU1LjcuMTE3
_zitok
26d9b82598cbc095bf4d1720750372
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/javascript

Response headers

date
Fri, 12 Jul 2024 02:12:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc
h3=":443"; ma=86400
cf-ray
8a1d82c9ab8f58d8-TXL
forms
ws.zoominfo.com/formcomplete-v2/ Frame
0
0
Preflight
General
Full URL
https://ws.zoominfo.com/formcomplete-v2/forms
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin
https://www.zscaler.com
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8a1d82c97c426a73-TXL
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 12 Jul 2024 02:12:53 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
x-robots-tag
noindex, nofollow
forms
ws.zoominfo.com/formcomplete-v2/
321 B
618 B
Fetch
General
Full URL
https://ws.zoominfo.com/formcomplete-v2/forms
Requested by
Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
Authorization
bearer 370c892e688e1744cd312ed1426b3a
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 12 Jul 2024 02:12:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"141-mLq6O+j3ZcyvZxAx4AvrvpOh24w"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray
8a1d82caad0158d8-TXL
fb567804-f0b6-4872-8f4f-d4242d35168b
https://www.zscaler.com/
0
0

gs
gs.mountain.com/
144 B
733 B
Script
General
Full URL
https://gs.mountain.com/gs
Requested by
Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=1782288955.1720750372&shpt=DodgeBox%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720750371%22%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%221782288955.1720750372%22%2C%22shpt%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221782288955.1720750372%22%2C%22mntnis%22%3A%22GL9vJHgJLLQgxUYHRKgs2Ouh9cJ14LVn%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A3%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1782288955.1720750372&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720750371%22%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&cb=28265585095103196term%3Dvalue&shoid=%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Cga4%3Dtrue
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.212.4.35 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-212-4-35.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
664862106e359cf4e4cd0350143b386edc604b92c2a678c65b0285861c4846a8

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:54 GMT
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
cache-control
public, max-age=31536000
x-envoy-upstream-service-time
0
connection
close
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
content-length
144
x-application-context
application:prod:8080
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=30e07f37-d557-4b1f-8b68-6e742d20749c&session=5ea7b062-a10a-4340-854c-23abdaa93662&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A52%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Part%201%20%7C%20ThreatLabz%20uncovers%20new%20tooling%20from%20APT41%20including%20DodgeBox%2C%20which%20uses%20advanced%20evasion%20techniques%20to%20deploy%20the%20MoonWalk%20backdoor%20that%20leverages%20Google%20Drive%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&pageViewId=562dfd87-3ceb-48b3-8163-17aff3a09f08&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:54 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 12 Jul 2024 02:12:54 GMT
mon
obs.iseaskies.com/
0
39 B
XHR
General
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://www.zscaler.com
date
Fri, 12 Jul 2024 02:12:54 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
st
px.mountain.com/
5 KB
2 KB
Script
General
Full URL
https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=1782288955.1720750372&shpt=DodgeBox%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720750371%22%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%221782288955.1720750372%22%2C%22shpt%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221782288955.1720750372%22%2C%22mntnis%22%3A%22GL9vJHgJLLQgxUYHRKgs2Ouh9cJ14LVn%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A3%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1782288955.1720750372&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720750371%22%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&shoid=%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Cga4%3Dtrue&cb=172075037365445&shguid=3e079d7c-dc8d-3e1a-b72c-844cce96ae67&shgts=1720750374512
Requested by
Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=1782288955.1720750372&shpt=DodgeBox%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720750371%22%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%221782288955.1720750372%22%2C%22shpt%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221782288955.1720750372%22%2C%22mntnis%22%3A%22GL9vJHgJLLQgxUYHRKgs2Ouh9cJ14LVn%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A3%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1782288955.1720750372&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720750371%22%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&cb=28265585095103196term%3Dvalue&shoid=%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Cga4%3Dtrue
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.210.219.79 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-210-219-79.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
9e72535bd86cdda6b86663481e2d287c07bda94a0a379009b4f87a42ae75bed6

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:55 GMT
content-encoding
gzip
server
istio-envoy
transfer-encoding
chunked
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time
31
connection
close
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=30e07f37-d557-4b1f-8b68-6e742d20749c&session=5ea7b062-a10a-4340-854c-23abdaa93662&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A53%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Part%201%20%7C%20ThreatLabz%20uncovers%20new%20tooling%20from%20APT41%20including%20DodgeBox%2C%20which%20uses%20advanced%20evasion%20techniques%20to%20deploy%20the%20MoonWalk%20backdoor%20that%20leverages%20Google%20Drive%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&pageViewId=562dfd87-3ceb-48b3-8163-17aff3a09f08&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:55 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 12 Jul 2024 02:12:55 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=30e07f37-d557-4b1f-8b68-6e742d20749c&session=5ea7b062-a10a-4340-854c-23abdaa93662&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A54%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Part%201%20%7C%20ThreatLabz%20uncovers%20new%20tooling%20from%20APT41%20including%20DodgeBox%2C%20which%20uses%20advanced%20evasion%20techniques%20to%20deploy%20the%20MoonWalk%20backdoor%20that%20leverages%20Google%20Drive%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&pageViewId=562dfd87-3ceb-48b3-8163-17aff3a09f08&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:56 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 12 Jul 2024 02:12:56 GMT
mon
obs.iseaskies.com/
0
39 B
XHR
General
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://www.zscaler.com
date
Fri, 12 Jul 2024 02:12:56 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
app.js
acsbapp.com/apps/app/dist/js/
304 KB
93 KB
Script
General
Full URL
https://acsbapp.com/apps/app/dist/js/app.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c33622caf37e0ba4c234f7c2d0c9cbbdb6eac1de4c4324c357e4c959a1c25a58

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 02:12:56 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-guploader-uploadid
ACJd0NrFJDjWEzmdM1_-LsRolLOpBkHHB_B3lkYl6isdnmlELdXOcIcRU71uV9MZwv8vjZnsfbU
x-goog-storage-class
STANDARD
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
last-modified
Thu, 11 Jul 2024 11:43:59 GMT
server
cloudflare
etag
W/"455ee771b1ebc35b3af6bf5ad4a7511e"
vary
Accept-Encoding
x-goog-hash
crc32c=xraOrg==, md5=RV7ncbHrw1s69r9a1KdRHg==
x-goog-generation
1720698239713385
access-control-allow-origin
*
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=300, must-revalidate
x-goog-stored-content-length
311151
access-control-expose-headers
*
cf-ray
8a1d82ddbe0b9b34-FRA
expires
Sat, 12 Jul 2025 02:12:56 GMT
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4790v883639532za200zb71607006&_p=1720750371313&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&tt=(not%20set)&cid=1782288955.1720750372&ul=de-de&sr=1600x1200&are=1&frm=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAg&_s=6&sid=1720750371&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&dt=DodgeBox%20%7C%20ThreatLabz&en=marketo_form_view&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20240710&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Yin%20Hong%20Chang&ep.author_name_2=Sudeep%20Singh&ep.nid=81006&epn.hit_timestamp=1720750371620&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=1944&_et=1&tfd=6901&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
config.json
cdn.acsbapp.com/config/zscaler.com/
0
0

img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=30e07f37-d557-4b1f-8b68-6e742d20749c&session=5ea7b062-a10a-4340-854c-23abdaa93662&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A55%20GMT%22%2C%22timeSpent%22%3A%221719%22%2C%22totalTimeSpent%22%3A%225723%22%7D&isIframe=false&m=%7B%22description%22%3A%22Part%201%20%7C%20ThreatLabz%20uncovers%20new%20tooling%20from%20APT41%20including%20DodgeBox%2C%20which%20uses%20advanced%20evasion%20techniques%20to%20deploy%20the%20MoonWalk%20backdoor%20that%20leverages%20Google%20Drive%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DodgeBox%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&pageViewId=562dfd87-3ceb-48b3-8163-17aff3a09f08&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jul 2024 02:12:57 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 12 Jul 2024 02:12:57 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
insight.adsrvr.org
URL
https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&upid=27hmsyx&upv=1.1.0
Domain
api.rudderstack.com
URL
https://api.rudderstack.com/sourceConfig/?p=cdn&v=2.48.12&writeKey=2iW16CYfMWw5tCRDZVbyXGVWLNR
Domain
www.zscaler.com
URL
blob:https://www.zscaler.com/fb567804-f0b6-4872-8f4f-d4242d35168b
Domain
cdn.acsbapp.com
URL
https://cdn.acsbapp.com/config/zscaler.com/config.json

Verdicts & Comments Add Verdict or Comment

137 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| intellimize function| OptanonWrapper function| __ctcg_ct_60409_exec object| webpackChunk_N_E function| __next_set_public_path__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E function| DOMPurify function| __NEXT_PRELOADREADY object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST string| cPubgJNt object| iOverride function| __defProp function| __defProps function| __getOwnPropDescs function| __getOwnPropSymbols function| __hasOwnProp function| __propIsEnum function| __pow function| __defNormalProp function| __spreadValues function| __spreadProps function| __objRest function| __publicField function| __async string| ipgvidtfr object| test object| renderedForms object| iiloc object| icntxtlftrs object| iutmprms string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| MktoForms2 object| Optanon object| OneTrust object| _cq function| addCaptchaScript object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| author object| authorArray number| pageLoadTime string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| _linkedin_data_partner_id function| fbq function| _fbq object| techtargetic object| zi string| ZIProjectKey function| pdst object| rudderanalytics function| onYouTubeIframeAPIReady object| gaGlobal object| _6si boolean| CE_USER_SCRIPT object| CE2 string| CE_USER_SITE_DATA_URL string| CE_USER_DATA_URL object| zitag object| ZILogs function| loadZILogs function| errorHandler function| lintrk boolean| _already_called_lintrk string| adroll_sid object| __adroll_consent_data object| adroll object| __adroll object| adroll_loaded object| adroll_callbacks function| adroll_tpc_callback function| UET function| UET_init function| UET_push object| ueto_992aa17f3f object| uetq function| ttd_dom_ready object| ttd_up_api function| TTDUniversalPixelApi object| ttdPixel function| spdt function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin string| CE_USER_COMMON_SCRIPT_URL string| CE_USER_THIRDPARTY_SCRIPT_URL object| webpackChunkCE2 object| CE2BH function| CE_URL_FINGERPRINT object| CE_API boolean| _storagePopulated function| webinsights object| insightsuetq object| adroll_exp_list boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country string| dcm_cid object| ORIBILI string| avail_ga_sorted object| _zi_fc object| regeneratorRuntime object| _zi object| irongate object| mntn object| webpackChunkwidget object| pure_JSON object| pure_CSS function| pure_URL function| pure_fetch function| pure_Set function| pure_Map object| AJS object| acsbJS object| AccessiBe object| acsb object| accessWidget function| pure_addEventListener function| pure_removeEventListener

43 Cookies

Domain/Path Name / Value
.zscaler.com/ Name: _cq_duid
Value: 1.1720750370.FNRnVPRnGPKA8Y5f
.zscaler.com/ Name: _cq_suid
Value: 1.1720750370.adRxWfFbtlaag12E
.info.zscaler.com/ Name: __cf_bm
Value: o6utB8dsn4EDCYVU9HK.WSTnjnSBxHQWgRN4nIgewDs-1720750370-1.0.1.1-rDoLsPcX49XXprgPKEuZBZHAVbvptj8Y_.1SJwlEMT11VkBa6YaQQNqY8WoM_P0rM_xaZdRGZmfPkaTCt3tkqg
.www.zscaler.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+Jul+12+2024+04%3A12%3A50+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202403.1.0&browserGpcFlag=0&isIABGlobal=false&consentId=d69a7050-6da4-455f-bfd8-3d0c3652405d&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fdodgebox-deep-dive-updated-arsenal-apt41-part-1&groups=C0001%3A1%2CC0005%3A0%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0&hosts=H36%3A1%2CH120%3A1%2CH59%3A1%2CH88%3A1%2CH98%3A1%2CH141%3A1%2CH109%3A1%2CH45%3A1%2CH46%3A1%2CH100%3A1%2CH79%3A1%2CH132%3A1%2CH119%3A0%2CH12%3A0%2CH123%3A0%2CH153%3A0%2CH144%3A0%2CH82%3A0%2CH106%3A0%2CH140%3A0%2CH165%3A0%2CH168%3A0%2CH169%3A0%2CH145%3A0%2CH139%3A0%2CH130%3A0%2CH31%3A0%2CH116%3A0%2CH4%3A0%2CH102%3A0%2CH76%3A0%2CH103%3A0%2CH60%3A0%2CH96%3A0%2CH162%3A0%2CH167%3A0%2CH20%3A0%2CH175%3A0%2CH22%3A0%2CH97%3A0%2CH121%3A0%2CH108%3A0%2CH65%3A0%2CH83%3A0%2CH131%3A0%2CH110%3A0%2CH111%3A0%2CH112%3A0%2CH185%3A0%2CH114%3A0%2CH118%3A0%2CH101%3A0%2CH150%3A0%2CH151%3A0%2CH129%3A0%2CH152%3A0%2CH52%3A0%2CH154%3A0%2CH133%3A0%2CH155%3A0%2CH156%3A0%2CH8%3A0%2CH157%3A0%2CH158%3A0%2CH159%3A0%2CH104%3A0%2CH160%3A0%2CH161%3A0%2CH163%3A0%2CH164%3A0%2CH105%3A0%2CH14%3A0%2CH149%3A0%2CH146%3A0%2CH166%3A0%2CH40%3A0%2CH15%3A0%2CH17%3A0%2CH170%3A0%2CH171%3A0%2CH172%3A0%2CH173%3A0%2CH63%3A0%2CH124%3A0%2CH174%3A0%2CH176%3A0%2CH177%3A0%2CH178%3A0%2CH134%3A0%2CH135%3A0%2CH179%3A0%2CH147%3A0%2CH180%3A0%2CH136%3A0%2CH189%3A0%2CH181%3A0%2CH182%3A0%2CH183%3A0%2CH184%3A0%2CH113%3A0%2CH186%3A0%2CH115%3A0%2CH33%3A0%2CH34%3A0%2CH187%3A0%2CH188%3A0&genVendors=
obs.iseaskies.com/ Name: cg_uuid
Value: 9e29e89e3a58964ac4b9e38c0de6bea5
info.zscaler.com/ Name: BIGipServerabmweb-nginx-app_https
Value: !hvnMK1aHAQT8jVywZJ6CmE6tjLF6/wvNsCc2rlN5dOFRMx0aqTD+wXsvmw/v/74xpucP0u3uc2Vwbw==
.zscaler.com/ Name: _gcl_au
Value: 1.1.1123585620.1720750372
.zscaler.com/ Name: _ga
Value: GA1.1.1782288955.1720750372
.zscaler.com/ Name: _ga_10SPJ4YJL9
Value: GS1.1.1720750371.1.0.1720750371.60.0.0
.techtarget.com/ Name: __cf_bm
Value: s4a6cqEzWsZZYWeGoGlKw2JcKE9qfQv1LX0OaQ12vlk-1720750371-1.0.1.1-yVCwowVLh_YYq9EwFugn4NuT8zOJtLI5KJZevNcsmqY888wMzP_m0eZ76LdiHzt2WlK3JhyW2mhgWs8iOGGK5w
www.zscaler.com/ Name: __pdst
Value: 387ed07f4a904992acd03b0d121b58bd
.doubleclick.net/ Name: ar_debug
Value: 1
.zscaler.com/ Name: rl_session
Value: RudderEncrypt%3AU2FsdGVkX19zKDNJdA5xOtcxlAjyBtDNvSjpr6hoQ2LjenRZ3fekCDFtAEE6%2FJ0YnS%2B%2BayopW2FTMMkDPBb6XnxNuGVXD%2BAPyjgtYBKttdKF8rh3uJGbpeGCJWXHobZHE6quDfceeuWRtYvFPuWReQ%3D%3D
.zscaler.com/ Name: rl_user_id
Value: RudderEncrypt%3AU2FsdGVkX1%2FQLNTOnlA8MoPkGn5tbcJ95d4JOno%2FDEg%3D
.zscaler.com/ Name: rl_trait
Value: RudderEncrypt%3AU2FsdGVkX19oJHclcddDRJKfO9%2FXC57PF%2FxNrVpiqd0%3D
.zscaler.com/ Name: rl_group_id
Value: RudderEncrypt%3AU2FsdGVkX18N5zEEJFNXdYl7oZP%2FO5xZHqkjr5T8duE%3D
.zscaler.com/ Name: rl_group_trait
Value: RudderEncrypt%3AU2FsdGVkX1%2FelcKWYnvGEKqRaUkeAO7ik%2BMfBM3Ow7A%3D
.zscaler.com/ Name: rl_anonymous_id
Value: RudderEncrypt%3AU2FsdGVkX19mkuBdx6h%2BB29Tol1lETktqFmjdck8kFOh9vA%2BYcIEduA5zB3AAxoXZ5UspUuwwpASQs8DOm8XVQ%3D%3D
.zscaler.com/ Name: rl_page_init_referrer
Value: RudderEncrypt%3AU2FsdGVkX198u9ySvgVCcDllCiBnu4exsrphGoZnO44%3D
.zscaler.com/ Name: rl_page_init_referring_domain
Value: RudderEncrypt%3AU2FsdGVkX19Ls%2FUOV9Gl%2BC%2BVOUHmZFFY65rpJRrFLwk%3D
.zscaler.com/ Name: _fbp
Value: fb.1.1720750372036.842317434777512568
www.zscaler.com/ Name: _gd_visitor
Value: 30e07f37-d557-4b1f-8b68-6e742d20749c
www.zscaler.com/ Name: _gd_session
Value: 5ea7b062-a10a-4340-854c-23abdaa93662
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
www.zscaler.com/ Name: _an_uid
Value: 0
.doubleclick.net/ Name: IDE
Value: AHWqTUkXJ7YpLesFPRN_r7ESkLQlHciQkcuXMPpBAQJ-f90PPzdf0l0OmoHX9CCQG1Q
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.zscaler.com/ Name: _ce.irv
Value: new
.zscaler.com/ Name: cebs
Value: 1
.linkedin.com/ Name: bcookie
Value: "v=2&c8e6c080-8931-421a-81df-25e596f8b6dd"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MjA3NTAzNzI7MjswMjHGw4Ru1wDHvvvB2Kjw24mwEEBsoN66dCH/Q3h9ahsjHw==
.linkedin.com/ Name: lidc
Value: "b=VGST04:s=V:r=V:a=V:p=V:g=3295:u=1:x=1:i=1720750372:t=1720836772:v=2:sig=AQFesLAPpTpf76NHwxk3mON3ihHRtIlx"
.zscaler.com/ Name: _uetsid
Value: 3e206e403ff411efa4365bde7dcdb9d7|27il6z|2|fne|0|1654
.zscaler.com/ Name: _ce.clock_data
Value: 35%2C80.255.7.117%2C1%2C120f067c16b32be659e0180b31e62841%2CChrome%2CDE
.zscaler.com/ Name: cebsp_
Value: 1
.zscaler.com/ Name: _ce.s
Value: v~de85c79572d6a55c441492da46f7c65da1d33ee5~lcw~1720750372262~lva~1720750372116~vpv~0~v11.cs~366477~v11.s~3e5ce460-3ff4-11ef-9009-1b346feb04cd~lcw~1720750372262
.zscaler.com/ Name: _uetvid
Value: 3e2117903ff411ef80c5a9f839feb204|1vkzc0p|1720750372403|1|1|bat.bing.com/p/insights/c/a
.www.zscaler.com/ Name: _zitok
Value: 26d9b82598cbc095bf4d1720750372
.zoominfo.com/ Name: __cf_bm
Value: bKUn1ImKaLx6xb8ZXqqG31kjK12e9LH43RTzBXrETkA-1720750373-1.0.1.1-QkOKXo9PTrOJx9W0RP5CnTGNfjHre2Fy.Gsi9Aj5G5.Q_3ejPB_Aeh5Y6DRRyM1vdHNcCUAaCaGuj_q51w_toQ
.zoominfo.com/ Name: _cfuvid
Value: .np_EbuMmg7RzVf7wnsVzouBFhTlwvfNUprJUnpL4Ys-1720750373134-0.0.1.1-604800000
.mountain.com/ Name: guid
Value: 3f314c3c-3ff4-11ef-bfce-cde58b46bd80
.px.mountain.com/ Name: tt
Value: "H4sIAAAAAAAAAKtW8guKNzYyNrKMN7IwtlCyMtBBEjG3NAaLICswNDcyMDc1MDY3NTSx0FEqU7IyqgUAnjahV0YAAAA="
.mountain.com/ Name: rt
Value: "MzIzMjk6MTcyMDc1MDM3NQ=="

5 Console Messages

Source Level URL
Text
worker verbose URL: blob:https://www.zscaler.com/2566a574-3645-4cd2-b3c6-1417c368284b(Line 1)
Message:
Error
security error URL: https://cdn.pdst.fm/ping.min.js
Message:
Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the following Content Security Policy directive: "connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/".
javascript error URL: https://cdn.pdst.fm/ping.min.js
Message:
Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the document's Content Security Policy.
security error URL: https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js
Message:
Refused to connect to 'https://api.rudderstack.com/sourceConfig/?p=cdn&v=2.48.12&writeKey=2iW16CYfMWw5tCRDZVbyXGVWLNR' because it violates the following Content Security Policy directive: "connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/".
security error URL: https://js.zi-scripts.com/zi-tag.js
Message:
Refused to load the script 'blob:https://www.zscaler.com/fb567804-f0b6-4872-8f4f-d4242d35168b' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/;
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

117186981.intellimizeio.com
8541430.fls.doubleclick.net
acsbapp.com
ad.doubleclick.net
api.intellimize.co
api.rudderstack.com
assets-tracking.crazyegg.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.acsbapp.com
cdn.cookielaw.org
cdn.intellimize.co
cdn.pdst.fm
cdn.rudderlabs.com
connect.facebook.net
d.adroll.com
dx.mountain.com
epsilon.6sense.com
geolocation.onetrust.com
gs.mountain.com
ibc-flow.techtarget.com
info.zscaler.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.zi-scripts.com
log.intellimize.co
munchkin.marketo.net
ob.iseaskies.com
obs.iseaskies.com
pagestates-tracking.crazyegg.com
px.ads.linkedin.com
px.mountain.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
script.crazyegg.com
secure.adnxs.com
snap.licdn.com
stats.g.doubleclick.net
tracking.crazyegg.com
trk.techtarget.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.zscaler.com
api.rudderstack.com
cdn.acsbapp.com
insight.adsrvr.org
www.zscaler.com
104.16.117.43
104.16.118.43
104.17.70.206
13.107.42.14
13.35.58.58
142.250.185.164
142.250.185.70
142.250.186.166
142.250.186.67
151.101.2.132
172.64.150.44
18.172.103.101
18.66.122.72
2.17.100.193
2001:4860:4802:32::36
2600:1f18:e8a:cd08:3437:aff5:50c:d298
2600:9000:223f:b000:c:d449:2a40:93a1
2600:9000:237d:b600:16:a497:9700:93a1
2600:9000:26da:aa00:6:9280:1080:93a1
2606:4700:10::6816:1cc
2606:4700:4400::6812:24c4
2606:4700:4400::ac40:9b77
2606:4700::6812:1d4a
2606:4700::6813:9408
2606:4700::6813:b134
2620:1ec:21::14
2620:1ec:c11::237
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9a
2a02:26f0:3500:10::210:a9a
2a02:26f0:ab00::214:8e41
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a05:d018:cc3:fe04:117a:ce3a:dc4d:8d18
34.111.208.231
34.210.219.79
34.212.4.35
34.238.149.65
34.249.128.42
35.244.142.80
37.252.173.215
44.212.189.233
52.17.195.126
54.155.176.252
54.244.10.119
76.223.9.105
88.221.60.75
024e41c582154068167df60396174022322fae5b74c245e2085f1c57f5bb60aa
02b5db103f24a7395fa2623b371ea764e2948337147de780911dc2fcdec49458
02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
03afc8ae1588fd4afde2a0c2fb028c8d50bd7c801de73f4592ff9d2c4f5e1b02
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
082f56a5765f3be29c1faa6afb330aa259290b729a2e7a187c45379cc9f48e20
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c23f1b514dc8298404453e6be34ecd3bc364fc48a4874d0b5e52d25de8c6784
0e7a5698fcf9228a9ddf6f83291dc0d8e0d618bf1db73585c6d72b1009ff20fa
101b9bde526650e874429f01df4b9a53660d9c328a072bef8a31607d27f35d0f
13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5
15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971
1e7e36f3f88692d69244aa905916aabc0e00bcc987bbc4cef85324e8c3733266
2036fd495b0b68f1b7c7d7b9744ca0e57cd3fa827a6b85d7714c9537f580ddb0
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2b0cd39d290a1403b6303c049dceebac871d07a5f776b53f4e425ec2235d16a8
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f0c337dcc8b75a5b1ed89e8a9e12860b5a023bb14a92ef1c6ac629541a5d1f7
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
31c0f218e3455c2a2bddeab89ea1bc84fd88006c188858560c27babba88f4b6b
31d8f5d0e01807256c12d40c18410385c9a9985fed650f5537a5450f0582cce6
3618b2465cc3685ffb2dd728fc10a62ba02d648f199b33875b43d11465793e75
36d285646fbea25535bf092bda915ae8f6aca78526502f7d99a7678fab3189ec
38345bfe481893e3db8217b2b743a08e4f10d8a3b7548864b8f7647eeab4e15c
3de5d6bf8914245504307cd7f9eeb1079611cbaf991eaa56c50c1e06cbc48495
42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880
43c880020f0066f53b26eb86950864824babe58c4ec316f8598417219acaa432
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
464a2a89ca6b0b827fd9598bf6d2dccf5f072cacf0b0f0423f7d30f0e97ce135
476da3a92ba2ae47596581eab4d67f3771edb396de9672678bfacfaec90f7d64
4cf0a0878e248f71538780f86f7da42e479d4d26a488a14e3bd1fe654027c546
4d3dab569c7b9e24ba3484873769a6b4a34bd3ab4ef6ff53b1c5a5c60f7d5663
4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06
52048c0a408bad15148e9734bae7bc41703fa0cea42b1f341f35a81eaaa510ce
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
538fcc9b374b95f2ffa196d787ca885a3509d02ff1f4adbbb05089a9c83ba72f
54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3
5cc980583cabc553427f9b5d5fdb361e959c0725d976ed948f6b7b8200f37372
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
610b07d719732b2c51e03ec1e20eae956f86785bca4582be086347bfd17a7235
6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c
664862106e359cf4e4cd0350143b386edc604b92c2a678c65b0285861c4846a8
67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3
6983cc4d5da374c36c01d4ef660385b7ae33de35414550bfc04c925d311ca5bc
6be6a088c82891484a874b7fa90b917c48f53843fd48cd088b643a2a81618508
747b3bdf8958ba6ea546f95ee4255f40cdb156a5e61cb7c0b4324f77181c7991
7701282ea59743a1d336ee5ede4e6805ca9572c28ad013fa956fb39f18de0d69
7b05f7b79179d50668be76cd6b4ba41ddb162deb9e674ade630e9942b4e7c335
7b05fdaf745a54b8e0c4b4b9d6f2f89c5870f1bcf505e6318749be75ce7b6faa
7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c
7cfc7e7ef1b5a3b8ca8dc185554f0a13e93b88e1ea66e131cb8d8a922039aca7
7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7
7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff
82597ca5e9f0b28679550d3daf2838062560cb46eae1c623b8ed40704ae82dc2
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
853ef94c99bfac6b4acd949c99d13c8327f6082ee340d40e7a0b1ab9b17400ed
87565af07d1cabde211838c4025996136c7bb2db2507c920c0e36eb92924611a
89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140
89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723
8c9a6d871df32bfc6af2cafbfe3c8eb914933df37a98299bbe165e1fe4bdc147
910c87a7713a41f3e459123f902e195eee2fb9eee25a9aa58566ea73c1914eb8
937d88897bd84da1ef68639717fd9ec8638bb9f68b7d5833c9e6a29e6c52d920
959f418a7c1a1e100c35c5b2c32363feff3b193e76e3c911270484078beccfa9
974c75cae56258569c9e08ba3e7c89556dfa21cb979b1106d91171d20c42d82b
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9aebfbc0236ccff41bb8bfe3e7ab44961b66545f59002d1f7712b6e15eb3c2c1
9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd
9e72535bd86cdda6b86663481e2d287c07bda94a0a379009b4f87a42ae75bed6
9e89b63ab295246ae2aeb6c6084e9ff457edb842c2e7a4cc378e0fef45589d60
9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc
a1ef5d985cdacad95db115e8007eea747a495199d3b1c936c8c50c7064090ff0
a2a019102f4fd91b863e1030b90c84020242dcc4d62e94053f1f2210c98e6333
a59b02412916fa4c417db1a41052abc8eefafd56224747dfd7524bec268ad714
a97bc8ec679a82ec782bd76c7302c0ca394c1ad672450f86f87bee5e0ec06b19
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ad367e536c20c594229b6d90ac4097730886eac4f8e11b07e908e584a62b1268
ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10
af26d202b6d2736172ff073329e6f14d009024925757d31c4b4bde701bcde4e0
b313dd302550e78e611dd129c0fc501e5544450488c199b44eb20107f69eba3d
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
b5a06f8f00aca1f396d2adc417c8a863787dcee4eed50755d34af10690715f23
b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8
b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc
b9746f8380519e2071a4a72c48d2afe6a4e90fdbc1f1ea471bd4cf857f7d2774
bab7d4cb9d54135d521e26f2b1bc18b9e068678e7b33bdbf0e6354d4ad88ea07
bb0ae2d781e8cc758d26e9284dae2326d4b91f90b876ff202889d5f91f62aba0
beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac
bf6516457600ff741e33b46cfcd794bef4ef2774f5cc4ae05cdf5fcc04e4b749
c33622caf37e0ba4c234f7c2d0c9cbbdb6eac1de4c4324c357e4c959a1c25a58
c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de
c52c74d5f72fba35bbb92461ac20ea6d80b9e826d28369d5fa6010d9838508ee
c9010233d0ba307c61a0ab1f5aec2a855fe94eff9c9899c902b44be9ce544b2b
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336
d06d5e37644f6addafd8e549dbd74a48bf443b4b06b75172009bc56cd38c42f8
d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f
d204de42c94a582ed354d118362d3258d28bd540353a85b4f60c84ea3e2c2d58
d2168b67e80fac2eb8902789f3e31c92269fd82f0635c59ad6d924994e995f6c
d2748381a1e0a6d88bf41ceee8e3ee315e6aa538facb893e219db84dc40cab9e
dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4
dc1a746e4540f4be2f9172e2403669d454784c6ff4e5394e5c89f6d24f22af83
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
e363ebde1a4d256bd695d54e646deaa72ced39ea8dd4db84d9622a433b8cbc13
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb
e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090
e98aa581b29facc90e4d84fcd13f3bf4e879d57765243f77c7036873d03fa794
e98ebd4041010e01df2e124d17e054116bd1f2e41def6e190fb18602b264db98
ea6ecf1121b28cde9737ba4ecd724e15881f0caebb6f3db01b771ef911ff17b5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f23f53e414e418ba0b70cf9106982d493e4d3554fc1929533737d4f595f89f7e
f2d13675b5f834ac007b37d59e7dc7b216dce2beefc3111ecfb91b321987685b
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5
f8c0947a20f4a94c0014f95751170729f48635258bc7c680ecaa184ebda9e9a9
fa456b8f12644c4b7679d7721ddf863aac565bcd4a12cf8c9644911a68301368
fb884d14291b689486d86d9774a99cc035a2390b22eeb0315fd899a247e155f5
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c
fd06da99f01b4d5e3fc4c54e4e3cf4ae18803c08bc113e4cb923638d6e683278
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a