urlscan.io logo urlscan.io
SecurityTrails logo

www.zscaler.com Open in urlscan Pro
2606:4700::6812:1d4a  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader#key-takeaways
Effective URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Submission: On November 11 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 31 IPs in 5 countries across 20 domains to perform 141 HTTP transactions. The main IP is 2606:4700::6812:1d4a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com. The Cisco Umbrella rank of the primary domain is 69289.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 28th 2024. Valid for: a year.
This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 56 2606:4700::68... 13335 (CLOUDFLAR...)
9 2606:4700::68... 13335 (CLOUDFLAR...)
7 104.17.74.206 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 151.101.2.132 54113 (FASTLY)
1 23.199.214.136 16625 (AKAMAI-AS)
18 2.17.100.184 20940 (AKAMAI-ASN1)
1 2600:9000:223... 16509 (AMAZON-02)
1 52.213.91.154 16509 (AMAZON-02)
2 52.49.5.89 16509 (AMAZON-02)
1 37.252.171.52 29990 (ASN-APPNEX)
1 2a02:26f0:ab0... 20940 (AKAMAI-ASN1)
7 2600:1f18:e8a... 14618 (AMAZON-AES)
2 75.2.108.141 16509 (AMAZON-02)
2 52.39.15.251 16509 (AMAZON-02)
2 18.173.154.42 16509 (AMAZON-02)
2 2a03:2880:f08... 32934 (FACEBOOK)
2 2620:1ec:33:1... 8075 (MICROSOFT...)
1 2 216.58.206.34 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 104.18.37.212 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:10:... ()
1 2606:4700:10:... ()
141 31
56    2606:4700::6812:1d4a (United States)

ASN13335 (CLOUDFLARENET, US)
www.zscaler.com
9    2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
7    104.17.74.206 (None, )

ASN13335 (CLOUDFLARENET, US)
info.zscaler.com
4    2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    151.101.2.132 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.intellimize.co
1    23.199.214.136 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-199-214-136.deploy.static.akamaitechnologies.com
munchkin.marketo.net
18    2.17.100.184 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-184.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
1    2600:9000:223e:5400:c:d449:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
ob.iseaskies.com
1    52.213.91.154 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-91-154.eu-west-1.compute.amazonaws.com
117186981.intellimizeio.com
2    52.49.5.89 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-5-89.eu-west-1.compute.amazonaws.com
api.intellimize.co
1    37.252.171.52 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
1    2a02:26f0:ab00::214:8e41 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
ipv6.6sc.co
7    2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
obs.iseaskies.com
2    75.2.108.141 (United States)

ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com
eps.6sc.co
2    52.39.15.251 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-39-15-251.us-west-2.compute.amazonaws.com
log.intellimize.co
2    18.173.154.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-42.muc50.r.cloudfront.net
v.eps.6sc.co
2    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net
www.googleadservices.com
2    2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c09::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)
js.zi-scripts.com
1    2606:4700::6810:762b (United States)

ASN13335 (CLOUDFLARENET, US)
ws-assets.zoominfo.com
4    2606:4700::6810:752b (United States)

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
1    2606:4700:10::ac43:b9b (None, )

ASN- ()
acsbapp.com
1    2606:4700:10::6816:1cc (None, )

ASN- ()
cdn.acsbapp.com
Apex Domain
Subdomains		 Transfer
63 zscaler.com
www.zscaler.com — Cisco Umbrella Rank: 69289
info.zscaler.com — Cisco Umbrella Rank: 628703
2 MB
23 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5626
c.6sc.co — Cisco Umbrella Rank: 6951
ipv6.6sc.co — Cisco Umbrella Rank: 5794
eps.6sc.co — Cisco Umbrella Rank: 11869
b.6sc.co — Cisco Umbrella Rank: 3611
v.eps.6sc.co — Cisco Umbrella Rank: 16729
26 KB
9 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 326
209 KB
8 iseaskies.com
ob.iseaskies.com — Cisco Umbrella Rank: 444422
obs.iseaskies.com — Cisco Umbrella Rank: 497603
42 KB
5 zoominfo.com
ws-assets.zoominfo.com — Cisco Umbrella Rank: 11155
ws.zoominfo.com — Cisco Umbrella Rank: 4482
17 KB
5 intellimize.co
cdn.intellimize.co — Cisco Umbrella Rank: 37558
api.intellimize.co — Cisco Umbrella Rank: 33118
log.intellimize.co — Cisco Umbrella Rank: 32375
108 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 3
region1.analytics.google.com — Cisco Umbrella Rank: 4401
48 B
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
500 KB
3 zi-scripts.com
js.zi-scripts.com — Cisco Umbrella Rank: 5671
4 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 11271
191 B
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
603 B
2 acsbapp.com
acsbapp.com
cdn.acsbapp.com
116 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
3 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 89
3 KB
2 bing.com
bat.bing.com — Cisco Umbrella Rank: 348
15 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
76 KB
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 479
702 B
1 intellimizeio.com
117186981.intellimizeio.com — Cisco Umbrella Rank: 822121
1 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3657
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 498
303 B
141 20
Domain Requested by
56 www.zscaler.com 1 redirects www.zscaler.com
15 b.6sc.co www.zscaler.com
9 cdn.cookielaw.org www.zscaler.com
cdn.cookielaw.org
7 obs.iseaskies.com ob.iseaskies.com
www.zscaler.com
7 info.zscaler.com www.zscaler.com
info.zscaler.com
4 ws.zoominfo.com js.zi-scripts.com
ws-assets.zoominfo.com
4 www.googletagmanager.com www.zscaler.com
ob.iseaskies.com
www.googletagmanager.com
3 js.zi-scripts.com www.zscaler.com
js.zi-scripts.com
3 www.google.de www.zscaler.com
3 www.google.com 2 redirects www.googletagmanager.com
2 www.facebook.com www.zscaler.com
2 googleads.g.doubleclick.net 2 redirects
2 www.googleadservices.com 1 redirects www.googletagmanager.com
2 bat.bing.com ob.iseaskies.com
bat.bing.com
2 connect.facebook.net ob.iseaskies.com
connect.facebook.net
2 v.eps.6sc.co j.6sc.co
2 log.intellimize.co cdn.intellimize.co
2 eps.6sc.co j.6sc.co
2 api.intellimize.co cdn.intellimize.co
2 j.6sc.co www.zscaler.com
j.6sc.co
1 cdn.acsbapp.com acsbapp.com
1 acsbapp.com www.zscaler.com
1 ws-assets.zoominfo.com js.zi-scripts.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 secure.adnxs.com j.6sc.co
1 117186981.intellimizeio.com cdn.intellimize.co
1 ob.iseaskies.com www.zscaler.com
1 munchkin.marketo.net www.zscaler.com
1 cdn.intellimize.co www.zscaler.com
1 geolocation.onetrust.com cdn.cookielaw.org
141 33
Subject Issuer Validity Valid
www.zscaler.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-28 -
2025-02-23		 a year crt.sh
cookielaw.org
WE1		 2024-10-11 -
2025-01-09		 3 months crt.sh
info.zscaler.com
WE1		 2024-11-05 -
2025-02-03		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-10-11 -
2025-01-09		 3 months crt.sh
cdn.intellimize.co
R10		 2024-11-10 -
2025-02-08		 3 months crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1		 2024-10-22 -
2025-10-24		 a year crt.sh
6sc.co
R10		 2024-09-23 -
2024-12-22		 3 months crt.sh
*.iseaskies.com
Amazon RSA 2048 M02		 2024-06-18 -
2025-07-18		 a year crt.sh
*.intellimizeio.com
Amazon RSA 2048 M02		 2024-09-24 -
2025-10-23		 a year crt.sh
api.intellimize.co
Amazon RSA 2048 M03		 2024-09-24 -
2025-10-23		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2024-02-14 -
2025-03-16		 a year crt.sh
eps.6sc.co
Amazon RSA 2048 M02		 2024-08-29 -
2025-09-27		 a year crt.sh
log.intellimize.co
Amazon RSA 2048 M03		 2024-09-23 -
2025-10-22		 a year crt.sh
v.eps.6sc.co
Amazon RSA 2048 M03		 2024-09-06 -
2025-10-05		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-08-20 -
2024-11-18		 3 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03		 2024-09-16 -
2025-03-15		 6 months crt.sh
*.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.googleadservices.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.google.de
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
zi-scripts.com
WE1		 2024-09-22 -
2024-12-21		 3 months crt.sh
zoominfo.com
E5		 2024-10-12 -
2025-01-10		 3 months crt.sh
acsbapp.com
WE1		 2024-10-16 -
2025-01-14		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Frame ID: B44331D2E4C7F846E9D9FBF6DE8532DB
Requests: 131 HTTP requests in this frame

Frame: https://info.zscaler.com/index.php/form/XDFrame
Frame ID: D9F1D93A06991BC726D2847AF5747D7B
Requests: 2 HTTP requests in this frame

Frame: https://117186981.intellimizeio.com/storage.html
Frame ID: BB50A72C90633FC8BFE3CD1704E06008
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: CE0112682EB5F6F1CE3BC97274201DA0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WINELOADER Analysis | ThreatLabz

Page URL History Show full URLs

  1. https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader HTTP 301
    https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

141
Requests

96 %
HTTPS

61 %
IPv6

20
Domains

33
Subdomains

31
IPs

5
Countries

2863 kB
Transfer

7984 kB
Size

20
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader HTTP 301
    https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 99
  • https://www.googleadservices.com/pagead/conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=431760594&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIzZ2D767UiQMVhJ6DBx05SBxLMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8 HTTP 302
  • https://www.google.com/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=431760594&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIzZ2D767UiQMVhJ6DBx05SBxLMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwCa7L7dSw9rI94yUQ0pG5sekkNGCumcGsxxTg&random=2319199283 HTTP 302
  • https://www.google.de/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=431760594&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIzZ2D767UiQMVhJ6DBx05SBxLMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwCa7L7dSw9rI94yUQ0pG5sekkNGCumcGsxxTg&random=2319199283&ipr=y
Request Chain 112
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1835768335&cv=11&fst=1731331078124&bg=ffffff&guid=ON&async=1&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=WINELOADER%20Analysis%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=1320710476.1731331078&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQIIosWxAgjTxbECCKXGsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIkK2b767UiQMVfIiDBx2vWTK_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS9CV0NoQUlnUFBHdVFZUTFJLXhfTWJ0dU9kbUVpMEFvWjNKaGsycHZiYm1lN0V5VzVKYXctOUhmNWJBalhNS1N2OVNrY2VobmFxY3ZCNUxSbXFBYmNRalZDbw HTTP 302
  • https://www.google.com/pagead/1p-conversion/812494211/?random=1835768335&cv=11&fst=1731331078124&bg=ffffff&guid=ON&async=1&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=WINELOADER%20Analysis%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=1320710476.1731331078&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQIIosWxAgjTxbECCKXGsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIkK2b767UiQMVfIiDBx2vWTK_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS9CV0NoQUlnUFBHdVFZUTFJLXhfTWJ0dU9kbUVpMEFvWjNKaGsycHZiYm1lN0V5VzVKYXctOUhmNWJBalhNS1N2OVNrY2VobmFxY3ZCNUxSbXFBYmNRalZDbw&is_vtc=1&cid=CAQSKQCa7L7dMp3ippGq5gbIsgWk4nQHxoipGGonMaBNef38ETGA7KnyaaBN&random=1382265021 HTTP 302
  • https://www.google.de/pagead/1p-conversion/812494211/?random=1835768335&cv=11&fst=1731331078124&bg=ffffff&guid=ON&async=1&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=WINELOADER%20Analysis%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=1320710476.1731331078&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQIIosWxAgjTxbECCKXGsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIkK2b767UiQMVfIiDBx2vWTK_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS9CV0NoQUlnUFBHdVFZUTFJLXhfTWJ0dU9kbUVpMEFvWjNKaGsycHZiYm1lN0V5VzVKYXctOUhmNWJBalhNS1N2OVNrY2VobmFxY3ZCNUxSbXFBYmNRalZDbw&is_vtc=1&cid=CAQSKQCa7L7dMp3ippGq5gbIsgWk4nQHxoipGGonMaBNef38ETGA7KnyaaBN&random=1382265021&ipr=y

141 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request european-diplomats-targeted-apt29-cozy-bear-wineloader
www.zscaler.com/blogs/security-research/
Redirect Chain
  • https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader
  • https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
439 KB
70 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Next.js
Resource Hash
e30809acecc35e6d400bf6cd54c133a021384e8cef67266b23d9b4af5fdf594b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://explore.zscaler.com blob: ; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com https://zscaler.my.site.com ; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com https://zscaler.my.site.com;
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age
28
cache-control
public,max-age=0,must-revalidate
cache-status
"Netlify Edge"; hit
cf-cache-status
DYNAMIC
cf-ray
8e0e90ae2e46d2a6-FRA
content-encoding
br
content-security-policy
default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://explore.zscaler.com blob: ; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com https://zscaler.my.site.com ; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com https://zscaler.my.site.com;
content-type
text/html; charset=utf-8
date
Mon, 11 Nov 2024 13:17:54 GMT
netlify-vary
header=x-nextjs-data|x-next-debug-logging,cookie=__prerender_bypass|__next_preview_data
server
cloudflare
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN https://cms.zscaler.com
x-nextjs-date
Mon, 11 Nov 2024 13:17:48 GMT
x-nf-request-id
01JCDNZA78EF1THSC261776RFD
x-powered-by
Next.js
x-xss-protection
1; mode=block

Redirect headers

age
6
cache-control
public,max-age=0,must-revalidate
cache-status
"Netlify Edge"; hit
cf-cache-status
DYNAMIC
cf-ray
8e0e90ad5bdbd2a6-FRA
content-encoding
gzip
content-type
text/plain
date
Mon, 11 Nov 2024 13:17:54 GMT
location
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
netlify-vary
query
server
cloudflare
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-nf-request-id
01JCDNZA36HG5RJT644EFRJC5G
OtAutoBlock.js
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 		356 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/OtAutoBlock.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eddd884436be08bc6ecaff1ea001f0f68eea7fe12664000a6f3646e07961a061
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-md5
wwQGGjy2I9fD9PfR8JuF1w==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCE50A464C63D1
age
60227
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Tue, 12 Nov 2024 13:17:54 GMT
date
Mon, 11 Nov 2024 13:17:54 GMT
content-type
application/javascript
last-modified
Sat, 05 Oct 2024 06:52:27 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
4ccfe86d-601e-003e-674c-2625ab000000
cf-ray
8e0e90b03a98dcce-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
41741
x-ms-blob-type
BlockBlob
server
cloudflare
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7358c5616f671017f307d161644d253f0f81083b0be68f3a3fefefa33b59de5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-md5
qVqAwzZMp5y69q24H0KNhg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCFF52536C02E8
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
22831
x-content-type-options
nosniff
expires
Tue, 12 Nov 2024 13:17:54 GMT
date
Mon, 11 Nov 2024 13:17:54 GMT
content-type
application/javascript
last-modified
Thu, 07 Nov 2024 17:33:43 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
265d7408-301e-0026-05fa-31083e000000
cf-ray
8e0e90b03a96dcce-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
7212
x-ms-blob-type
BlockBlob
server
cloudflare
image
www.zscaler.com/_next/ 		428 KB
428 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Findia-europe-blog-cover-image.jpg&w=3840&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
809710f4ac99089f1c95f10ed632d3a8d346ac3778d12cca05c120378f66e2c3
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

cf-cache-status
DYNAMIC
age
5
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:54 GMT
content-type
image/avif
last-modified
Mon, 11 Nov 2024 13:17:50 GMT
vary
Accept
strict-transport-security
max-age=31536000; preload
content-security-policy
script-src 'none'
cache-control
public,max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
8e0e90b20faed2a6-FRA
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges
bytes
access-control-allow-origin
*
content-length
437810
x-nf-request-id
01JCDNZAT9GDWC1P8C8MQQ6K23
cache-status
"Netlify Edge"; fwd=miss
server
cloudflare
219e54771de95554-s.p.woff2
www.zscaler.com/_next/static/media/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/media/219e54771de95554-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
cf-cache-status
DYNAMIC
etag
"ee94ab2a11412903ad9756e2edb68d05-ssl"
age
14165
x-content-type-options
nosniff
cf-ray
8e0e90af288fd2a6-FRA
accept-ranges
bytes
content-length
37876
x-nf-request-id
01JCDNZAC4GYNGR80JXSYQW1VD
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
font/woff2
server
cloudflare
86085b213eb89904-s.p.woff2
www.zscaler.com/_next/static/media/ 		39 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/media/86085b213eb89904-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
cf-cache-status
DYNAMIC
etag
"9430f4d344e4fa79ef6a839ba362694c-ssl"
age
14171
x-content-type-options
nosniff
cf-ray
8e0e90af2893d2a6-FRA
accept-ranges
bytes
content-length
40264
x-nf-request-id
01JCDNZACD8DVBF20R76RS25SQ
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
font/woff2
server
cloudflare
9cdafb0650413334-s.p.woff2
www.zscaler.com/_next/static/media/ 		39 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/media/9cdafb0650413334-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
cf-cache-status
DYNAMIC
etag
"aa81c4751d270062c6783d25c81b8021-ssl"
age
14163
x-content-type-options
nosniff
cf-ray
8e0e90af2896d2a6-FRA
accept-ranges
bytes
content-length
40336
x-nf-request-id
01JCDNZACEED06HPD4H8SVBR6S
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
font/woff2
server
cloudflare
4012cc4b67ad157d-s.p.woff2
www.zscaler.com/_next/static/media/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/media/4012cc4b67ad157d-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
cf-cache-status
DYNAMIC
etag
"93ae142d2bfd17c936f3d91401658758-ssl"
age
14094
x-content-type-options
nosniff
cf-ray
8e0e90af38a1d2a6-FRA
accept-ranges
bytes
content-length
9592
x-nf-request-id
01JCDNZACEBF67KCQBJDR84229
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
font/woff2
server
cloudflare
41998fdc1b8220a0-s.p.woff2
www.zscaler.com/_next/static/media/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/media/41998fdc1b8220a0-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
cf-cache-status
DYNAMIC
etag
"672d4a5030823e96757755c555bf2027-ssl"
age
13896
x-content-type-options
nosniff
cf-ray
8e0e90af38a3d2a6-FRA
accept-ranges
bytes
content-length
9620
x-nf-request-id
01JCDNZACDE4281TP8RWFG2M9P
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
font/woff2
server
cloudflare
edb9f1eb1c1a7ead-s.p.woff2
www.zscaler.com/_next/static/media/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/media/edb9f1eb1c1a7ead-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
cf-cache-status
DYNAMIC
etag
"e32ff74f0d5d916b5dda832b01fd5fc8-ssl"
age
14093
x-content-type-options
nosniff
cf-ray
8e0e90af38a9d2a6-FRA
accept-ranges
bytes
content-length
8780
x-nf-request-id
01JCDNZACFF3SWNJ307FBFP0Y3
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
font/woff2
server
cloudflare
ce9b84dce7581e2b-s.p.woff2
www.zscaler.com/_next/static/media/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/media/ce9b84dce7581e2b-s.p.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
cf-cache-status
DYNAMIC
etag
"067a5289e0e684ba833d5d7b2beb3f51-ssl"
age
14083
x-content-type-options
nosniff
cf-ray
8e0e90af38abd2a6-FRA
accept-ranges
bytes
content-length
8764
x-nf-request-id
01JCDNZACK4TFVQ4RZG0N1NQYX
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
font/woff2
server
cloudflare
eb9f60acd31addfc.css
www.zscaler.com/_next/static/css/ 		118 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/eb9f60acd31addfc.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58d24af2b13a7e3b1c93d52d42c5fa657956deb600d7b5a24009140175d02aaa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"d07195cff749e9661bc30e8d8394f1c3-ssl-df"
age
14179
x-content-type-options
nosniff
cf-ray
8e0e90af38b0d2a6-FRA
x-nf-request-id
01JCDNZACG8FZP2DF85E7M2TEV
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
3af0ea8ee1d54b3f.css
www.zscaler.com/_next/static/css/ 		80 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/3af0ea8ee1d54b3f.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29d106d265188e649c5573b599ed4aa1421b49cf320253d89fa43400c1941175
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"7a807c808a7b103144313c0e6c26f870-ssl-df"
age
5361
x-content-type-options
nosniff
cf-ray
8e0e90af38b3d2a6-FRA
x-nf-request-id
01JCDNZACG87A3M1JWM9ES1ZBT
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
60ab7ffa9f7999ec.css
www.zscaler.com/_next/static/css/ 		849 B
391 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/60ab7ffa9f7999ec.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"4fd28ce5d07640308fd628361ee9dd2e-ssl"
age
13819
x-content-type-options
nosniff
cf-ray
8e0e90af38b6d2a6-FRA
x-nf-request-id
01JCDNZACGQWW25EZE1BMC7R0X
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
server
cloudflare
54b114f76a2643a4.css
www.zscaler.com/_next/static/css/ 		14 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/54b114f76a2643a4.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"9b8c484af22ed99c9052a8a53f1fb90c-ssl-df"
age
13489
x-content-type-options
nosniff
cf-ray
8e0e90af38bed2a6-FRA
x-nf-request-id
01JCDNZACJA3KAHYCHNVXKY8N8
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
100087b4636276ac.css
www.zscaler.com/_next/static/css/ 		16 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/100087b4636276ac.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f6d94f2c0cb031ee68a4125e2ec5bcda8c21d0187affabb22995d0e2a941e60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"9c4b279f1982da43a3cdb4f54bc81804-ssl-df"
age
13990
x-content-type-options
nosniff
cf-ray
8e0e90af38c0d2a6-FRA
x-nf-request-id
01JCDNZACP9HRXVFDRVZ1NW0C1
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
455227249223c84c.css
www.zscaler.com/_next/static/css/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/455227249223c84c.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"c7271019cbe209844cca8826be137418-ssl-df"
age
14165
x-content-type-options
nosniff
cf-ray
8e0e90af38c2d2a6-FRA
x-nf-request-id
01JCDNZACMP2H8ADRBP0CC19GK
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
59cb0a1d87010ab3.css
www.zscaler.com/_next/static/css/ 		19 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/59cb0a1d87010ab3.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c57780c294c4ac3bb4790f10f11ab4afe4e323819d2ae1278de9cc6b390fc7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"9036d3452601bc5060c3cd0511dd853c-ssl-df"
age
14171
x-content-type-options
nosniff
cf-ray
8e0e90af38c5d2a6-FRA
x-nf-request-id
01JCDNZACPW0BKJR3EHH23G4SM
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
d34fc117d4462dbb.css
www.zscaler.com/_next/static/css/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/d34fc117d4462dbb.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"a2957e3f52eaaa2164c4c260e8a99bde-ssl-df"
age
11491
x-content-type-options
nosniff
cf-ray
8e0e90af38c6d2a6-FRA
x-nf-request-id
01JCDNZACQ6DSSB3VSNC8TA41N
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
86396278026d8682.css
www.zscaler.com/_next/static/css/ 		79 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/86396278026d8682.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7875fbe665177221583264ccbbd2f5235fe95dbb92a2e3a0038ccd040af2ae88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"ef83be09d6c797d9ac00c2e68d348312-ssl-df"
age
14213
x-content-type-options
nosniff
cf-ray
8e0e90af38c7d2a6-FRA
x-nf-request-id
01JCDNZACB3DQ2QSBGZE1H35DM
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
1664.c61305e6d5988956.js
www.zscaler.com/_next/static/chunks/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/1664.c61305e6d5988956.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8485bdafe29126ccb2d8ee5779c1cc007263d7c45c64ef37dd8e22a263ccc31d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"e9100db0323229d18f4f2ee488f536fc-ssl-df"
age
13029
x-content-type-options
nosniff
cf-ray
8e0e90b20fb0d2a6-FRA
x-nf-request-id
01JCDNZATEX3YWADPDF8GXGFFZ
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
7566.6e79db7c76818e8b.js
www.zscaler.com/_next/static/chunks/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/7566.6e79db7c76818e8b.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
007c2ba9a1fcd3cd52c7c4684c59696f26cbf7331c2f058000fb0cdf9547b712
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"7e30183a69d2a0739344ce5c62d876ff-ssl-df"
age
14092
x-content-type-options
nosniff
cf-ray
8e0e90b24841d2a6-FRA
x-nf-request-id
01JCDNZAVJWBK8FG3NJXD5K56M
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
6804.777ea7ad2bf59dcd.js
www.zscaler.com/_next/static/chunks/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/6804.777ea7ad2bf59dcd.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd8134b4043cb1ce2a1641c56a93561d99bb541ff9820b3c0e115e1b70dd9be3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"c31c4e287a21317606022d71dc9b58eb-ssl-df"
age
13936
x-content-type-options
nosniff
cf-ray
8e0e90b24845d2a6-FRA
x-nf-request-id
01JCDNZAVMRATRKYCEVHQGQSNA
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
537.8ad21235b8edef2f.js
www.zscaler.com/_next/static/chunks/ 		604 B
435 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/537.8ad21235b8edef2f.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"eb0384336b3b3bd6ecd5fe6de7da10a3-ssl"
age
13560
x-content-type-options
nosniff
cf-ray
8e0e90b24847d2a6-FRA
x-nf-request-id
01JCDNZAVKZFVVHR0X0T606BMJ
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
server
cloudflare
8338.7bc0a0f66b4180fe.js
www.zscaler.com/_next/static/chunks/ 		115 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/8338.7bc0a0f66b4180fe.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e9c619da677845336e5715fd09f8feb00d9ea39c0797c123477725107e3f776
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"9fae3ba2c2f7d5767d49a6dae2daa2b1-ssl-df"
age
13834
x-content-type-options
nosniff
cf-ray
8e0e90b2484bd2a6-FRA
x-nf-request-id
01JCDNZAVFCE7VXC6NEQP9R0QR
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
287.bdc982e1e7747150.js
www.zscaler.com/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/287.bdc982e1e7747150.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8b9a51270687afddae089d22440c5231d2876679c608fafe460d4caa2d12c56
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"e2bb6924e90a61b7aeacdd8aa7f51e92-ssl-df"
age
13938
x-content-type-options
nosniff
cf-ray
8e0e90b2484ed2a6-FRA
x-nf-request-id
01JCDNZAVJQWGM7X3X3T32WSAA
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
9775.864cadc11d0a4959.js
www.zscaler.com/_next/static/chunks/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/9775.864cadc11d0a4959.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b677e677ced8c4a836aed76512f225e795edc1b19123c4cf94a765f8fe89d192
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"f4974b41a1ca9de478aa67bb323de449-ssl-df"
age
13023
x-content-type-options
nosniff
cf-ray
8e0e90b24851d2a6-FRA
x-nf-request-id
01JCDNZAVZS8EVWDZ9XVQ2AP5S
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
1306.3de21e0b58c1dbf6.js
www.zscaler.com/_next/static/chunks/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/1306.3de21e0b58c1dbf6.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36abed3d20085dbc2ef2778631d3f5efd0e8000db1925e2de3a18649671d4e02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"4341edcd3cc895da095a035c6f37094f-ssl-df"
age
14043
x-content-type-options
nosniff
cf-ray
8e0e90b24854d2a6-FRA
x-nf-request-id
01JCDNZAVJZ29KDVKNBP2M4TNK
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
2284.c5d0a6b845f2ee47.js
www.zscaler.com/_next/static/chunks/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/2284.c5d0a6b845f2ee47.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b026ac8e9b650f8a85c8a082f913b04eaa7dde4bf82bef0512f352891b3e0758
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"2caf290570b3ed54cb6e58790db6b04c-ssl-df"
age
12315
x-content-type-options
nosniff
cf-ray
8e0e90b24857d2a6-FRA
x-nf-request-id
01JCDNZAVR1VBNNASSF48977AJ
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
893.2816cd0884bb490b.js
www.zscaler.com/_next/static/chunks/ 		43 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/893.2816cd0884bb490b.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcd564835a4595f7af917a074fd6afc335223a8424f506e4a015635f226bc459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"5d8c5bdfc13c67daad31344132ed5e45-ssl-df"
age
13944
x-content-type-options
nosniff
cf-ray
8e0e90b24858d2a6-FRA
x-nf-request-id
01JCDNZAVMK9W99BCSZTYYA22Z
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
webpack-5b67bc5e4453ef05.js
www.zscaler.com/_next/static/chunks/ 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/webpack-5b67bc5e4453ef05.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0bdb338fc77d4d63a895e5d82d9e478360d25838d4a67857ba9b225d71a0ad8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"18dfdc7f4dc084d81507233eec9b9d8e-ssl-df"
age
14092
x-content-type-options
nosniff
cf-ray
8e0e90b24859d2a6-FRA
x-nf-request-id
01JCDNZAVN6BT7YVMKFC6SW0RB
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
framework-16e7f16798adb2a9.js
www.zscaler.com/_next/static/chunks/ 		138 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/framework-16e7f16798adb2a9.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a310ce14d324e6716845b2dd0c71f15f4b955c1d76996b6494f89939cb71018
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"150bc9a54bb33e6c4c96941901ca87e1-ssl-df"
age
14108
x-content-type-options
nosniff
cf-ray
8e0e90b24861d2a6-FRA
x-nf-request-id
01JCDNZAVSBFNB0PSE28G48SBS
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
main-bf56e129e9a973c7.js
www.zscaler.com/_next/static/chunks/ 		110 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
774e08566a15a9afbb217705a2ca66fa20dc5b34885b6977d428220993147106
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"2f0931eeb810ed6316e8583b33333205-ssl-df"
age
14090
x-content-type-options
nosniff
cf-ray
8e0e90b24866d2a6-FRA
x-nf-request-id
01JCDNZAVT8N3VR3CJVBFJYPD5
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
_app-2fc59cba62740d0f.js
www.zscaler.com/_next/static/chunks/pages/ 		421 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/pages/_app-2fc59cba62740d0f.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56f238c8e454d264b8f83c39e9e71aae84fddf221d68a137ebc287f38e15136b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"ff1bc274833f00c07cf1d9f1b7176b39-ssl-df"
age
13831
x-content-type-options
nosniff
cf-ray
8e0e90b24867d2a6-FRA
x-nf-request-id
01JCDNZAVWRSY6H11ARCXTEV0Q
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
2635-c788fa1276da3388.js
www.zscaler.com/_next/static/chunks/ 		208 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/2635-c788fa1276da3388.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04a645879eebf5a21e376ea7a88ecab85e94d83e8efe848b999b27f152303f85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"e8fbe5740eceff0b012c6ba39674b513-ssl-df"
age
13931
x-content-type-options
nosniff
cf-ray
8e0e90b24868d2a6-FRA
x-nf-request-id
01JCDNZAVPGCB7D1ZSATBZ7QFK
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
3137-eef5947276778551.js
www.zscaler.com/_next/static/chunks/ 		136 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/3137-eef5947276778551.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f34dcf4b0199f8e65fb814e549773b31ac54998d949e166432362f35e5cf4ece
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"afbdd3d4922908132dbe45ee55655638-ssl-df"
age
14171
x-content-type-options
nosniff
cf-ray
8e0e90b2486ad2a6-FRA
x-nf-request-id
01JCDNZAVSCRWAFDAA91HW472Y
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
6882-7775e6877754c326.js
www.zscaler.com/_next/static/chunks/ 		60 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/6882-7775e6877754c326.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec6358c95b32aeaece636d106b3e3f38c10363e9abca7215df544bca33960779
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"65426bad40120aa5a4a7c52331416b60-ssl-df"
age
13954
x-content-type-options
nosniff
cf-ray
8e0e90b2486cd2a6-FRA
x-nf-request-id
01JCDNZAVTNFYANHJHCSZA8XEV
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
5509-2411b25a3bd612af.js
www.zscaler.com/_next/static/chunks/ 		143 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/5509-2411b25a3bd612af.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d86b2ce4a318c6855a81663452acd96ef6311f4880aa953d6d6fcd8232aaaff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"4128e7ceca07c39e99827acca967977b-ssl-df"
age
14080
x-content-type-options
nosniff
cf-ray
8e0e90b24870d2a6-FRA
x-nf-request-id
01JCDNZAVXYSZRWGEH8GMQ2AS7
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
%5B...slug%5D-644a63e81d8e2993.js
www.zscaler.com/_next/static/chunks/pages/blogs/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/pages/blogs/%5B...slug%5D-644a63e81d8e2993.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d9183b27b8de385dd66e998d48d863f3f82e679bd39e65a18cf5e6430703e8b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"b1cbc7ebec9cc588ededd330c8f2047f-ssl-df"
age
12809
x-content-type-options
nosniff
cf-ray
8e0e90b24871d2a6-FRA
x-nf-request-id
01JCDNZAVV2445DSABV4VVYWF7
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
_buildManifest.js
www.zscaler.com/_next/static/6sfTQMdFy9bA4rpgokwr7/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/6sfTQMdFy9bA4rpgokwr7/_buildManifest.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e34ec55f75e54956867b68b4ba0cd6ea79e8f648d5eefe12ff1e6791b027941c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"12e3a170f31f5d23c24264213fe634a5-ssl-df"
age
14213
x-content-type-options
nosniff
cf-ray
8e0e90b24872d2a6-FRA
x-nf-request-id
01JCDNZAVS9VJ6GNYYD09E0KZJ
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
_ssgManifest.js
www.zscaler.com/_next/static/6sfTQMdFy9bA4rpgokwr7/ 		449 B
318 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/6sfTQMdFy9bA4rpgokwr7/_ssgManifest.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42717a207578018b81bd5bfb13fd41672e8081f2fa517e078b437c080885bb3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"d483bd250a3ef832dcda9d330b187d08-ssl"
age
14213
x-content-type-options
nosniff
cf-ray
8e0e90b24873d2a6-FRA
x-nf-request-id
01JCDNZAVSJX1DY9C4Z5T8C7PT
date
Mon, 11 Nov 2024 13:17:54 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
server
cloudflare
email-decode.min.js
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
814 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"672b8df5-4d7"
x-content-type-options
nosniff
cf-ray
8e0e90af38c8d2a6-FRA
expires
Wed, 13 Nov 2024 13:17:54 GMT
date
Mon, 11 Nov 2024 13:17:54 GMT
content-type
application/javascript
last-modified
Wed, 06 Nov 2024 15:40:37 GMT
vary
Accept-Encoding
server
cloudflare
x-frame-options
DENY
image
www.zscaler.com/_next/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fsub-menu%2FGartner-report.png&w=256&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f0ce935f23a1a787a427daf4fd07dd3a394d6ad5b0f4dc74238c76125061f80
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

cf-cache-status
DYNAMIC
age
14952
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
image/avif
last-modified
Mon, 11 Nov 2024 09:08:42 GMT
vary
Accept
strict-transport-security
max-age=31536000; preload
content-security-policy
script-src 'none'
cache-control
public,max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
8e0e90b3ecc8d2a6-FRA
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges
bytes
access-control-allow-origin
*
content-length
4948
x-nf-request-id
01JCDNZB3Z7KMQH3WJPF9MMPTD
cache-status
"Netlify Edge"; hit
server
cloudflare
image
www.zscaler.com/_next/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fsub-menu%2FCxo-revolutionaries.png&w=384&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
945881686d0a47eee9946902d92626dbfab4570d3c5fab2cb7c6e3343ee01f5c
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

cf-cache-status
DYNAMIC
age
13411
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
image/avif
last-modified
Mon, 11 Nov 2024 09:34:24 GMT
vary
Accept
strict-transport-security
max-age=31536000; preload
content-security-policy
script-src 'none'
cache-control
public,max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
8e0e90b3eccbd2a6-FRA
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges
bytes
access-control-allow-origin
*
content-length
10336
x-nf-request-id
01JCDNZB3VWE96EXP3ACQZ4BMT
cache-status
"Netlify Edge"; hit
server
cloudflare
figure_1_5.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/figure_1_5.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dbe0a02ce3100e00f27c08158c477693c0d031094e9866ebc94c8342e488fb3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

cf-cache-status
HIT
etag
"cf5A-5xU4Z4DvmtHqtiV1ygehT1gWqs-rDoNB_ezzVDw"
cf-bgj
imgq:100,h2pri
cf-resized
internal=ok/d q=0 n=451+272 c=0+0 v=2024.10.4 l=38248 f=false
warning
cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
image/webp
last-modified
Mon, 26 Feb 2024 23:39:40 GMT
vary
Accept, Accept-Encoding
strict-transport-security
max-age=31536000; preload
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public, max-age=300
cf-ray
8e0e90b3ecced2a6-FRA
accept-ranges
bytes
content-length
38248
server
cloudflare
figure_2_6.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/ 		160 KB
160 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/figure_2_6.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b92441ba350b4367e04e321b08f791f7dfb9ea229c3dd3ff0e91d89abe7e3f2f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

cf-cache-status
HIT
etag
"cftQA4jtpPBEfHi3GxqxsQZghA1gWqs-rDoNB_ezzVDw"
cf-bgj
imgq:100,h2pri
cf-resized
internal=ok/d q=0 n=203+349 c=8+233 v=2024.10.6 l=163848 f=false
warning
cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
image/webp
last-modified
Mon, 26 Feb 2024 23:44:37 GMT
vary
Accept, Accept-Encoding
strict-transport-security
max-age=31536000; preload
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public, max-age=300
cf-ray
8e0e90b3ecd2d2a6-FRA
accept-ranges
bytes
content-length
163848
server
cloudflare
3e894970-e3e9-4783-85e9-7c38eedbfbbf.json
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/3e894970-e3e9-4783-85e9-7c38eedbfbbf.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ab49fd90ca814517ecccd0199152e764e8fcb16e0fd6ed91358d3aea88f753f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-md5
HpD+28GsI57ANX5weGb5dA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCE50A42B7B0F7
age
56859
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Tue, 12 Nov 2024 13:17:55 GMT
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
application/json
last-modified
Sat, 05 Oct 2024 06:52:21 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
cfd05432-601e-009f-3d4c-26eb30000000
cf-ray
8e0e90b40ba25d48-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1854
x-ms-blob-type
BlockBlob
server
cloudflare
7763.d758ee891eda7402.js
www.zscaler.com/_next/static/chunks/ 		1 KB
738 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/7763.d758ee891eda7402.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-5b67bc5e4453ef05.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"0500e040eba5ed9e5d82333085bd8bd7-ssl-df"
age
14090
x-content-type-options
nosniff
cf-ray
8e0e90b44daad2a6-FRA
x-nf-request-id
01JCDNZB5N7ES0GYDVCC3EKMSW
date
Mon, 11 Nov 2024 13:17:55 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
5551.c4fb596d5a66633e.js
www.zscaler.com/_next/static/chunks/ 		1000 B
790 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/5551.c4fb596d5a66633e.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-5b67bc5e4453ef05.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"b43ee5b23a7cf90ba2dca725f4930f2a-ssl"
age
14178
x-content-type-options
nosniff
cf-ray
8e0e90b44dafd2a6-FRA
x-nf-request-id
01JCDNZB5JEA57VZVFX85XWPWW
date
Mon, 11 Nov 2024 13:17:55 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
server
cloudflare
6023.ccb3fff03c4fa91a.js
www.zscaler.com/_next/static/chunks/ 		1 KB
729 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/6023.ccb3fff03c4fa91a.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-5b67bc5e4453ef05.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"39ccbb757c413d78d0f9a1a8014d51bb-ssl-df"
age
14196
x-content-type-options
nosniff
cf-ray
8e0e90b44db1d2a6-FRA
x-nf-request-id
01JCDNZB5Q91MS9AZ1PR0AJ1AY
date
Mon, 11 Nov 2024 13:17:55 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
790.d7dc94c2ef6f512f.js
www.zscaler.com/_next/static/chunks/ 		1 KB
898 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/790.d7dc94c2ef6f512f.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-5b67bc5e4453ef05.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"6ff1ada259784a3388a9c23908ebebdc-ssl-df"
age
14092
x-content-type-options
nosniff
cf-ray
8e0e90b44db3d2a6-FRA
x-nf-request-id
01JCDNZB5JVG1JV6ZQ1M6ZW7C2
date
Mon, 11 Nov 2024 13:17:55 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
6831.3072668993ea221f.js
www.zscaler.com/_next/static/chunks/ 		1 KB
726 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/chunks/6831.3072668993ea221f.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-5b67bc5e4453ef05.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"7c416a32791e45716f8ef3dec7caa745-ssl-df"
age
13943
x-content-type-options
nosniff
cf-ray
8e0e90b44db4d2a6-FRA
x-nf-request-id
01JCDNZB5KG2M179VWENP12FJX
date
Mon, 11 Nov 2024 13:17:55 GMT
cache-status
"Netlify Edge"; hit
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
image
www.zscaler.com/_next/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2F----category-images%2Fadvanced-persistent-threats%2Fzscaler-blog-advanced-persistent-threats-2%25402x.jpg&w=600&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/3137-eef5947276778551.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4faa00f1e2271d92c883c7e35dad0c513f51a8bbe437cfc9b624aeba1d95b82b
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

cf-cache-status
DYNAMIC
age
5
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
image/avif
last-modified
Mon, 11 Nov 2024 13:17:50 GMT
vary
Accept
strict-transport-security
max-age=31536000; preload
content-security-policy
script-src 'none'
cache-control
public,max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
8e0e90b5c9b4d2a6-FRA
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges
bytes
access-control-allow-origin
*
content-length
23041
x-nf-request-id
01JCDNZBD759HGTD0CCPC0BVW4
cache-status
"Netlify Edge"; fwd=miss
server
cloudflare
image
www.zscaler.com/_next/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Findian_flag.jpg&w=600&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/3137-eef5947276778551.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5724bbf488707332ae05dff33e2e3c6f8d58b4dfa425c3f545433fd5e4f94675
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

cf-cache-status
DYNAMIC
age
6
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
image/avif
last-modified
Mon, 11 Nov 2024 13:17:50 GMT
vary
Accept
strict-transport-security
max-age=31536000; preload
content-security-policy
script-src 'none'
cache-control
public,max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
8e0e90b5c9b6d2a6-FRA
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges
bytes
access-control-allow-origin
*
content-length
16599
x-nf-request-id
01JCDNZBD358V030Z4ZTWYFZJ0
cache-status
"Netlify Edge"; hit
server
cloudflare
image
www.zscaler.com/_next/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fblog-breach-warning-image.jpg&w=600&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/3137-eef5947276778551.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc6311a53e0edc396601870d047945647dc4abf142145ba93df2711a34199b54
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

cf-cache-status
DYNAMIC
age
5
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
image/avif
last-modified
Mon, 11 Nov 2024 13:17:50 GMT
vary
Accept
strict-transport-security
max-age=31536000; preload
content-security-policy
script-src 'none'
cache-control
public,max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
8e0e90b5c9b9d2a6-FRA
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges
bytes
access-control-allow-origin
*
content-length
50980
x-nf-request-id
01JCDNZBD5KQHHXG898P49M91P
cache-status
"Netlify Edge"; fwd=miss
server
cloudflare
forms2.min.js
info.zscaler.com/js/forms2/js/ 		199 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.zscaler.com/js/forms2/js/forms2.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e1bfe53260b5fa35318df2850a20f74c97d41af88b7d233d331811d842f26d3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"2f419be-31b73-6265f10c8a9b2"
age
3112
x-content-type-options
nosniff
cf-ray
8e0e90b6bd2b30d6-FRA
expires
Mon, 11 Nov 2024 17:17:55 GMT
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
application/x-javascript
last-modified
Fri, 08 Nov 2024 04:20:05 GMT
vary
Accept-Encoding
server
cloudflare
gtm.js
www.googletagmanager.com/ 		414 KB
130 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fc16a503a00e28e1ed04003c852cf893536010cf2bd3e57c685f7b62bcbb8b58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Mon, 11 Nov 2024 13:17:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 11 Nov 2024 12:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
132601
x-xss-protection
0
server
Google Tag Manager
3af0ea8ee1d54b3f.css
www.zscaler.com/_next/static/css/ 		80 KB
93 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/_next/static/css/3af0ea8ee1d54b3f.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29d106d265188e649c5573b599ed4aa1421b49cf320253d89fa43400c1941175
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"7a807c808a7b103144313c0e6c26f870-ssl-df"
age
5361
x-content-type-options
nosniff
cf-ray
8e0e90b5fa22d2a6-FRA
x-nf-request-id
01JCDNZBE1JVHRKVB22XS8EFNA
date
Mon, 11 Nov 2024 13:17:55 GMT
cache-status
"Netlify Edge"; hit
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		66 B
303 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
application/json
Referer
https://www.zscaler.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8e0e90b7abad3a3e-FRA
access-control-allow-origin
*
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
image
www.zscaler.com/_next/ 		219 KB
220 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Findia-europe-blog-cover-image.jpg&w=1920&q=75
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46eb2118b20ddb71cb84996746b47df99c02f1c9019f21d4cf85a5504aea1049
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

cf-cache-status
DYNAMIC
age
951
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
image/avif
last-modified
Mon, 11 Nov 2024 13:02:04 GMT
vary
Accept
strict-transport-security
max-age=31536000; preload
content-security-policy
script-src 'none'
cache-control
public,max-age=300
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
8e0e90b72d87d2a6-FRA
netlify-vary
query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges
bytes
access-control-allow-origin
*
content-length
224508
x-nf-request-id
01JCDNZBM1VM06T354CGAXSGXF
cache-status
"Netlify Edge"; hit
server
cloudflare
117186981.js
cdn.intellimize.co/snippet/ 		486 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.intellimize.co/snippet/117186981.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
24ac69ad45d84f566fbb9c1cf9d49296e25dca8faf1958c80f671dcbd5763d8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=0, must-revalidate
content-encoding
gzip
etag
"08ae6e86172b16e72abf053bb63ec9932--gzip"
age
108
x-timer
S1731331076.936382,VS0,VE2
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
108877
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
application/javascript;charset=utf-8
x-served-by
cache-fra-etou8220143-FRA
x-cache-hits
1
vary
Intellimize-Namespace, Intellimize-StatusModule, Accept-Encoding
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202409.1.0/ 		457 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81a50b09cb85e4ff68788f763b8dcdc549414cecf42ca228a55ab77c971f1286
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-md5
Mq8sWt7aN99kE/VZ97+T8Q==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCED8C88D357E6
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
41106
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 02:45:02 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
d1f3b68d-701e-006e-42a7-293aa3000000
cf-ray
8e0e90b90e23dcce-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
113760
x-ms-blob-type
BlockBlob
server
cloudflare
getForm
info.zscaler.com/index.php/form/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=7971&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&callback=jQuery37101444503858452013_1731331075888&_=1731331075889
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
faa378bee70b57a18eade4c5001ebb3cab08013b948b76a904e2caedfceb5d87

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cf-ray
8e0e90ba988730d6-FRA
cached
true
content-encoding
gzip
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
cloudflare
getForm
info.zscaler.com/index.php/form/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=1944&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&callback=jQuery37101444503858452013_1731331075890&_=1731331075891
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9263f0d0b13f1afe135f3130128593ea43ca326e17d73da68e653463efea1d54

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cf-ray
8e0e90bae8ce30d6-FRA
cached
true
content-encoding
gzip
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
cloudflare
forms2.css
info.zscaler.com/js/forms2/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.zscaler.com/js/forms2/css/forms2.css
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"301120-3437-62370c030d900"
age
3542
x-content-type-options
nosniff
cf-ray
8e0e90bb895b30d6-FRA
expires
Mon, 11 Nov 2024 17:17:56 GMT
accept-ranges
bytes
content-length
2623
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
text/css
last-modified
Tue, 01 Oct 2024 21:10:28 GMT
vary
Accept-Encoding
server
cloudflare
forms2-theme-round.css
info.zscaler.com/js/forms2/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.zscaler.com/js/forms2/css/forms2-theme-round.css
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"30111f-e46-62370c030d900"
age
2782
x-content-type-options
nosniff
cf-ray
8e0e90bb895e30d6-FRA
expires
Mon, 11 Nov 2024 17:17:56 GMT
accept-ranges
bytes
content-length
968
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
text/css
last-modified
Tue, 01 Oct 2024 21:10:28 GMT
vary
Accept-Encoding
server
cloudflare
munchkin.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.199.214.136 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-199-214-136.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
57d030752d740552eb7759a0dd8e487e96ca86b03c0aa53a7e2b1c213ae74f5f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

Content-Encoding
gzip
ETag
"49bb20382072bfb6b798a6f4c6ab8354:1730261707.305765"
Connection
keep-alive
Accept-Ranges
bytes
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length
746
Date
Mon, 11 Nov 2024 13:17:56 GMT
Content-Type
application/x-javascript
Last-Modified
Wed, 30 Oct 2024 04:15:07 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
6934ae2b-4c76-4229-97d0-8f637b004b88.js
j.6sc.co/j/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-encoding
gzip
etag
"afb8c61166e7f50fe6d7ab7b6377733c"
x-amz-version-id
uLuCr1hhLpJjZt0sFSB89FSJa4YqIrE7
expires
Mon, 11 Nov 2024 13:47:56 GMT
x-amz-cf-id
DYhFrF06827J9UT1kkCdaREo6d83MvX2kn0NqXyjgXcKI-jjjxwLPw==
date
Mon, 11 Nov 2024 13:17:56 GMT
last-modified
Tue, 02 May 2023 17:36:47 GMT
vary
Accept-Encoding
content-type
application/javascript
x-amz-meta-content-type
application/json
cache-control
private, max-age=1800
accept-ranges
bytes
content-length
1178
x-amz-cf-pop
FRA60-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
1395e54b70b06b444656a2f40c135374.js
ob.iseaskies.com/i/ 		108 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:5400:c:d449:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Caddy /
Resource Hash
a823f4600a0d01fec7ea9cbf3c51ecf0238645becac9f0bfe80a0c604fad8fbe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=43200
content-encoding
gzip
etag
"1affc-jNNGqwExtshRS5FV47RILrUrALE"
age
23152
via
1.1 82386e4e4f56a0c01411d1aea6f3fd46.cloudfront.net (CloudFront)
expires
Mon, 11 Nov 2024 18:52:04 GMT
x-cache
Hit from cloudfront
content-length
40435
x-amz-cf-id
o8SlT_djOqtdIwQZeQRseFb70d4CkQS2TCzOrtm_JPLDxpgPdR-DOQ==
date
Mon, 11 Nov 2024 06:52:04 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
Caddy
x-amz-cf-pop
FRA56-P4
XDFrame
info.zscaler.com/index.php/form/ Frame D9F1 		2 KB
875 B 		Document
General
Check archive.org
Download Go to
Full URL
https://info.zscaler.com/index.php/form/XDFrame
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
8e0e90bcaa8d30d6-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 11 Nov 2024 13:17:56 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
storage.html
117186981.intellimizeio.com/ Frame BB50 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://117186981.intellimizeio.com/storage.html
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.213.91.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-91-154.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.zscaler.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
5628
content-type
text/html; charset=utf-8
date
Mon, 11 Nov 2024 13:17:56 GMT
etag
W/"15fc-Uk1A5QrccB7iUltcerqKsVx8Uo0"
strict-transport-security
max-age=15552000; includeSubDomains
x-powered-by
Express
117186981
api.intellimize.co/context-v2/ 		563 B
652 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.intellimize.co/context-v2/117186981
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.49.5.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-5-89.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
c50154bf911f9809313285ef19578a1d79a87c828dfbec9075332c7dfe726ba8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.zscaler.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://www.zscaler.com
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
application/json
vary
Accept-Encoding, Origin
6si.min.js
j.6sc.co/ 		68 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
56df5bf2317bc2156b954c3fd2913afcce23eb4947c47f3ac401017dc4a0151d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
private, proxy-revalidate, max-age=10800
content-encoding
gzip
etag
"66fb91ae-111d7"
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 16:17:56 GMT
accept-ranges
bytes
content-length
18830
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
last-modified
Tue, 01 Oct 2024 06:07:42 GMT
en.json
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/0190bafd-b08f-7aea-8e5a-bfde3f6faa6f/ 		208 KB
36 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/0190bafd-b08f-7aea-8e5a-bfde3f6faa6f/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
022637e718fb5f447bd571c6a164ad796da674d6b1aa89e5745a5537437ef9d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-md5
w7hx+7tnhW0gKrREb3DGYA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCE50A443A2E6D
age
15483
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Tue, 12 Nov 2024 13:17:56 GMT
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
application/json
last-modified
Sat, 05 Oct 2024 06:52:23 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
e497f3df-101e-009b-334c-261eb2000000
cf-ray
8e0e90bd6c395d48-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
36116
x-ms-blob-type
BlockBlob
server
cloudflare
forms2.min.js
info.zscaler.com/js/forms2/js/ Frame D9F1 		199 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://info.zscaler.com/js/forms2/js/forms2.min.js
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e1bfe53260b5fa35318df2850a20f74c97d41af88b7d233d331811d842f26d3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://info.zscaler.com/index.php/form/XDFrame

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"2f419be-31b73-6265f10c8a9b2"
age
3112
x-content-type-options
nosniff
cf-ray
8e0e90b6bd2b30d6-FRA
expires
Mon, 11 Nov 2024 17:17:55 GMT
date
Mon, 11 Nov 2024 13:17:55 GMT
content-type
application/x-javascript
last-modified
Fri, 08 Nov 2024 04:20:05 GMT
vary
Accept-Encoding
server
cloudflare
getuidj
secure.adnxs.com/ 		11 B
702 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
138.199.38.133; 138.199.38.133; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://www.zscaler.com
an-x-request-uuid
2e6c831c-e3da-4c9d-bad3-ab6ae1588cc8
content-length
11
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Mon, 11 Nov 2024 13:17:57 GMT
x-xss-protection
0
content-type
application/json; charset=utf-8
server
nginx/1.23.4
/
c.6sc.co/ 		7 B
193 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
GET,POST
access-control-allow-origin
https://www.zscaler.com
content-length
7
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
text/html
access-control-allow-headers
*
/
ipv6.6sc.co/ 		36 B
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
aeb78b4c74ea54526ba354be167d3dd0247846f8d4a50b24bbcfd64cb382e0bd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
pragma
no-cache
6si-ipv6
2a02:6ea0:c71b:0:1011:8f08:5a8e:5b36
expires
Mon, 11 Nov 2024 13:17:57 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731331077213_34901565_100615733_21_841_16_194_219";dur=1
access-control-allow-origin
https://www.zscaler.com
content-length
36
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
text/html
vary
Origin
ct
obs.iseaskies.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://obs.iseaskies.com/ct?id=60409&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1731331077130&hl=2&op=0&ag=4155436659&rand=83080125990200719078227829590271240021388029752476012759925223200822670662181169910886&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDIzOThdLFsiYWJuY2giLDUwXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImludGVsIGluYy5cIixcInJcIjpcImludGVsIGlyaXMgb3BlbmdsIGVuZ2luZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjo0MSxcIndnbFwiOjEsXCJncmVuXCI6XCJ3ZWJraXQgd2ViZ2xcIixcInNlZlwiOjE5MzA4MjAyNzksXCJzZWNcIjpcIlwifSJdLFstMTAsIi0iXSxbLTE2LCIwIl0sWy0yMywiKyJdLFstMjYsIntcInRqaHNcIjozODM2OTYxOSxcInVqaHNcIjoyNzkwOTg5OSxcImpoc2xcIjo0Mjk0NzA1MTUyfSJdLFstMzAsIltcInZcIiwwXSJdLFstMzEsImZhbHNlIl0sWy0zNSwiWzE3MzEzMzEwNzY5MjEsLTFdIl0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTU4LCItIl0sWy02NCwiWzAsXCJcIixbXV0iXSxbLTcwLCItIl0sWy0yMSwiLSJdLFstMjksIi0iXSxbLTM2LCJbXCI0LzNcIixcIjQvM1wiXSJdLFstNDEsIi0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy01NywiV0UwWlYxeE9jVmhYWFZWY1N4Y0ZXbFpVU1V4TlhGMEhHV0pZU2hsWVNVbFZRR1FaRVZ4UFdGVVpXRTBaQlZoWFZsZEFWRlpNU2djWkVRTU9Bd2dNQ1FvSkFSQVZHUVZZVjFaWFFGUldURW9IQXdnQkF3b0pFQlZZVFJsNFMwdFlRQmRQWEJrUlVVMU5TVW9ERmhaV1d4ZFFTbHhZU2xKUVhFb1hXbFpVRmxBV0NBb0FERndNRFZzT0NWc0pEMXNORFEwUERBOVlDMThOQ1ZvSUNnd0tEZzBYVTBvRENBTVBBUXNNQ1JBVldFMFpTeGtSVVUxTlNVb0RGaFpXV3hkUVNseFlTbEpRWEVvWFdsWlVGbEFXQ0FvQURGd01EVnNPQ1ZzSkQxc05EUTBQREE5WUMxOE5DVm9JQ2d3S0RnMFhVMG9EQ0FNT0N3QUlDUkE9Il0sWy0xOCwiWzAsMCwwLDFdIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMzksIltcIjIwMDMwMTA3XCIsMixcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCx0cnVlLDgsZmFsc2UsbnVsbCw1LHRydWUsdHJ1ZSxudWxsLDAsdHJ1ZSx0cnVlXSJdLFstMTksIlsxMTcwLDE1NzAsMTE3MCwxNTcwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjg1LDE2MDAsMTIwMCwwLDAsMTIzNiwxMjM2LFwiLVwiLFwiLVwiLDE2MDAsMTIwMF0iXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAxMTEwMTEwMDEwMTEwMTAwMDAwMTAiXSxbLTQ1LCI2MjAsNjc3LDAsMCwwLDU2MiwwLDAsNjQ4LDAsMCwwLDAsMCwwLDAsMCwwLDAsNjg0LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl0sWy00NywiRXVyb3BlL0JlcmxpbixkZSxsYXRuLGdyZWdvcnkiXSxbLTU0LCJ7XCJoXCI6W1wiXzNcIixcIjI4NzI4OTkzMjBcIixcIjIwMDg5MDUyNzBcIixcIjExNzQ5ODk1NTlcIl0sXCJkXCI6W10sXCJiXCI6W1wiMTE3NjcyODc4N1wiLFwiMzYwNDY1NzY0OFwiLFwiXzJcIixcIjI4MzI2MDI2NzhcIixcIl8xXCIsXCIyNDI1NjY1NDAxXCJdLFwic1wiOjF9Il0sWy02OCwiLSJdLFszNywiWzMzMTYyMjQwNDksZnVuY3Rpb24obmV3VmFsdWUpIHtcbiAgICAgICAgICAgICAgYWRkQ29udGVudFdpbmRvd1Byb3h5KHRoaXMpXG4gICAgICAgICAgICAgIC8vIFJlc2V0IHByb3BlcnR5LCB0aGUgaG9vayBpcyBvbmx5IG5lZWRlZCBvbmNlXG4gICAgICAgICAgICAgIE9iamVjdC5kZWZpbmVQcm9wZXJ0eShpZnJhbWUsICdzcmNkb2MnLCB7XG4gICAgICAgICAgICAgICAgY29uZmlndXJhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB3cml0YWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgdmFsdWU6IF9zcmNkb2NcbiAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgICAgX2lmcmFtZS5zcmNkb2MgPSBuZXdWYWx1ZVxuICAgICAgICAgICAgfV0iXSxbLTEsIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIl0iXSxbLTYsIi0iXSxbLTcsIi0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwib2c6dGl0bGVcIixcIm9nOmRlc2NyaXB0aW9uXCIsXCJ0d2l0dGVyOnRpdGxlXCIsXCJ0d2l0dGVyOmRlc2NyaXB0aW9uXCJdfSJdLFstMjgsImVuLVVTLGVuIl0sWy00OCwiMCwwIl0sWy02MywiLSJdLFstNjUsIi0iXSxbLTcxLCJhMDExMDAxMDEwMDEwMDEwMTAwMDEwMTAwMTExMTEwMTAwMDAxMCJdLFstNCwiLSJdLFstMjcsIls1MCwxMCwwLFwiNGdcIixudWxsXSJdLFstMzgsImksLTEsLTEsMjExLDIxMSwwLDAsMCwwLDg5LC0xLDAsMTIzMC4zLDEyMzAuMywyOTg5LDI5OTAiXSxbLTUzLCIxMDAiXSxbLTYyLCI4MCJdLFstNjksIkxpbnV4IHg4Nl82NHxHb29nbGUgSW5jLnw4fDEyfHwwIl0sWy05LCIrIl0sWy0yNSwiLSJdLFstMzIsIi0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTUyLCItIl0sWy02MCwyMDldLFstNjEsIntcIndnc2xcIjpcIjQ7cGFja2VkXzR4OF9pbnRlZ2VyX2RvdF9wcm9kdWN0O3VucmVzdHJpY3RlZF9wb2ludGVyX3BhcmFtZXRlcnM7cG9pbnRlcl9jb21wb3NpdGVfYWNjZXNzO3JlYWRvbmx5X2FuZF9yZWFkd3JpdGVfc3RvcmFnZV90ZXh0dXJlcztcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFstOCwiLSJdLFstMTcsIjEyIl0sWy0zMywiLSJdLFstNDAsIjMzIl0sWy01NSwiMSJdLFstMiwiMjQsZUFIV1gxL2YzcXpDdmJrdXltUXdnbElhRjNwSXNnSUlqU1ErOGlLZ3FJMG9zSUFpcEZFRVFSSWtVZ2RFUVFwVW9KU0F0Q0FxU0g5R3l5N1pXWitlci9kK2U5MmJ3c0NTRC8xZSJdLFstMTMsIi0iXSxbLTIwLCItIl0sWy00NCwiMCwwLDAsNSJdLFstNTksImRlZmF1bHQiXSxbLTY3LCIyNTMyMzEyODg4OjI3Il0sWy0zNCwiLSJdLFstNDYsIjAiXSxbLTUwLCItIl0sWy01MSwiLSJdLFsiYm5jaCIsMzE4XSxbLTUsIi0iXSxbLTEyLCJudWxsIl0sWy0xNCwiLSJdLFstMTUsIi0iXSxbLTI0LCJbXSJdLFstNDksIi0iXSxbLTY2LCJnZW9sb2NhdGlvbixjaHVhZnVsbHZlcnNpb25saXN0LGNyb3Nzb3JpZ2luaXNvbGF0ZWQsc2NyZWVud2FrZWxvY2sscHVibGlja2V5Y3JlZGVudGlhbHNnZXQsc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxjaHVhYXJjaCxjb21wdXRlcHJlc3N1cmUsY2hwcmVmZXJzcmVkdWNlZHRyYW5zcGFyZW5jeSx1c2IsY2hzYXZlZGF0YSxwdWJsaWNrZXljcmVkZW50aWFsc2NyZWF0ZSxzaGFyZWRzdG9yYWdlLHJ1bmFkYXVjdGlvbixjaHVhZm9ybWZhY3RvcnMsY2hkb3dubGluayxvdHBjcmVkZW50aWFscyxwYXltZW50LGNodWEsY2h1YW1vZGVsLGNoZWN0LGF1dG9wbGF5LGNhbWVyYSxwcml2YXRlc3RhdGV0b2tlbmlzc3VhbmNlLGFjY2VsZXJvbWV0ZXIsY2h1YXBsYXRmb3JtdmVyc2lvbixpZGxlZGV0ZWN0aW9uLHByaXZhdGVhZ2dyZWdhdGlvbixpbnRlcmVzdGNvaG9ydCxjaHZpZXdwb3J0aGVpZ2h0LGxvY2FsZm9udHMsY2h1YXBsYXRmb3JtLG1pZGksY2h1YWZ1bGx2ZXJzaW9uLHhyc3BhdGlhbHRyYWNraW5nLGNsaXBib2FyZHJlYWQsZ2FtZXBhZCxkaXNwbGF5Y2FwdHVyZSxrZXlib2FyZG1hcCxqb2luYWRpbnRlcmVzdGdyb3VwLGNod2lkdGgsY2hwcmVmZXJzcmVkdWNlZG1vdGlvbixicm93c2luZ3RvcGljcyxlbmNyeXB0ZWRtZWRpYSxneXJvc2NvcGUsc2VyaWFsLGNocnR0LGNodWFtb2JpbGUsd2luZG93bWFuYWdlbWVudCx1bmxvYWQsY2hkcHIsY2hwcmVmZXJzY29sb3JzY2hlbWUsY2h1YXdvdzY0LGF0dHJpYnV0aW9ucmVwb3J0aW5nLGZ1bGxzY3JlZW4saWRlbnRpdHljcmVkZW50aWFsc2dldCxwcml2YXRlc3RhdGV0b2tlbnJlZGVtcHRpb24saGlkLGNodWFiaXRuZXNzLHN0b3JhZ2VhY2Nlc3Msc3luY3hocixjaGRldmljZW1lbW9yeSxjaHZpZXdwb3J0d2lkdGgscGljdHVyZWlucGljdHVyZSxtYWduZXRvbWV0ZXIsY2xpcGJvYXJkd3JpdGUsbWljcm9waG9uZSJdLFsiZGRiIiwiMCwyNSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDQsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwyLDEsMCwxLDAsMCwwLDEsMyw1NCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMSwzLDAsNiwwLDAsMCwwLDAsMSwyNywwLDAsMSwwIl0sWyJjYiIsIjEsMCwwLDAsMSwwLDAsMCwwLDEsMCwwLDQzLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDUsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDEsMCwwLDAsMCwwLDEsMCwxLDIsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMTEsMCwwLDAsMCwwLDAsMCwxLDAsMCwxIl1d&dep=0&pre=0&sdd=%7B%7D&cri=w8Iga89Yzk&pto=3081&ver=62&gac=-&mei=&ap=&fe=1&duid=1.1731331077.YMvUFMktscARFcjH&suid=1.1731331077.7V5uH7qIxg4suJrZ&tuid=1.1731331077.ZJNHLMHaYJ5tY5dI&fbc=-&gtm=WyJHQTQgSUQgUmVjb3JkaW5nIl0%3D&it=96%2C2406%2C129&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
4d31b5249b5549a5f561c3bf4d600600d61c581d526f5f38c6c75d86fc5b0a5e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
https://www.zscaler.com
content-encoding
gzip
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
content-length
1372
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
text/javascript
otFlat.json
cdn.cookielaw.org/scripttemplates/202409.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202409.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-md5
RGlYb2KBTfdkPpxIxwwu0g==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCED8C8519203B
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
15512
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/json
last-modified
Wed, 16 Oct 2024 02:44:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
19d25ec3-c01e-0038-3699-1fd2d3000000
cf-ray
8e0e90c0aef25d48-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
3003
x-ms-blob-type
BlockBlob
server
cloudflare
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202409.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202409.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-md5
fyGpUoUy0eZkGUgUg6MkZA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCED8C86295E6C
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
19130
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/json
last-modified
Wed, 16 Oct 2024 02:44:58 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
c7b4c099-501e-0079-2499-1ffac0000000
cf-ray
8e0e90c0aef45d48-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1738
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202409.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202409.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c496fcbe60fec78dc1b86a9136644d9a97cae20df32be3e9a4a62ce7bd0e6a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-md5
HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
minify
cf-cache-status
HIT
x-ms-version
2009-09-19
age
19015
content-encoding
gzip
x-content-type-options
nosniff
cf-polished
origSize=24745
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
text/css
last-modified
Wed, 16 Oct 2024 02:45:07 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
4801ab97-b01e-0073-6598-1fe349000000
cf-ray
8e0e90c0aef65d48-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
details
eps.6sc.co/v3/company/ 		760 B
663 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://eps.6sc.co/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.108.141 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afe865822f884bb48.awsglobalaccelerator.com
Software
/
Resource Hash
01dbfcc921d5a74b7b9ac6762a811d03deb96ecedf61f5bc8fb56c25995c34c3

Request headers

Authorization
Token 1dc729230d6b8d19bab5e6236d81f60c4dca0823
X-6s-CustomID
WebTag 6934ae2b-4c76-4229-97d0-8f637b004b88
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-expose-headers
X-6si-Region
timing-allow-origin
https://6sense.com
content-encoding
gzip
x-6si-region
access-control-allow-credentials
true
access-control-allow-origin
https://www.zscaler.com
content-length
404
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/json
vary
Origin, Accept-Encoding
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A17%3A56%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.29
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"5e502810-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:17:57 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
image/gif
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22ab9750bca4342498694e239e304dd3a9%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Nov%202024%2013%3A17%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%221dc729230d6b8d19bab5e6236d81f60c4dca0823%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Nov%202024%2013%3A17%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Nov%202024%2013%3A17%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Nov%202024%2013%3A17%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%226934ae2b-4c76-4229-97d0-8f637b004b88%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Nov%202024%2013%3A17%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Nov%202024%2013%3A17%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Nov%202024%2013%3A17%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.29
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f02dad-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:17:57 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
117186981
api.intellimize.co/prediction/ 		68 B
379 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.intellimize.co/prediction/117186981
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.49.5.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-5-89.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e34ab80bade0856dd59e0b4b8f0fa0ddb1be0f3c46e48fe045824b7036599356
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.zscaler.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://www.zscaler.com
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/json
vary
Accept-Encoding, Origin
details
eps.6sc.co/v3/company/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://eps.6sc.co/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.108.141 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afe865822f884bb48.awsglobalaccelerator.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.zscaler.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
content-length
0
date
Mon, 11 Nov 2024 13:17:57 GMT
timing-allow-origin
https://6sense.com
x-6si-region
logger
log.intellimize.co/ 		3 B
324 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://log.intellimize.co/logger
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.39.15.251 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-39-15-251.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.zscaler.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://www.zscaler.com
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/json
vary
Accept-Encoding, Origin
logger
log.intellimize.co/ 		3 B
316 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://log.intellimize.co/logger
Requested by
Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.39.15.251 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-39-15-251.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.zscaler.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://www.zscaler.com
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/json
vary
Accept-Encoding, Origin
zscaler-variation-icon-white.png
cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a48-f85f-7774-95d7-08faa6aa3c7b/12ee0f04-1958-4b33-a1d4-12aaee5a0f25/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a48-f85f-7774-95d7-08faa6aa3c7b/12ee0f04-1958-4b33-a1d4-12aaee5a0f25/zscaler-variation-icon-white.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-md5
AjwaatmEihRgIitZTQhd5w==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DC4977B36FCFB2
age
62717
cf-cache-status
HIT
x-content-type-options
nosniff
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
image/png
last-modified
Thu, 21 Mar 2024 07:22:44 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
11b1ed99-101e-008a-538e-7b6232000000
cf-ray
8e0e90c25c89dcce-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1448
x-ms-blob-type
BlockBlob
server
cloudflare
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=ipv6&q=%7B%22address%22%3A%222a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f020a0-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:17:57 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
v
v.eps.6sc.co/ 		12 B
520 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://v.eps.6sc.co/v
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-42.muc50.r.cloudfront.net
Software
/
Resource Hash
512a4f403d30a587ad5ab0b9fa7b2fd4f078249ee03f9c23c445332838f6a436

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://www.zscaler.com/

Response headers

x-amz-apigw-id
BFWRBETQIAMEm0g=
x-amzn-trace-id
Root=1-67320406-66d4edea373c78bb65052922;Parent=574481dc6e3b34a3;Sampled=0;Lineage=1:56167173:0
access-control-allow-methods
OPTIONS,POST
x-amzn-requestid
dac5ff60-3a65-419d-b053-67b6370fcad0
via
1.1 66e1af4a9e82225c770ca97b3baaf86e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
12
x-amz-cf-id
s7au7BqfZS1r1_xCNi43MvthrBACDjy20vA9z7NnwU5FBjNuUEcTUg==
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
application/json
x-amz-cf-pop
MUC50-P3
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=6sense-temp-analytics&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=https%3A%2F%2Feps.6sc.co&q=%7B%22name%22%3A%22https%3A%2F%2Feps.6sc.co%2Fv3%2Fcompany%2Fdetails%22%2C%22entryType%22%3A%22resource%22%2C%22startTime%22%3A3150.3999996185303%2C%22duration%22%3A391.19999980926514%2C%22initiatorType%22%3A%22xmlhttprequest%22%2C%22deliveryType%22%3A%22%22%2C%22nextHopProtocol%22%3A%22%22%2C%22renderBlockingStatus%22%3A%22non-blocking%22%2C%22workerStart%22%3A0%2C%22redirectStart%22%3A0%2C%22redirectEnd%22%3A0%2C%22fetchStart%22%3A3150.3999996185303%2C%22domainLookupStart%22%3A0%2C%22domainLookupEnd%22%3A0%2C%22connectStart%22%3A0%2C%22secureConnectionStart%22%3A0%2C%22connectEnd%22%3A0%2C%22requestStart%22%3A0%2C%22responseStart%22%3A0%2C%22firstInterimResponseStart%22%3A0%2C%22responseEnd%22%3A3541.5999994277954%2C%22transferSize%22%3A0%2C%22encodedBodySize%22%3A0%2C%22decodedBodySize%22%3A0%2C%22responseStatus%22%3A200%2C%22serverTiming%22%3A%5B%5D%2C%22metadata%22%3A%7B%22region%22%3A%22header-blocked%22%7D%7D&isIframe=false&m=%7B%22endpoint%22%3A%22epsilon.6sense.com%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=&d=1&v=1.1.29
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f020a0-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:17:57 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
v
v.eps.6sc.co/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://v.eps.6sc.co/v
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-42.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Mon, 11 Nov 2024 13:17:57 GMT
via
1.1 66e1af4a9e82225c770ca97b3baaf86e.cloudfront.net (CloudFront)
x-amz-apigw-id
BFWQ-FRTIAMEE0Q=
x-amz-cf-id
ybhRoR18j2MHPbhn57dhXFD6oa2Sy7Y5MrYm6IYmNvh5-qV6HBEl0w==
x-amz-cf-pop
MUC50-P3
x-amzn-requestid
2a5561ff-66cf-4a23-9ed3-f28d94bbbdb3
x-cache
Miss from cloudfront
3b7d441f-e5a3-4c67-b7c2-c5fc987868ec
https://www.zscaler.com/ Frame 		0
0
js
www.googletagmanager.com/gtag/ 		426 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8b52b87521090f4ac95ac9cc905b6c566f8a1d27837f006b6832bc09432bd68c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 11 Nov 2024 13:17:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
138466
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		423 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c&gtm=45He4b70v71607006za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b81ef63d8310b9e605a677b33d586b91b766b97aeacad6752486202d932a8160
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 11 Nov 2024 13:17:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
137399
x-xss-protection
0
server
Google Tag Manager
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6dba87f2bb4627686798df345a05d779c19b18fe0ab7366e2269786bc3251798
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-TYyVN9YZ' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-TYyVN9YZ' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=7, rtx=0, c=23, mss=1232, tbw=4511, tp=10, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
2NxbPciKTn6+J9+ZOBrihZGqFTvo66Tzz0Wc5OYGYqADjYFMx/dsIHBdhKD/UhX9QYFqFVtLKGRbwMpUet1WMw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62105
x-xss-protection
0
origin-agent-cluster
?1
bat.js
bat.bing.com/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: C2030E474C6F4C8099BB7F89B7D433F5 Ref B: FRA31EDGE0419 Ref C: 2024-11-11T13:17:57Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Mon, 11 Nov 2024 13:17:56 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/ 		300 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
535839874c6f36b2d27825ed99ae9a4ef6ab8e88b0fa0de19d198ff3a727c03d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 11 Nov 2024 13:17:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 11 Nov 2024 12:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
102399
x-xss-protection
0
server
Google Tag Manager
/
www.google.de/pagead/1p-conversion/812494211/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=431760594&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWx...
  • https://www.google.com/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=431760594&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxA...
  • https://www.google.de/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=431760594&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=431760594&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIzZ2D767UiQMVhJ6DBx05SBxLMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwCa7L7dSw9rI94yUQ0pG5sekkNGCumcGsxxTg&random=2319199283&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H3
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 11 Nov 2024 13:17:58 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.de/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=431760594&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIzZ2D767UiQMVhJ6DBx05SBxLMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwCa7L7dSw9rI94yUQ0pG5sekkNGCumcGsxxTg&random=2319199283&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 11 Nov 2024 13:17:57 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
tc_imp.gif
obs.iseaskies.com/tracker/ 		43 B
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://obs.iseaskies.com/tracker/tc_imp.gif?e=37dfbd8ee84e001269efc436eb478d9a9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5811896d2e17071a10acf9f29f674d8481df0228384ffe7d76528e3add659100320172c6525656300d5fcfec6a4e77be26bb25cb43e2916af05065aa587c7a1b8954ed14f497d7df3dbb2907fe7fcaa0036d860e3412791193d35067f360b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf62e8ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e8288b362c3320883aacf7a4a11f03067ae901261e9deaa278a57ad44e78649ca48d9d36d9a6d279c9b22da6198cefab6cdb3f11338ae6bf2fbb9234e2bfb94248efe01e0141a54954309da8dcec8cff18021853bd79fa29873f867342483692c978490446ad7ff63a613e09041d971a46f4c465bcf20ae42cac4be7abf913fc153e49dca8b3cc1584975e61114547d5931d2a76fb34bd9cf8123b5df6cfa8b63cc81e0f97e9ab3fc4e2630c8ef590483e4471a12f3eff339fa2890e95fe6fc3ce16eaa23e126c608c5fa2ecd1b3bf6ebc374353e7c11685e0a42e8a3d92ec008a55752517aa0a645cdcb4059bfbc9ffaef7edeffbaadc0a1f8a00f1663a5558ca4077c9f51324aa43f042432b202fb6413d0f6d37f98368556d7f27993fc74cd6905333d106001de9cf6d157785693044697d5c5bab0ca530582b1bd7d96cc6f7ad8d2123875f891d95626ab26855f9d12ff3e9b12d8c90ff9ba32e19c94d3845a61e7e3277e8171af91adaa159e7029100595055f42e5e606dbfe1ed89885c953ce8684300f3740b923c278ec30c4fc32d2711050234c2e25994892937010e03bd2ade734c7ce4a8f7570ac107c2b98f6d66c5fab09f2cf69925035430fc6794690b3c52c8e0e6a888f01a0c1dcf88343d95e542212f5694f28e2e87021c26d8e84c469e6d6b8774f60b028605e16c57c3dfa8bac5c48826871cf85d3108d85c6900a73fe69e45908039b177c21c7da055d9982b694f0b810e233ba7c9578909d08c5f1ea6b6abac452c89dbdbbd8e19690765086e63947c47cc15b8f54e0f839f78c9e8033a08cd6fbf25a69cba2b5bc51cb5494404f34477ac09125248d26f857d38a36ab1f34f0341db770c1d22027fe3e2e465796a28971c68e13&cri=w8Iga89Yzk&ts=549&cb=1731331077679
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
date
Mon, 11 Nov 2024 13:17:57 GMT
pragma
no-cache
content-type
image/gif
d69a2a8e-ea88-4131-9ec5-53866ef1a7b8
https://www.zscaler.com/ Frame 		0
0
295018432.js
bat.bing.com/p/action/ 		362 B
421 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/295018432.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1fc671898ad010ba690b89d83f8c813088990a6018b21818096387fe4a2c8e67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 29608FEE46574052AB23936C19E170B4 Ref B: FRA31EDGE0419 Ref C: 2024-11-11T13:17:57Z
x-cache
CONFIG_NOCACHE
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
1778897272132032
connect.facebook.net/signals/config/ 		79 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1778897272132032?v=2.9.176&r=stable&domain=www.zscaler.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b03e15a09b5530f3df380429691bf70805eaf2610f9fb189eaaa31cab3454925
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-LNLCW1lu' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 13:17:57 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-LNLCW1lu' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=7, rtx=30, c=50, mss=1232, tbw=107929, tp=98, tpl=30, uplat=1, ullat=-1
pragma
public
x-fb-debug
gs+uHFyYhHhtVF04v7p4ZPiRarPhzUTltSK+I3sWCgAR2+LYwc3l2TVTpYzluXGKjGJGaHT3GMLfHZ7QW+7MSg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
15720
x-xss-protection
0
origin-agent-cluster
?1
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A17%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A17%3A56%20GMT%22%2C%22timeSpent%22%3A%221013%22%2C%22totalTimeSpent%22%3A%221013%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"60bb2e15-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:17:58 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
image/gif
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
/
www.facebook.com/tr/ 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1778897272132032&ev=CHEQ&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&rl=&if=false&ts=1731331078075&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12318&fbp=fb.1.1731331078043.575926447836430605&ler=empty&cdl=API_unavailable&it=1731331077908&coo=false&rqm=GET
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=7, rtx=0, c=10, mss=1328, tbw=2909, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1778897272132032&ev=CHEQ&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&rl=&if=false&ts=1731331078075&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12318&fbp=fb.1.1731331078043.575926447836430605&ler=empty&cdl=API_unavailable&it=1731331077908&coo=false&rqm=FGET
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7436010358866101768"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
PrW9up/taNg2rZyrB8sCoRVGK0abkHmIVZiOmSgL7YKZwa1ylp14pCzS17N8i2AHMTAdMKQ0gnExVn3zX0Ar5w==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7436010358866101768", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=9, rtx=1, c=10, mss=1328, tbw=3226, tp=-1, tpl=-1, uplat=144, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
cross-origin-opener-policy-report-only
restrict-properties;report-to="coop_report"
x-xss-protection
0
origin-agent-cluster
?0
collect
www.google.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&scrsrc=www.googletagmanager.com&frm=0&rnd=1945019798.1731331078&auid=1320710476.1731331078&npa=1&did=dYWJhMj&gdid=dYWJhMj&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&tft=1731331078108&tfd=4058&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers
/
www.googleadservices.com/pagead/conversion/812494211/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/812494211/?random=1731331078124&cv=11&fst=1731331078124&bg=ffffff&guid=ON&async=1&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=WINELOADER%20Analysis%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=1320710476.1731331078&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-aa-in-f2.1e100.net
Software
cafe /
Resource Hash
2aa2f9166cf2a5f605c498be059f96a97c31c367424c973ec46dd8b26f89a434
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
2733
date
Mon, 11 Nov 2024 13:17:58 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4b70v883639532za200zb71607006&_p=1731331075473&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629~102017403&gdid=dYWJhMj&cid=2024932408.1731331078&ecid=61663405&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1731331078&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&dt=WINELOADER%20Analysis%20%7C%20ThreatLabz&en=CQ&_fv=1&_nsi=1&_ss=1&_ee=1&up.cq_category=bots&tfd=4217
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c&gtm=45He4b70v71607006za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.zscaler.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
554 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=2024932408.1731331078&gtm=45je4b70v883639532za200zb71607006&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101823848~101925629~102017403
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c&gtm=45He4b70v71607006za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.zscaler.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-10SPJ4YJL9&cid=2024932408.1731331078&gtm=45je4b70v883639532za200zb71607006&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101823848~101925629~102017403&tag_exp=101823848~101925629~102017403&z=1736999481
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 11 Nov 2024 13:17:58 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.de/pagead/1p-conversion/812494211/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1835768335&cv=11&fst=1731331078124&bg=ffffff&guid=ON&async=1&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l...
  • https://www.google.com/pagead/1p-conversion/812494211/?random=1835768335&cv=11&fst=1731331078124&bg=ffffff&guid=ON&async=1&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma...
  • https://www.google.de/pagead/1p-conversion/812494211/?random=1835768335&cv=11&fst=1731331078124&bg=ffffff&guid=ON&async=1&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/812494211/?random=1835768335&cv=11&fst=1731331078124&bg=ffffff&guid=ON&async=1&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=WINELOADER%20Analysis%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=1320710476.1731331078&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQIIosWxAgjTxbECCKXGsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIkK2b767UiQMVfIiDBx2vWTK_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS9CV0NoQUlnUFBHdVFZUTFJLXhfTWJ0dU9kbUVpMEFvWjNKaGsycHZiYm1lN0V5VzVKYXctOUhmNWJBalhNS1N2OVNrY2VobmFxY3ZCNUxSbXFBYmNRalZDbw&is_vtc=1&cid=CAQSKQCa7L7dMp3ippGq5gbIsgWk4nQHxoipGGonMaBNef38ETGA7KnyaaBN&random=1382265021&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H3
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 11 Nov 2024 13:17:58 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.de/pagead/1p-conversion/812494211/?random=1835768335&cv=11&fst=1731331078124&bg=ffffff&guid=ON&async=1&gtm=45be4b70v882815967za200zb71607006&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=WINELOADER%20Analysis%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=1320710476.1731331078&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQIIosWxAgjTxbECCKXGsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIkK2b767UiQMVfIiDBx2vWTK_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS9CV0NoQUlnUFBHdVFZUTFJLXhfTWJ0dU9kbUVpMEFvWjNKaGsycHZiYm1lN0V5VzVKYXctOUhmNWJBalhNS1N2OVNrY2VobmFxY3ZCNUxSbXFBYmNRalZDbw&is_vtc=1&cid=CAQSKQCa7L7dMp3ippGq5gbIsgWk4nQHxoipGGonMaBNef38ETGA7KnyaaBN&random=1382265021&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 11 Nov 2024 13:17:58 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame CE01 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame CE01 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
zi-tag.js
js.zi-scripts.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.zi-scripts.com/zi-tag.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
x-amz-version-id
PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
etag
W/"b2877da906a3216c4f3fc4030b205e54"
age
37598
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
A391l9EKegb_TD_20xkBt-IVkm9Wbj8BjPiaGuoxet7PHWrjfmBgog==
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
application/javascript
last-modified
Thu, 18 Jul 2024 08:13:46 GMT
vary
Accept-Encoding
via
1.1 3431ec594cac61983aae2d9ffaf23980.cloudfront.net (CloudFront)
cf-ray
8e0e90c84853d2df-FRA
x-amz-cf-pop
FRA56-P4
server
cloudflare
favicon-32x32.ico
www.zscaler.com/favicons/ 		4 KB
995 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/favicons/favicon-32x32.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader

Response headers

strict-transport-security
max-age=31536000; preload
cache-control
public,max-age=0,must-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"875ed25f85201afbfc383f6b833f32c5-ssl"
age
13928
x-content-type-options
nosniff
cf-ray
8e0e90c838b6d2a6-FRA
x-nf-request-id
01JCDNZE9783XTWQF5JYBY3546
date
Mon, 11 Nov 2024 13:17:58 GMT
cache-status
"Netlify Edge"; hit
content-type
image/vnd.microsoft.icon
server
cloudflare
getSubscriptions
js.zi-scripts.com/unified/v1/master/ 		203 B
579 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e04a90484b979cfb73531449524bcebba53951cbc5287ad76fe55d0e660dc661

Request headers

Authorization
Bearer e6609b6e9a1669129391
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
visited_url
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader#key-takeaways

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"cb-Kj8sycnudAJeQuwl0y4LWHLluY4"
apigw-requestid
BFWRHhzgvHcEPUg=
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
eOJQbfPyv2hE2SQ2RVOr7XsyeQFFy8o5mNrGEIJsAgz6HFEZlafJOA==
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
application/json; charset=utf-8
vary
Origin
via
1.1 34fdfb7c7c11559df7e622af2b62f5ca.cloudfront.net (CloudFront)
cf-ray
8e0e90c9c8d83a97-FRA
access-control-allow-origin
https://www.zscaler.com
x-amz-cf-pop
FRA56-P4
x-powered-by
Express
server
cloudflare
getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,visited_url
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods
POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin
https://www.zscaler.com
alt-svc
h3=":443"; ma=86400
apigw-requestid
BFWRFgTmvHcEMcA=
cf-cache-status
DYNAMIC
cf-ray
8e0e90c89fce3a97-FRA
date
Mon, 11 Nov 2024 13:17:58 GMT
server
cloudflare
vary
Origin
via
1.1 3431ec594cac61983aae2d9ffaf23980.cloudfront.net (CloudFront)
x-amz-cf-id
bVtOzWDFzuh_-toQp14BmL2iuZ2Ul9NkFiKXd7Eh0S0qPnt9QxEEiA==
x-amz-cf-pop
FRA56-P4
x-cache
Miss from cloudfront
x-powered-by
Express
mon
obs.iseaskies.com/ 		0
147 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.zscaler.com/

Response headers

access-control-allow-origin
https://www.zscaler.com
content-length
0
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
mon
obs.iseaskies.com/ 		0
16 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.zscaler.com/

Response headers

access-control-allow-origin
https://www.zscaler.com
content-length
0
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
formcomplete.js
ws-assets.zoominfo.com/ 		49 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws-assets.zoominfo.com/formcomplete.js
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=A2aW0Q==, md5=JRurSHzL3UB0yE1Wjm0Zqg==
cf-cache-status
DYNAMIC
etag
W/"251bab487ccbdd4074c84d568e6d19aa"
age
27
content-encoding
gzip
x-goog-stored-content-encoding
identity
expires
Mon, 11 Nov 2024 14:17:31 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
50634
date
Mon, 11 Nov 2024 13:17:58 GMT
content-type
application/javascript
last-modified
Wed, 06 Nov 2024 05:44:23 GMT
x-guploader-uploadid
AHmUCY3wG4SuG3WIMP0_UGic9menePxzlQ65GzJVvmn4v3b9ytxZtNA3LMgdmzYzG4-QSlTt68M
cache-control
public, max-age=3600
x-goog-storage-class
STANDARD
cf-ray
8e0e90caff6dd2be-FRA
x-goog-generation
1730871862939881
server
cloudflare
/
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a5240c0c48b5d9f3917202ea3ef9549e5036a9d834bc123a4d98876b02f326e2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

_zitok
68c6de22090f7332059b1731331078
_vtok
MTM4LjE5OS4zOC4xMzM=
visited-url
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader#key-takeaways
Referer
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/javascript

Response headers

x-robots-tag
noindex, nofollow
content-encoding
gzip
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
cf-ray
8e0e90cbfc984dc3-FRA
access-control-allow-origin
https://www.zscaler.com
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 13:17:59 GMT
content-type
text/javascript
vary
Accept-Encoding
x-powered-by
Express
server
cloudflare
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
/
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
_vtok,_zitok,content-type,visited-url
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin
https://www.zscaler.com
allow
GET,HEAD
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e0e90caf9e33aa4-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 11 Nov 2024 13:17:59 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
x-robots-tag
noindex, nofollow
forms
ws.zoominfo.com/formcomplete-v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/formcomplete-v2/forms
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin
https://www.zscaler.com
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e0e90cb5a3f3aa4-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 11 Nov 2024 13:17:59 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
x-robots-tag
noindex, nofollow
forms
ws.zoominfo.com/formcomplete-v2/ 		321 B
618 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/formcomplete-v2/forms
Requested by
Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Authorization
bearer 370c892e688e1744cd312ed1426b3a
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

x-robots-tag
noindex, nofollow
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"141-mLq6O+j3ZcyvZxAx4AvrvpOh24w"
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 13:17:59 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
access-control-allow-credentials
true
via
1.1 google
cf-ray
8e0e90cc5ce44dc3-FRA
access-control-allow-origin
https://www.zscaler.com
x-powered-by
Express
server
cloudflare
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A17%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A17%3A57%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222013%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f020a0-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:17:59 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:17:59 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
2b06ff09-b10c-495b-9717-be8036c78f98
https://www.zscaler.com/ 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
blob:https://www.zscaler.com/2b06ff09-b10c-495b-9717-be8036c78f98
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a5240c0c48b5d9f3917202ea3ef9549e5036a9d834bc123a4d98876b02f326e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
text/javascript
Content-Length
3033
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A17%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A17%3A58%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223013%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f020a0-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:18:00 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:18:00 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
mon
obs.iseaskies.com/ 		0
39 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.zscaler.com/

Response headers

access-control-allow-origin
https://www.zscaler.com
content-length
0
date
Mon, 11 Nov 2024 13:18:00 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A17%3A59%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224014%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"60bb2e15-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:18:01 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:18:01 GMT
content-type
image/gif
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A00%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225014%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f02dad-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:18:02 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:18:02 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
mon
obs.iseaskies.com/ 		0
39 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.zscaler.com/

Response headers

access-control-allow-origin
https://www.zscaler.com
content-length
0
date
Mon, 11 Nov 2024 13:18:02 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A01%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226015%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"615ccf10-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:18:03 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:18:03 GMT
content-type
image/gif
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
app.js
acsbapp.com/apps/app/dist/js/ 		380 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acsbapp.com/apps/app/dist/js/app.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b9b -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
7c3094596e54b1fc061a15eea50be0ece483c199e5c7728ba24d534dcdf93a4a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

x-goog-metageneration
3
access-control-expose-headers
*
x-goog-hash
crc32c=UFfPkQ==, md5=G8dxHFsInpMunGDC4OEp2Q==
cf-cache-status
REVALIDATED
etag
W/"1bc7711c5b089e932e9c60c2e0e129d9"
content-encoding
br
x-goog-stored-content-encoding
identity
expires
Tue, 11 Nov 2025 13:18:03 GMT
x-goog-stored-content-length
389507
date
Mon, 11 Nov 2024 13:18:03 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 06 Nov 2024 16:45:17 GMT
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY3ijGXyYn5W62o4d2Pa1m3gn8i2L1yb0txs4RQXklYD1Www9DJiyww85bJg5GiOF1jF3XVbXjPDTA
cache-control
public, max-age=300, must-revalidate
x-goog-storage-class
STANDARD
cf-ray
8e0e90e79a259b5b-FRA
access-control-allow-origin
*
x-goog-generation
1730911517857344
server
cloudflare
config.json
cdn.acsbapp.com/config/zscaler.com/ 		163 B
700 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.acsbapp.com/config/zscaler.com/config.json?page=%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways
Requested by
Host: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1cc -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
e20594a73ecbdcb15e351a97aaed3f415fd3872c916d10a452bcb23b6329a06f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cr7nwQ==, md5=Gryic5fvx+CKF1M8SFqLWQ==
cf-cache-status
MISS
etag
W/"1abca27397efc7e08a17533c485a8b59"
content-encoding
br
x-goog-stored-content-encoding
identity
expires
Tue, 11 Nov 2025 13:18:04 GMT
x-goog-stored-content-length
163
date
Mon, 11 Nov 2024 13:18:04 GMT
content-type
application/json
last-modified
Tue, 20 Feb 2024 16:21:37 GMT
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY1nXJV5-t3syukjf_yDQ2JIkVZ-F8DTba68rqnrtr5ohiaN6pWMeZxN6a4QNhqooGt75xIOBR1m_g
cache-control
public, max-age=300, must-revalidate
x-goog-storage-class
STANDARD
cf-ray
8e0e90ec9bac39df-FRA
access-control-allow-origin
*
x-goog-generation
1708446097855326
server
cloudflare
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A04%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A02%20GMT%22%2C%22timeSpent%22%3A%221266%22%2C%22totalTimeSpent%22%3A%227281%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f02dad-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:18:04 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:18:04 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A04%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%228281%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"60bb2e15-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:18:05 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:18:05 GMT
content-type
image/gif
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A05%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%229282%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"5e502810-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:18:06 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:18:06 GMT
content-type
image/gif
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A06%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%2210282%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"615ccf10-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:18:07 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:18:07 GMT
content-type
image/gif
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
mon
obs.iseaskies.com/ 		0
39 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.iseaskies.com/mon
Requested by
Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.zscaler.com/

Response headers

access-control-allow-origin
https://www.zscaler.com
content-length
0
date
Mon, 11 Nov 2024 13:18:07 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=1412baf0-3753-4b4e-847a-a346306580fd&session=ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Nov%202024%2013%3A18%3A07%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2213285%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20technical%20analysis%20of%20APT29%20(Cozy%20Bear)%20delivering%20WINELOADER%20malware%20in%20a%20phishing%20campaign%20targeting%20European%20diplomats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22WINELOADER%20Analysis%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&pageViewId=0884080c-d1fb-449a-83ae-88ac52acd09c&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a02%3A6ea0%3Ac71b%3A0%3A1011%3A8f08%3A5a8e%3A5b36&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zscaler.com/

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f020a0-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 13:18:10 GMT
accept-ranges
bytes
content-length
43
date
Mon, 11 Nov 2024 13:18:10 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.zscaler.com
URL
blob:https://www.zscaler.com/3b7d441f-e5a3-4c67-b7c2-c5fc987868ec
Domain
www.zscaler.com
URL
blob:https://www.zscaler.com/d69a2a8e-ea88-4131-9ec5-53866ef1a7b8

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| OptanonWrapper object| webpackChunk_N_E function| __next_set_public_path__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E function| DOMPurify function| __NEXT_PRELOADREADY object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST object| test object| dataLayer object| renderedForms object| OtTrustedType object| intellimize object| MktoForms2 object| otStubData object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| s object| parentLine function| messageHandler function| tempFunc function| addCaptchaScript string| cPubgJNt object| iOverride function| __defProp function| __defProps function| __getOwnPropDescs function| __getOwnPropSymbols function| __hasOwnProp function| __propIsEnum function| __pow function| __defNormalProp function| __spreadValues function| __spreadProps function| __objRest function| __publicField function| __async string| ipgvidtfr object| _6si function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin function| __ctcg_ct_60409_exec object| Optanon object| OneTrust function| gtag string| OnetrustActiveGroups string| OptanonActiveGroups boolean| _storagePopulated object| iiloc object| icntxtlftrs object| iutmprms object| _cq function| fbq function| Ji object| uetq function| UET function| UET_init function| UET_push object| ueto_c84a93bea1 object| GooglebQhCsO function| onYouTubeIframeAPIReady object| gaGlobal string| ZIProjectKey object| zitag object| ZILogs function| loadZILogs function| errorHandler object| _zi_fc object| regeneratorRuntime object| _zi object| ziws

20 Cookies

Domain/Path Name / Value
.info.zscaler.com/ Name: __cf_bm
Value: MWc0yjaRbbgiM6AxL2Zy58fbscv5a3zG_BgEd0SVc28-1731331075-1.0.1.1-Fj3Louq6QKlg2FeUjaUAtCfjyFf8P3bXf.YGHjf3D0Wf_np9FvouLw1BhAc0rwIJNByJ6y85ClnPguTAqdmTkA
info.zscaler.com/ Name: BIGipServerabmweb-nginx-app_https
Value: !lOrXkNjWJEXXHPlT1L58sRLd9whwR/YmKfTbG1ejG+0UJOFqgLevVHNNjtrUKXc+0SLvr35Fwrhxpg==
.zscaler.com/ Name: _cq_duid
Value: 1.1731331077.YMvUFMktscARFcjH
.zscaler.com/ Name: _cq_suid
Value: 1.1731331077.7V5uH7qIxg4suJrZ
www.zscaler.com/ Name: _gd_visitor
Value: 1412baf0-3753-4b4e-847a-a346306580fd
www.zscaler.com/ Name: _gd_session
Value: ccb9d851-3c7e-44f7-81ab-fc43d4dc5ab2
.www.zscaler.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Mon+Nov+11+2024+14%3A17%3A57+GMT%2B0100+(Mitteleurop%C3%A4ische+Normalzeit)&version=202409.1.0&browserGpcFlag=0&isIABGlobal=false&consentId=e4b48d31-8c41-4d10-8f09-f0f9abc2ff77&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Feuropean-diplomats-targeted-apt29-cozy-bear-wineloader%23key-takeaways&groups=C0001%3A1%2CC0005%3A0%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0&hosts=H36%3A1%2CH120%3A1%2CH59%3A1%2CH88%3A1%2CH98%3A1%2CH141%3A1%2CH45%3A1%2CH46%3A1%2CH100%3A1%2CH79%3A1%2CH132%3A1%2CH119%3A0%2CH12%3A0%2CH123%3A0%2CH153%3A0%2CH144%3A0%2CH82%3A0%2CH106%3A0%2CH140%3A0%2CH165%3A0%2CH168%3A0%2CH169%3A0%2CH145%3A0%2CH139%3A0%2CH31%3A0%2CH116%3A0%2CH4%3A0%2CH102%3A0%2CH76%3A0%2CH103%3A0%2CH60%3A0%2CH96%3A0%2CH162%3A0%2CH167%3A0%2CH20%3A0%2CH175%3A0%2CH22%3A0%2CH97%3A0%2CH121%3A0%2CH108%3A0%2CH65%3A0%2CH83%3A0%2CH131%3A0%2CH110%3A0%2CH111%3A0%2CH112%3A0%2CH185%3A0%2CH114%3A0%2CH190%3A0%2CH191%3A0%2CH118%3A0%2CH101%3A0%2CH150%3A0%2CH151%3A0%2CH129%3A0%2CH152%3A0%2CH52%3A0%2CH154%3A0%2CH133%3A0%2CH155%3A0%2CH192%3A0%2CH156%3A0%2CH8%3A0%2CH157%3A0%2CH158%3A0%2CH159%3A0%2CH104%3A0%2CH193%3A0%2CH160%3A0%2CH161%3A0%2CH163%3A0%2CH164%3A0%2CH105%3A0%2CH14%3A0%2CH149%3A0%2CH146%3A0%2CH166%3A0%2CH40%3A0%2CH15%3A0%2CH194%3A0%2CH17%3A0%2CH170%3A0%2CH171%3A0%2CH172%3A0%2CH173%3A0%2CH63%3A0%2CH124%3A0%2CH174%3A0%2CH176%3A0%2CH177%3A0%2CH178%3A0%2CH134%3A0%2CH135%3A0%2CH179%3A0%2CH147%3A0%2CH180%3A0%2CH136%3A0%2CH189%3A0%2CH130%3A0%2CH181%3A0%2CH182%3A0%2CH109%3A0%2CH183%3A0%2CH184%3A0%2CH113%3A0%2CH186%3A0%2CH115%3A0%2CH33%3A0%2CH34%3A0%2CH187%3A0%2CH188%3A0&genVendors=
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
www.zscaler.com/ Name: _an_uid
Value: 0
obs.iseaskies.com/ Name: cg_uuid
Value: 462f547d051f9127f424ae0f95909b11
.zscaler.com/ Name: _uetsid
Value: 5e621000a02f11efb16523d4577a98c6
.zscaler.com/ Name: _uetvid
Value: 5e63c540a02f11efb4bb4d4c38a510e1
.zscaler.com/ Name: _fbp
Value: fb.1.1731331078043.575926447836430605
.zscaler.com/ Name: _gcl_au
Value: 1.1.1320710476.1731331078
.zscaler.com/ Name: _ga_10SPJ4YJL9
Value: GS1.1.1731331078.1.0.1731331078.60.0.61663405
.zscaler.com/ Name: _ga
Value: GA1.1.2024932408.1731331078
.doubleclick.net/ Name: IDE
Value: AHWqTUmWuVzbxizrAhaWHITjpIQpE2Qh5009bYOMi191Jp_fm5XAN1r5qPVDXorq
.www.zscaler.com/ Name: _zitok
Value: 68c6de22090f7332059b1731331078
.zoominfo.com/ Name: __cf_bm
Value: e8CDSi_y3N4Fxe3Q_0RIT4uH5zsLOI5xUNNWZ3_7XCk-1731331078-1.0.1.1-xh2AXQj61yIck0E1BMNuRxLHrBlKes2ROx9_5kjrVyIPTpCyMmXbYmG8tCkDx8UOfUni2hUK0NoMp_5G6OYtcg
.zoominfo.com/ Name: _cfuvid
Value: 89ukq1oLL00moxEDbtKzuxjsTHzC9GP4084jSnfP4bI-1731331078908-0.0.1.1-604800000

24 Console Messages

Source Level URL
Text
rendering warning URL: https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-apt29-cozy-bear-wineloader#key-takeaways
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0F00E08E41A0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
worker verbose URL: blob:https://www.zscaler.com/3b7d441f-e5a3-4c67-b7c2-c5fc987868ec(Line 1)
Message:
Error
security error URL: https://www.googletagmanager.com/
Message:
Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com https://zscaler.my.site.com".
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c&gtm=45He4b70v71607006za200(Line 453)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://explore.zscaler.com blob: ; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com https://zscaler.my.site.com ; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com https://zscaler.my.site.com;
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

117186981.intellimizeio.com
acsbapp.com
api.intellimize.co
b.6sc.co
bat.bing.com
c.6sc.co
cdn.acsbapp.com
cdn.cookielaw.org
cdn.intellimize.co
connect.facebook.net
eps.6sc.co
geolocation.onetrust.com
googleads.g.doubleclick.net
info.zscaler.com
ipv6.6sc.co
j.6sc.co
js.zi-scripts.com
log.intellimize.co
munchkin.marketo.net
ob.iseaskies.com
obs.iseaskies.com
region1.analytics.google.com
secure.adnxs.com
stats.g.doubleclick.net
v.eps.6sc.co
ws-assets.zoominfo.com
ws.zoominfo.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.zscaler.com
www.zscaler.com
104.17.74.206
104.18.37.212
151.101.2.132
18.173.154.42
2.17.100.184
2001:4860:4802:32::36
216.58.206.34
23.199.214.136
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
2600:9000:223e:5400:c:d449:2a40:93a1
2606:4700:10::6816:1cc
2606:4700:10::ac43:b9b
2606:4700:4400::6812:2089
2606:4700::6810:752b
2606:4700::6810:762b
2606:4700::6812:1d4a
2606:4700::6812:572a
2620:1ec:33:1::10
2a00:1450:4001:806::2004
2a00:1450:4001:81c::2002
2a00:1450:4001:828::2003
2a00:1450:4001:830::2008
2a00:1450:400c:c09::9a
2a02:26f0:ab00::214:8e41
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
37.252.171.52
52.213.91.154
52.39.15.251
52.49.5.89
75.2.108.141
007c2ba9a1fcd3cd52c7c4684c59696f26cbf7331c2f058000fb0cdf9547b712
01dbfcc921d5a74b7b9ac6762a811d03deb96ecedf61f5bc8fb56c25995c34c3
022637e718fb5f447bd571c6a164ad796da674d6b1aa89e5745a5537437ef9d2
02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
04a645879eebf5a21e376ea7a88ecab85e94d83e8efe848b999b27f152303f85
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
0c57780c294c4ac3bb4790f10f11ab4afe4e323819d2ae1278de9cc6b390fc7a
0e1bfe53260b5fa35318df2850a20f74c97d41af88b7d233d331811d842f26d3
13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5
1ab49fd90ca814517ecccd0199152e764e8fcb16e0fd6ed91358d3aea88f753f
1fc671898ad010ba690b89d83f8c813088990a6018b21818096387fe4a2c8e67
24ac69ad45d84f566fbb9c1cf9d49296e25dca8faf1958c80f671dcbd5763d8d
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
29d106d265188e649c5573b599ed4aa1421b49cf320253d89fa43400c1941175
2aa2f9166cf2a5f605c498be059f96a97c31c367424c973ec46dd8b26f89a434
2d9183b27b8de385dd66e998d48d863f3f82e679bd39e65a18cf5e6430703e8b
2f0ce935f23a1a787a427daf4fd07dd3a394d6ad5b0f4dc74238c76125061f80
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
36abed3d20085dbc2ef2778631d3f5efd0e8000db1925e2de3a18649671d4e02
3dbe0a02ce3100e00f27c08158c477693c0d031094e9866ebc94c8342e488fb3
42717a207578018b81bd5bfb13fd41672e8081f2fa517e078b437c080885bb3c
46eb2118b20ddb71cb84996746b47df99c02f1c9019f21d4cf85a5504aea1049
4d31b5249b5549a5f561c3bf4d600600d61c581d526f5f38c6c75d86fc5b0a5e
4faa00f1e2271d92c883c7e35dad0c513f51a8bbe437cfc9b624aeba1d95b82b
4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06
512a4f403d30a587ad5ab0b9fa7b2fd4f078249ee03f9c23c445332838f6a436
535839874c6f36b2d27825ed99ae9a4ef6ab8e88b0fa0de19d198ff3a727c03d
54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3
56df5bf2317bc2156b954c3fd2913afcce23eb4947c47f3ac401017dc4a0151d
56f238c8e454d264b8f83c39e9e71aae84fddf221d68a137ebc287f38e15136b
5724bbf488707332ae05dff33e2e3c6f8d58b4dfa425c3f545433fd5e4f94675
57d030752d740552eb7759a0dd8e487e96ca86b03c0aa53a7e2b1c213ae74f5f
58d24af2b13a7e3b1c93d52d42c5fa657956deb600d7b5a24009140175d02aaa
5d86b2ce4a318c6855a81663452acd96ef6311f4880aa953d6d6fcd8232aaaff
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c
67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3
6c496fcbe60fec78dc1b86a9136644d9a97cae20df32be3e9a4a62ce7bd0e6a6
6dba87f2bb4627686798df345a05d779c19b18fe0ab7366e2269786bc3251798
6e9c619da677845336e5715fd09f8feb00d9ea39c0797c123477725107e3f776
7358c5616f671017f307d161644d253f0f81083b0be68f3a3fefefa33b59de5d
774e08566a15a9afbb217705a2ca66fa20dc5b34885b6977d428220993147106
7875fbe665177221583264ccbbd2f5235fe95dbb92a2e3a0038ccd040af2ae88
7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c
7c3094596e54b1fc061a15eea50be0ece483c199e5c7728ba24d534dcdf93a4a
7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7
7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff
7f6d94f2c0cb031ee68a4125e2ec5bcda8c21d0187affabb22995d0e2a941e60
809710f4ac99089f1c95f10ed632d3a8d346ac3778d12cca05c120378f66e2c3
81a50b09cb85e4ff68788f763b8dcdc549414cecf42ca228a55ab77c971f1286
8485bdafe29126ccb2d8ee5779c1cc007263d7c45c64ef37dd8e22a263ccc31d
89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140
89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723
8b52b87521090f4ac95ac9cc905b6c566f8a1d27837f006b6832bc09432bd68c
9263f0d0b13f1afe135f3130128593ea43ca326e17d73da68e653463efea1d54
945881686d0a47eee9946902d92626dbfab4570d3c5fab2cb7c6e3343ee01f5c
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a310ce14d324e6716845b2dd0c71f15f4b955c1d76996b6494f89939cb71018
9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd
9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc
a0bdb338fc77d4d63a895e5d82d9e478360d25838d4a67857ba9b225d71a0ad8
a5240c0c48b5d9f3917202ea3ef9549e5036a9d834bc123a4d98876b02f326e2
a823f4600a0d01fec7ea9cbf3c51ecf0238645becac9f0bfe80a0c604fad8fbe
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10
aeb78b4c74ea54526ba354be167d3dd0247846f8d4a50b24bbcfd64cb382e0bd
b026ac8e9b650f8a85c8a082f913b04eaa7dde4bf82bef0512f352891b3e0758
b03e15a09b5530f3df380429691bf70805eaf2610f9fb189eaaa31cab3454925
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
b677e677ced8c4a836aed76512f225e795edc1b19123c4cf94a765f8fe89d192
b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc
b81ef63d8310b9e605a677b33d586b91b766b97aeacad6752486202d932a8160
b92441ba350b4367e04e321b08f791f7dfb9ea229c3dd3ff0e91d89abe7e3f2f
bc6311a53e0edc396601870d047945647dc4abf142145ba93df2711a34199b54
beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac
c50154bf911f9809313285ef19578a1d79a87c828dfbec9075332c7dfe726ba8
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336
d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e04a90484b979cfb73531449524bcebba53951cbc5287ad76fe55d0e660dc661
e20594a73ecbdcb15e351a97aaed3f415fd3872c916d10a452bcb23b6329a06f
e30809acecc35e6d400bf6cd54c133a021384e8cef67266b23d9b4af5fdf594b
e34ab80bade0856dd59e0b4b8f0fa0ddb1be0f3c46e48fe045824b7036599356
e34ec55f75e54956867b68b4ba0cd6ea79e8f648d5eefe12ff1e6791b027941c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
ec6358c95b32aeaece636d106b3e3f38c10363e9abca7215df544bca33960779
eddd884436be08bc6ecaff1ea001f0f68eea7fe12664000a6f3646e07961a061
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f34dcf4b0199f8e65fb814e549773b31ac54998d949e166432362f35e5cf4ece
f8b9a51270687afddae089d22440c5231d2876679c608fafe460d4caa2d12c56
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
faa378bee70b57a18eade4c5001ebb3cab08013b948b76a904e2caedfceb5d87
fc16a503a00e28e1ed04003c852cf893536010cf2bd3e57c685f7b62bcbb8b58
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c
fcd564835a4595f7af917a074fd6afc335223a8424f506e4a015635f226bc459
fd8134b4043cb1ce2a1641c56a93561d99bb541ff9820b3c0e115e1b70dd9be3
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a