www.cyfirma.com Open in urlscan Pro
2606:4700:10::6816:189e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cyfirma.com/outofband/cosmicduke-malware-analysis/'
Effective URL:
https://www.cyfirma.com/research/cosmicduke-malware-analysis/
Submission: On April 03 via api (April 3rd 2024, 12:59:31 pm UTC) from BG — Scanned from DE

Summary HTTP 117 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 23 IPs in 5 countries across 16 domains to perform 117 HTTP transactions. The main IP is 2606:4700:10::6816:189e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cyfirma.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 14th 2023. Valid for: a year.

This is the only time www.cyfirma.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 82	2606:4700:10:... 2606:4700:10::6816:189e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700::68... 2606:4700::6811:3b8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.244.18.101 18.244.18.101	16509 (AMAZON-02) (AMAZON-02)
3	104.16.87.20 104.16.87.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	142.250.74.196 142.250.74.196	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7edd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:1ec:bdf::62 2620:1ec:bdf::62	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	142.250.185.232 142.250.185.232	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	52.167.85.21 52.167.85.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a01:4f8:202:... 2a01:4f8:202:5466::4	24940 (HETZNER-AS) (HETZNER-AS)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
117	23

82 2606:4700:10::6816:189e (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.cyfirma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
beta05.cyfirma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:3b8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.18.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-101.fra56.r.cloudfront.net

in.fw-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.87.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.196 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7edd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::62 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.167.85.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

i.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4f8:202:5466::4 (Ehingen, Germany)

ASN24940 (HETZNER-AS, DE)

moderate10.cleantalk.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	cyfirma.com 2 redirects www.cyfirma.com beta05.cyfirma.com	3 MB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 744 i.clarity.ms — Cisco Umbrella Rank: 5954 c.clarity.ms — Cisco Umbrella Rank: 1368	28 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 320 www.linkedin.com — Cisco Umbrella Rank: 581 px4.ads.linkedin.com — Cisco Umbrella Rank: 6476	3 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	501 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	232 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35 region1.google-analytics.com — Cisco Umbrella Rank: 2709	21 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 332	36 KB
3	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 4983 cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	32 KB
2	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 3274	1 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 234	762 B
1	cleantalk.org moderate10.cleantalk.org — Cisco Umbrella Rank: 711561	264 B
1	google.de www.google.de — Cisco Umbrella Rank: 7528	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 96	254 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 811	17 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 38	900 B
1	fw-cdn.com in.fw-cdn.com — Cisco Umbrella Rank: 156362	86 KB
117	16

	Domain	Requested by
63	www.cyfirma.com	2 redirects www.cyfirma.com
19	beta05.cyfirma.com	www.cyfirma.com
6	www.googletagmanager.com	www.cyfirma.com www.googletagmanager.com www.google-analytics.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	fonts.gstatic.com	fonts.googleapis.com
3	i.clarity.ms	www.clarity.ms
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	cdn.jsdelivr.net	www.cyfirma.com
2	c.clarity.ms	1 redirects
2	www.clarity.ms	www.cyfirma.com www.clarity.ms
2	challenges.cloudflare.com	1 redirects www.cyfirma.com
1	c.bing.com	1 redirects
1	moderate10.cleantalk.org	www.cyfirma.com
1	region1.google-analytics.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.cyfirma.com
1	www.linkedin.com	1 redirects
1	www.google.de	www.cyfirma.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	fonts.googleapis.com	www.cyfirma.com
1	www.google.com	www.cyfirma.com
1	cdnjs.cloudflare.com	www.cyfirma.com
1	in.fw-cdn.com	www.cyfirma.com
117	25

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-14` - `2024-05-13`	a year	crt.sh
*.fw-cdn.com Amazon RSA 2048 M02	`2023-12-24` - `2025-01-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
beta05.cyfirma.com E1	`2024-02-20` - `2024-05-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.cleantalk.org Sectigo RSA Domain Validation Secure Server CA	`2023-09-07` - `2024-09-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
Frame ID: A248278B4F1BE747631282F1CCA69AF7
Requests: 117 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CosmicDuke Malware Analysis - CYFIRMA

Page URL History Show full URLs

https://www.cyfirma.com/outofband/cosmicduke-malware-analysis/' HTTP 301
https://www.cyfirma.com/outofband/cosmicduke-malware-analysis/ HTTP 301
https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

particles.js (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

/particles(?:\.min)?\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

117
Requests

97 %
HTTPS

61 %
IPv6

16
Domains

25
Subdomains

23
IPs

5
Countries

4081 kB
Transfer

6850 kB
Size

28
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer.php?u=https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=%27https://www.cyfirma.com/research/cosmicduke-malware-analysis/%27&text=CosmicDuke-Malware-Analysis

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.cyfirma.com/research/cosmicduke-malware-analysis/&title=CosmicDuke-Malware-Analysis&source=https://www.cyfirma.com

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyfirma/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cyfirma/

Search URL Search Domain Scan URL

URL: https://twitter.com/cyfirma?lang=en

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cyfirma.com/outofband/cosmicduke-malware-analysis/' HTTP 301
https://www.cyfirma.com/outofband/cosmicduke-malware-analysis/ HTTP 301
https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://challenges.cloudflare.com/turnstile/v0/api.js HTTP 302
https://challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/api.js

Request Chain 105

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4091476%26time%3D1712149163700%26li_adsId%3D531d129a-9304-4f02-8094-bc2cc7b5eb74%26url%3Dhttps%253A%252F%252Fwww.cyfirma.com%252Fresearch%252Fcosmicduke-malware-analysis%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQL4-xMdQt_qHQAAAY6kCvFe4zti9A83NeopMO-gbzRQJbEFkO5px0vrYGb6ADjMwA

Request Chain 113

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=57346362EB9C40FD88A87EA32585D8B1&RedC=c.clarity.ms&MXFR=3E78EADA5CF76EFC373AFE8C58F76002 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=57346362EB9C40FD88A87EA32585D8B1&MUID=341D86F51A3861090E5492A31B94602A

117 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.cyfirma.com/research/cosmicduke-malware-analysis/
Redirect Chain

https://www.cyfirma.com/outofband/cosmicduke-malware-analysis/'
https://www.cyfirma.com/outofband/cosmicduke-malware-analysis/
https://www.cyfirma.com/research/cosmicduke-malware-analysis/

112 KB
33 KB

1616ms
1616ms

Document
text/html

2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8923b419e4c8664c907336088b47b301a9117ae7ccd572153901aa5fefaca506

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.cyfirma.com/
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 86e93c417b928c40-FRA
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
content-type: text/html; charset=UTF-8
date: Wed, 03 Apr 2024 12:59:22 GMT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://www.cyfirma.com/wp-json/>; rel="https://api.w.org/" <https://www.cyfirma.com/wp-json/wp/v2/out-of-band/13780>; rel="alternate"; type="application/json" <https://www.cyfirma.com/?p=13780>; rel=shortlink
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-origin: https://www.cyfirma.com/
cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 86e93c3859f28c40-FRA
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
content-type: text/html; charset=UTF-8
date: Wed, 03 Apr 2024 12:59:21 GMT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
expires: Wed, 03 Apr 2024 13:59:20 GMT
location: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
pragma: no-cache
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY
x-redirect-by: WordPress
x-xss-protection: 1; mode=block

GET
H2

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js
https://challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/api.js

39 KB
13 KB

34ms
30ms

Script
application/javascript

2606:4700::6811:3b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/api.js
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
Protocol: H2
Server: 2606:4700::6811:3b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2e584d67a5b1a868363ed5e83a72ea6bc2cad8a052f64583d0fe95e7fa36e97

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
cf-ray: 86e93c4beac7bb7d-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 03 Apr 2024 12:59:22 GMT
server: cloudflare
vary: Accept-Encoding
location: /turnstile/v0/g/dc6b543c1346/api.js
access-control-allow-origin: *
cache-control: max-age=300, public
cross-origin-resource-policy: cross-origin
cf-ray: 86e93c4bba9bbb7d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 164635.js Show response
in.fw-cdn.com/30284536/ 342 KB
86 KB 572ms
518ms Script
text/javascript 18.244.18.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.fw-cdn.com/30284536/164635.js
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.18.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-18-101.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2fbb1317e09b00ee140f43e416c854d5f3706c122c18653259a8fe63ef94119a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: oBH3aQRn4N0qPuazSvE_AiTRofZ36goT
content-encoding: br
via: 1.1 0be2062deeede74cb37dc047454ddbce.cloudfront.net (CloudFront)
date: Wed, 03 Apr 2024 12:59:24 GMT
last-modified: Wed, 06 Dec 2023 13:30:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P11
x-amz-server-side-encryption: AES256
etag: W/"1661cf6955e0e6b995aae4d07565f97d"
vary: Accept-Encoding, Origin
x-cache: RefreshHit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=120
x-amz-cf-id: HJmR9bHKeAB4pL6UrqTRr1gTTkcENCcQ8QPHc6E77cMytFNj_-NILg==

GET
H2 200 style.min.css
www.cyfirma.com/my_includes/css/dist/block-library/ 108 KB
14 KB 36ms
32ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/my_includes/css/dist/block-library/style.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 14501
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:33:48 GMT
server: cloudflare
etag: "1ae43-610b7775e6b00-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4b9eba8c40-FRA

GET
H2 200 styles.css
www.cyfirma.com/apps/contact-form-7/includes/css/ 3 KB
1 KB 29ms
25ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7/includes/css/styles.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 1015
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:44:13 GMT
server: cloudflare
etag: "b4e-610b79c9f2940-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4b9ebc8c40-FRA

GET
H2 200 wpcf7-redirect-frontend.min.css
www.cyfirma.com/apps/wpcf7-redirect/build/css/ 316 B
233 B 43ms
40ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c0647c53dde19cd56b2dfd0626db41f3db20c92984e1e6a4d469c19e4823adf

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 124
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:14:53 GMT
server: cloudflare
etag: "13c-610b733b7b140-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4b9ebe8c40-FRA

GET
H2 200 cleantalk-public.min.css
www.cyfirma.com/apps/cleantalk-spam-protect/css/ 2 KB
878 B 32ms
28ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/cleantalk-spam-protect/css/cleantalk-public.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f2c1f098f7a28dbab913d292da562c06b45d6495ec9a60e6cbc6b99564ef5e4

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 768
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Mar 2024 09:12:14 GMT
server: cloudflare
etag: "876-61295c58c5780-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4b9ec08c40-FRA

GET
H2 200 cf7msm.css
www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/ 99 B
247 B 27ms
24ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/cf7msm.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

503f9aa8675e396e6feec3369148a12f5c863c5068d573e72a3f2f4d217ac0d3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 107
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:12:42 GMT
server: cloudflare
etag: "63-610b72be8ca80-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4b9ec28c40-FRA

GET
H2 200 style.min.css
www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 2 KB
645 B 30ms
27ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/style.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aeb9107928bb523947c28e17358efb50a07b942e15ed0a72259a5794ea2ca96

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 535
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 13:50:19 GMT
server: cloudflare
etag: "6b4-610b6dbdc3cc0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4b9ec48c40-FRA

GET
H2 200 uacf7-frontend.css
www.cyfirma.com/apps/ultimate-addons-for-contact-form-7/assets/css/ 72 B
200 B 38ms
35ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/ultimate-addons-for-contact-form-7/assets/css/uacf7-frontend.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb159f0e64f868842c4076aa1bad566f788936364cd8766e60e63c61f7b5d88e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 92
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Mar 2024 09:12:35 GMT
server: cloudflare
etag: "48-61295c6ccc6c0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4b9ec58c40-FRA

GET
H3 200 font-awesome.min.css
cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/ 30 KB
7 KB 36ms
25ms Stylesheet
text/css 104.16.87.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/font-awesome.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1800993
x-jsd-version: 4.7.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220042-FRA, cache-lga21983-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"7918-USx9eQM+MCipvmG1QM8aaHDIlvg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d3MzVfOPIT%2Be1FzyXYyTTH34j93dcfdHhic4FTGk9L6XyiVv6c%2BRSsFu7yCAtjA9566RncQx8cINuUxFwhbmmKuj6OYrxbV%2Fhg6ZdyPK5shWU9hYxi908S2iWKw%2Bsbe%2F8yc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 86e93c4baf589733-FRA

GET
H3 200 all.min.css
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/ 58 KB
13 KB 51ms
39ms Stylesheet
text/css 104.16.87.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/all.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1796359
x-jsd-version: 5.15.4
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230072-FRA, cache-lga21971-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"e7a9-pX7mjRFgGw/Y5QN/wkH/ZadURzw"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=74flbK7BTSxZJGUVbUJTGip5J9TCzGBRZMem4mOpuIrcMav6Zw0paW73d31qtu0eyt%2FIzFhlLFmxX0LpLWdikmerGUyzd%2BrDzJk%2FA4tIlUS1cAuZPjYerFnt%2F4E9nFDjPFU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 86e93c4baf5a9733-FRA

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/ 99 KB
19 KB 24ms
14ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 995632
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 18688
last-modified: Tue, 30 Aug 2022 20:09:06 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "630e6e62-4900"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pBM5SGBF%2FrgpvG6zpNr8yqFICDPBQwH85dBwg%2BVgLG4dB9I4y%2BeF%2Fbqlv3x%2F3s%2BNyHGd%2FDg7THzjbaxHNp7LbD839sJ6gLio75yFuerFvdzZzdnnZ%2BvBL57IF2SA6UP7Xob4A3IR"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 86e93c4bad883686-FRA
expires: Mon, 24 Mar 2025 12:59:22 GMT

GET
H3 200 remixicon.css
cdn.jsdelivr.net/npm/remixicon@3.2.0/fonts/ 117 KB
16 KB 29ms
18ms Stylesheet
text/css 104.16.87.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/remixicon@3.2.0/fonts/remixicon.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f317ff168377c5b94d740f17e27e8859d4f89abd2ff2416c0041684adcfa1004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1791486
x-jsd-version: 3.2.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230069-FRA, cache-lga21936-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"1d55c-0a0+Yx2s2C7k3XacPCH2+Iflc94"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JykoekPJIA5R%2B5vLGnBfkUqpC%2BhH7C%2BFKUzorIfQp9rZyEpJN3h4Tx3%2BYQe1IybynUkOp19NogRlI%2FQ289QdAGL2st3ISrXXzqUJigEdTZKVpVm546ISzMSyM6X1k%2FIQWg0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 86e93c4baf559733-FRA

GET
H2 200 skin.css
www.cyfirma.com/template/ 0
61 B 52ms
49ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/skin.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2228
content-length: 0
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "0-5e56a3f9b7500"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baec88c40-FRA

GET
H2 200 blocks.css
www.cyfirma.com/template/assets/css/ 8 KB
2 KB 37ms
34ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/blocks.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

738d4cf265345f71cce17d9a69eb8f20df5de1fa2a6e5be1c6ca76824cf8745a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 1447
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "1e35-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baeca8c40-FRA

GET
H2 200 bootstrap.min.css
www.cyfirma.com/template/assets/css/ 156 KB
23 KB 34ms
31ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/bootstrap.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 23649
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "26eee-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baecd8c40-FRA

GET
H2 200 fontawesome.min.css
www.cyfirma.com/template/assets/css/ 55 KB
12 KB 32ms
29ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/fontawesome.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

425a515894a7215256e54706cc640acbb4fb34fd17eb29b374846d8b106e6f8e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 12157
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "da62-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baece8c40-FRA

GET
H2 200 all.css
www.cyfirma.com/template/assets/css/ 77 KB
16 KB 41ms
39ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/all.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4948aa9fd1875b6f894bf7ac085914baf38bc27d8b0699864a849c7b7f233ca7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 16190
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "135ba-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baecf8c40-FRA

GET
H2 200 jquery.fancybox.css
www.cyfirma.com/template/assets/css/ 14 KB
4 KB 39ms
37ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/jquery.fancybox.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cf8b2588497dcd12fa96a75731c6ec327491f8d55f18da0af72b70afa6713af

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 3486
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "382f-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baed28c40-FRA

GET
H2 200 slick.css
www.cyfirma.com/template/assets/css/ 1 KB
577 B 32ms
30ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/slick.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c1f806310322c848c4c996ca568a03b3b16cf9487cbccf09aef3cf17e2c643d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 490
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "534-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baed48c40-FRA

GET
H2 200 jquery.mCustomScrollbar.css
www.cyfirma.com/template/assets/css/ 42 KB
4 KB 100ms
98ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/jquery.mCustomScrollbar.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40790d44e3deecffafb17b8cdd23a754eabb0faee9c6dfeb3a3b7b17c2fbaa6a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 3989
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "a8a2-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baed78c40-FRA

GET
H2 200 custom-style.css
www.cyfirma.com/template/assets/css/ 80 KB
15 KB 46ms
44ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.60

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f440edf6913d74304304e6683667a8688721562b495feb3c33420a4f0f7d515

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 15729
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Mar 2024 16:07:41 GMT
server: cloudflare
etag: "14127-612d7ecd64d40-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baed98c40-FRA

GET
H2 200 new-custom-style.css
www.cyfirma.com/template/assets/css/ 257 B
254 B 31ms
30ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/new-custom-style.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8e5aea71b92d5bc2e05586277048d2b3b558e75aa7df216a28e4b77bceecc8d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 145
x-xss-protection: 1; mode=block
last-modified: Mon, 05 Sep 2022 12:51:37 GMT
server: cloudflare
etag: "101-5e7ed8a4b2840-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baeda8c40-FRA

GET
H2 200 responsive.css
www.cyfirma.com/template/assets/css/ 37 KB
8 KB 48ms
46ms Stylesheet
text/css 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/responsive.css?v=12.14

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

734eb66ec42044d294644d6e06b73eb7723ec74db2f6dd89c5bc98f0775695cf

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 7610
x-xss-protection: 1; mode=block
last-modified: Tue, 05 Mar 2024 09:52:16 GMT
server: cloudflare
etag: "93da-612e6cc157400-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baedc8c40-FRA

GET
H2 200 jquery.min.js Show response
www.cyfirma.com/template/assets/js/ 87 KB
30 KB 46ms
45ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 30910
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "15d84-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baede8c40-FRA

GET
H2 200 devtools-detect.js Show response
www.cyfirma.com/apps/wp-hide-security-enhancer/assets/js/ 1 KB
686 B 37ms
36ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/wp-hide-security-enhancer/assets/js/devtools-detect.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa4c3d21c2a86169948b5acc1bf4a8589bd4898c5bca6f46a20ae8727b30179

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 536
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:16:11 GMT
server: cloudflare
etag: "59f-610b7385de0c0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baedf8c40-FRA

GET
H2 200 apbct-public-bundle.min.js Show response
www.cyfirma.com/apps/cleantalk-spam-protect/js/ 68 KB
17 KB 42ms
40ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/cleantalk-spam-protect/js/apbct-public-bundle.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b70afed08e44bc1907904f7e27c6bdd98b8808d18295b603fa173aecbf3a6964

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 17668
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Mar 2024 09:12:14 GMT
server: cloudflare
etag: "1107a-61295c58c5780-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baee18c40-FRA

GET
H2 200 script.min.js Show response
www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 409 B
365 B 39ms
37ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/script.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7bb442b06bfb13ecfee3c3ec2b6b19440a33e080ca9378f8d6f161281bd01ed

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 274
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 13:50:19 GMT
server: cloudflare
etag: "199-610b6dbdc3cc0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baee38c40-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 197 KB
71 KB 154ms
69ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-80179732-4

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

afeaafb4379950052a66395e6a3c04e1292c01be1f9b6c74cb448039be290da6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73037
x-xss-protection: 0
last-modified: Wed, 03 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Apr 2024 12:59:23 GMT

GET
H2 200 CyfirmaLogoWhite.svg
www.cyfirma.com/media/2022/08/ 18 KB
7 KB 43ms
42ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/CyfirmaLogoWhite.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07ce60e24df059952c6c4f6a82cdb94603280a563a2c2e467f71dc712d0892a7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2228
x-xss-protection: 1; mode=block
last-modified: Mon, 08 Aug 2022 05:08:58 GMT
server: cloudflare
etag: W/"465e-5e5b3d02bee80"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4baee48c40-FRA

GET
H2 200 selfassessment.png
www.cyfirma.com/media/2024/03/ 2 KB
2 KB 44ms
43ms Image
image/png 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/selfassessment.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f0bf6c7c4247fa5a2100058e45c6fe238c225fd1b73233a7dc30281c521926c

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2228
content-length: 1700
x-xss-protection: 1; mode=block
last-modified: Sat, 16 Mar 2024 08:59:56 GMT
server: cloudflare
etag: "6a4-613c359382490"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4baee58c40-FRA

GET
H2 200 en.png
www.cyfirma.com/media/flags/ 1012 B
1 KB 27ms
21ms Image
image/png 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/flags/en.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b82368a28809e066c7a394775e69bc6ce1ca857317222b8b0ea4ffe53ae5b5f3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2229
content-length: 1012
x-xss-protection: 1; mode=block
last-modified: Fri, 23 Sep 2022 07:10:14 GMT
server: cloudflare
etag: "3f4-5e952de8e2180"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fcb568c40-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-fe-1.jpg
www.cyfirma.com/media/2022/10/ 575 KB
576 KB 1440ms
1435ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/10/CosmicDukeMalwareAnalysis27Aug2022-fe-1.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb29e39d9917d6ff545bc0c2c31ebc6b478664309178f7ed82da046caf6d2c0f

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 588642
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 07:59:19 GMT
server: cloudflare
etag: "8fb62-5eafa00c223c0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4bef228c40-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-1.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 58 KB
59 KB 851ms
636ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-1.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9a165e6df0822efa90d6dd86806a9c090b78863a4167c2d6e2c97e870362391

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 59471
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:03:58 GMT
server: cloudflare
etag: "e84f-5eafbbe941502"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4cff6c35fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-2.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 77 KB
77 KB 660ms
654ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-2.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02abbc042e9fa3908c036564fd470902e5be05dddfe17d8265f662a49ba39bde

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 78727
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:04:03 GMT
server: cloudflare
etag: "13387-5eafbbed71923"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca3d35fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-3.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 313 KB
314 KB 2950ms
2944ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-3.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7395c811c0079171a777baa56abfbdb5b912807bf11c8b7212b6489003e04307

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:26 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 320668
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:04:20 GMT
server: cloudflare
etag: "4e49c-5eafbbfe83a83"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca3e35fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-4.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 15 KB
15 KB 516ms
510ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-4.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4319403a5fb2c6d8ead8fefad5370fac31ebf65f447aaaf810100129bc373c18

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 15734
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:04:25 GMT
server: cloudflare
etag: "3d76-5eafbc034183f"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca4035fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-5.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 122 KB
122 KB 649ms
643ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-5.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ff2c9e2f3c7e90edd5cbce389f57806f5f20b8d2e00f1503766ff438469470a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 124731
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:04:43 GMT
server: cloudflare
etag: "1e73b-5eafbc13d4a63"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca4235fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-6.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 45 KB
46 KB 908ms
903ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-6.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1144e8a1e8ebadaf6f5b5725b753bf9c704c8bab459d07878d93da7c80a6046

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 46490
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:34 GMT
server: cloudflare
etag: "b59a-5eafbc4522a4a"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca4435fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-7.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 131 KB
131 KB 663ms
658ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-7.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

773ce3c2e4dac8aab2d726f03cb53c9e9bd192981b7b7cb8e7d3e160fd97a562

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 134007
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:40 GMT
server: cloudflare
etag: "20b77-5eafbc4adc746"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca4535fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-8.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 192 KB
193 KB 1908ms
1903ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-8.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5d1ab29b4db88b7a272c5f21f745e82ac8da845c0de88c126e53991c775892a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:25 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 196466
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:45 GMT
server: cloudflare
etag: "2ff72-5eafbc4ebaaee"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca4735fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-9.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 32 KB
32 KB 527ms
522ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-9.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7fdaf38cb5b61dc1c6aa4ebc2270efd5c7caeb9ffc26017272f902e6ad07f899

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 33110
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:46 GMT
server: cloudflare
etag: "8156-5eafbc504e004"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca4935fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-10.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 36 KB
36 KB 524ms
519ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-10.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3a3abafb3feeb073411dfd60890e6dfbe2e42bdf5557fbaf0044e528a4c4e3e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 36753
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:49 GMT
server: cloudflare
etag: "8f91-5eafbc52db514"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca4a35fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-11.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 61 KB
61 KB 666ms
661ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-11.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b8dfcf33ce7eeaac56a5eb424781ab10e383db86314b195f568acc61fec3f16

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 62058
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:50 GMT
server: cloudflare
etag: "f26a-5eafbc542852c"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca4b35fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-12.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 74 KB
74 KB 1906ms
1901ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-12.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff92fb3496d6674df076843447fef6e881d41a8db9e41d5b52ffce80185bc17d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:25 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 75428
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:52 GMT
server: cloudflare
etag: "126a4-5eafbc56399df"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca5135fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-13.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 86 KB
87 KB 2946ms
2941ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-13.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df3b87a847789de9079b37932722e12ab2e868ac4e64a5ab13d1e22905d67ccd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:26 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 88381
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:55 GMT
server: cloudflare
etag: "1593d-5eafbc585a892"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca5235fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-14.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 70 KB
70 KB 660ms
656ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-14.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8abb2fc8999a29631175acd7bbe2c32c3e955189013f2280607090d5213f46ba

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 71462
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:56 GMT
server: cloudflare
etag: "11726-5eafbc59e9f28"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca5435fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-15.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 71 KB
71 KB 636ms
632ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-15.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

531d54b0a13396e41b2d0bd6338d03830ec2349d28a681b0838f2acbf134d255

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 72846
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:05:59 GMT
server: cloudflare
etag: "11c8e-5eafbc5c8db98"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca5635fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-16.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 61 KB
61 KB 3917ms
3912ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-16.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b706803296305c6ad67535ffeda65e61a7cc85724865d84ec850a99981ffbe2

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:27 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 62727
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:06:00 GMT
server: cloudflare
etag: "f507-5eafbc5dc4450"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca5835fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-17.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 118 KB
119 KB 3952ms
3948ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-17.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23d41ad24253295ba1183df47a908dee1985d8bce88c27b216da890ddd9f3e3a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:27 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 121273
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:06:03 GMT
server: cloudflare
etag: "1d9b9-5eafbc60363e1"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca5b35fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-18.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 53 KB
54 KB 3941ms
3937ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-18.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea057af1a737b4f0d108831bdc5de7617f55a5e74de56ad7f85f01e1d4020cb2

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:27 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 54638
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:06:04 GMT
server: cloudflare
etag: "d56e-5eafbc61833f9"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca5c35fe-FRA

GET
H2 200 CosmicDukeMalwareAnalysis27Aug2022-19.jpg
beta05.cyfirma.com/wp-content/uploads/2022/10/ 88 KB
88 KB 2933ms
2929ms Image
image/jpeg 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beta05.cyfirma.com/wp-content/uploads/2022/10/CosmicDukeMalwareAnalysis27Aug2022-19.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b1e23677bd4f08ecc320c5d24120e37c201893662f1735a227e40b9e294dff3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:26 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 90379
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Oct 2022 10:06:07 GMT
server: cloudflare
etag: "1610b-5eafbc6456e07"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *.cyfirma.com
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fca5e35fe-FRA

GET
H2 200 linkedin-in.svg
www.cyfirma.com/media/2024/03/ 692 B
588 B 27ms
23ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/linkedin-in.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc3b59c278627cdb29d8975817ed927204ced9233e8776df01625d775637d226

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Mar 2024 07:22:07 GMT
server: cloudflare
etag: W/"2b4-6149f439e8de0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fcb5b8c40-FRA

GET
H2 200 facebook-f.svg
www.cyfirma.com/media/2024/03/ 563 B
521 B 26ms
22ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/facebook-f.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a11f55caea154cdc5bb990fbc8cfcca5bacdde16cc1fb7bcd6d594576d65a812

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Mar 2024 07:22:05 GMT
server: cloudflare
etag: W/"233-6149f4381b710"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fcb5c8c40-FRA

GET
H2 200 x-twitter.svg
www.cyfirma.com/media/2024/03/ 564 B
525 B 24ms
20ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/x-twitter.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3eede500590266592b52e0bb9b9ce990674d3c692e6291f19fa2ed2973789cd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Mar 2024 07:22:02 GMT
server: cloudflare
etag: W/"234-6149f435ee8e8"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fcb5d8c40-FRA

GET
H2 200 Singapore.svg
www.cyfirma.com/media/2022/08/ 2 KB
752 B 65ms
61ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/Singapore.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c57362794ada29200eaf4fe57394ee81787ad537dc2bf73eae86954954b9beb3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Aug 2022 06:44:58 GMT
server: cloudflare
etag: W/"637-5e6cec945ce80"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fcb5e8c40-FRA

GET
H2 200 IN.svg
www.cyfirma.com/media/2022/08/ 1 KB
647 B 27ms
24ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/IN.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2134b4b272bc464e6e24c4349d5ad4b2046234f8dc1291e8127e4c52d6c1723

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Aug 2022 06:44:58 GMT
server: cloudflare
etag: W/"566-5e6cec945ce80"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fcb5f8c40-FRA

GET
H2 200 JP.svg
www.cyfirma.com/media/2022/08/ 459 B
745 B 25ms
21ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/JP.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4ca6310bab0846e407ba41ba9664c5a1e35ec39abaf980849ea7eb101416499

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Aug 2022 06:44:58 GMT
server: cloudflare
etag: W/"1cb-5e6cec945ce80"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fcb608c40-FRA

GET
H2 200 US.svg
www.cyfirma.com/media/2022/08/ 2 KB
1 KB 33ms
30ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/US.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84cc57d3cc87630aa3180ee548f38d33ea73969ff46765d7446e07df029abfd3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Aug 2022 06:44:59 GMT
server: cloudflare
etag: W/"8be-5e6cec95510c0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fcb618c40-FRA

GET
H2 200 DE.svg
www.cyfirma.com/media/2022/08/ 882 B
521 B 40ms
37ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/DE.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5d082a8a8042007ac2f3b4e5e0eee1f0b24d8d5c1fbf304275ef72d87a11d07

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Aug 2022 06:44:59 GMT
server: cloudflare
etag: W/"372-5e6cec95510c0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fdb6f8c40-FRA

GET
H2 200 KR.svg
www.cyfirma.com/media/2024/03/ 3 KB
1 KB 31ms
28ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/KR.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

759975539752ee86c2b252c115886ddf8ec8b9eaefd05dfb858db0f8f4a042a5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Sat, 16 Mar 2024 16:28:07 GMT
server: cloudflare
etag: W/"b80-613c99c0290c0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fdb718c40-FRA

GET
H2 200 AU.svg
www.cyfirma.com/media/2024/03/ 3 KB
1 KB 35ms
32ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/AU.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b905e0fbcc7a6ad1c69672ccd6782c66b23f9393b79de7b58f24eb631cc1dccf

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Sat, 16 Mar 2024 16:28:00 GMT
server: cloudflare
etag: W/"b3c-613c99b9c3d70"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fdb728c40-FRA

GET
H2 200 TW.svg
www.cyfirma.com/media/2024/03/ 1 KB
741 B 40ms
37ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/TW.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b37d315dcea0fbeea45df259f6e857e674da51c9618efc9928b6cd5205189da

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Sat, 16 Mar 2024 16:28:04 GMT
server: cloudflare
etag: W/"599-613c99bdda3a0"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fdb738c40-FRA

GET
H2 200 VN.svg
www.cyfirma.com/media/2024/03/ 663 B
491 B 38ms
35ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/VN.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dcab65b9993e052b1144e982a61f761add74cd404b717830a3449d7f2d4c522

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Sat, 16 Mar 2024 16:27:58 GMT
server: cloudflare
etag: W/"297-613c99b857568"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fdb758c40-FRA

GET
H2 200 AE.svg
www.cyfirma.com/media/2024/03/ 961 B
580 B 34ms
31ms Image
image/svg+xml 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/AE.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a98855ff9dd707b642bd4510039182325edbd4a1bf745eccde5a0a1d15b5b783

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2229
x-xss-protection: 1; mode=block
last-modified: Sat, 16 Mar 2024 16:28:02 GMT
server: cloudflare
etag: W/"3c1-613c99bbfbf48"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=28800
cf-ray: 86e93c4fdb778c40-FRA

GET
H2 200 iso-27001.png
www.cyfirma.com/media/2023/12/ 51 KB
51 KB 40ms
37ms Image
image/png 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2023/12/iso-27001.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86e08c2b8e9027640e44408d0840e35f8d3ea353352aeed3aa390f78ad96d23b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2229
content-length: 51921
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Dec 2023 11:57:37 GMT
server: cloudflare
etag: "cad1-60d909f2bee20"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fdb788c40-FRA

GET
H2 200 eugdpr.png
www.cyfirma.com/media/2024/02/ 78 KB
78 KB 36ms
34ms Image
image/png 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/02/eugdpr.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4e4572b48ee33a09c5296563555166ea2bedc103f79e046748d39ab86dc8591

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2229
content-length: 79413
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Feb 2024 03:36:17 GMT
server: cloudflare
etag: "13635-61049b2b42398"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fdb798c40-FRA

GET
H2 200 iso4001-w.png
www.cyfirma.com/media/2024/02/ 16 KB
16 KB 35ms
33ms Image
image/png 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/02/iso4001-w.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

108def0528b188d78212d66957bd99f7bef9309a3e697f78c8a0255fa10fec87

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2229
content-length: 16151
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Feb 2024 04:16:15 GMT
server: cloudflare
etag: "3f17-6104a41a5a130"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fdb7b8c40-FRA

GET
H2 200 index.js Show response
www.cyfirma.com/apps/contact-form-7/includes/swv/js/ 11 KB
4 KB 26ms
22ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7/includes/swv/js/index.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 3212
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:44:13 GMT
server: cloudflare
etag: "2b6d-610b79c9f2940-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4bef238c40-FRA

GET
H2 200 index.js Show response
www.cyfirma.com/apps/contact-form-7/includes/js/ 13 KB
4 KB 20ms
20ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7/includes/js/index.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 4191
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:44:13 GMT
server: cloudflare
etag: "337e-610b79c9f2940-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4c1f628c40-FRA

GET
H2 200 wpcf7r-fe.js Show response
www.cyfirma.com/apps/wpcf7-redirect/build/js/ 8 KB
2 KB 21ms
21ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/wpcf7-redirect/build/js/wpcf7r-fe.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecac4fc801141ce552220be4bb12969e2ee625e2cf08cf0edbac579a279b28f1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 4604
content-length: 1617
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:14:53 GMT
server: cloudflare
etag: "1f8a-610b733b7b140-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4c3f878c40-FRA

GET
H2 200 cf7msm.min.js Show response
www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/ 5 KB
2 KB 20ms
20ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/cf7msm.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cba79732c9d0e64aa7a033590990e73fe8bbf3da12e72a0376cd68aeda1acbfb

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 2020
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:12:42 GMT
server: cloudflare
etag: "1457-610b72be8ca80-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4c5fb38c40-FRA

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
883 B 97ms
17ms Script
text/javascript 142.250.74.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.196 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f4.1e100.net

Software

GSE /

Resource Hash

77a602c28abf68cd5867c3346688578baa388fe47cd0374d900a98cdecd7fbb0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 03 Apr 2024 12:59:23 GMT

GET
H2 200 particles.js Show response
www.cyfirma.com/template/assets/js/ 22 KB
6 KB 31ms
30ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/particles.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b336cf8710d8097c7de836d5534ff7c803b00c260c9500a4cb4b95f1905230c1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2228
content-length: 5721
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "591e-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4c8fe18c40-FRA

GET
H2 200 jquery.matchHeight-min.js Show response
www.cyfirma.com/template/assets/js/ 3 KB
1 KB 21ms
20ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.matchHeight-min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63ab9a2fb6fb65ca5debaa8686408bab41a073db2d5abcf0db248279d944ac51

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 4606
content-length: 1372
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "d29-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4cb80e8c40-FRA

GET
H2 200 bootstrap.min.js Show response
www.cyfirma.com/template/assets/js/ 58 KB
15 KB 28ms
28ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/bootstrap.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

974e81270e14d0829929fe7cf9e20bd0ad6c651a6c4203b6799740b970174a52

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2229
content-length: 15406
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "e6b4-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4cd8318c40-FRA

GET
H2 200 jquery.custom-scroll.min.js Show response
www.cyfirma.com/template/assets/js/ 44 KB
13 KB 27ms
27ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.custom-scroll.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd8027b53a97cbd5782e85c5908e563c39776703ff9279f50658e630927b4167

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2229
content-length: 12940
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "b1a7-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4d08a78c40-FRA

GET
H2 200 jquery.fancybox.js Show response
www.cyfirma.com/template/assets/js/ 60 KB
19 KB 23ms
23ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.fancybox.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

539f5ac9dfd20b0944a5dcbf121289df379e4197e9263006b96b931c7bc18c5b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2229
content-length: 19666
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "f154-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4d38cc8c40-FRA

GET
H2 200 slick.js Show response
www.cyfirma.com/template/assets/js/ 42 KB
10 KB 21ms
21ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/slick.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e55b451621a060d376f1b31af3b370ea3d65ab7532ca82e875e52882deefbae

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2229
content-length: 10485
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "a88a-5e56a3f9b7500-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4d68ee8c40-FRA

GET
H2 200 custom.js Show response
www.cyfirma.com/template/assets/js/ 5 KB
1 KB 23ms
23ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/custom.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

290dc8deb77632ee52a3e08c01def62f5fb715b5c85fbc4afaa99a3c8b4d1a4e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 2229
content-length: 1318
x-xss-protection: 1; mode=block
last-modified: Wed, 14 Sep 2022 12:15:07 GMT
server: cloudflare
etag: "144a-5e8a21454c8c0-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4d89128c40-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 243 KB
80 KB 107ms
26ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

08d5a31905fcea7c4470ef2dff074e2af72a8b9731cf50a66be43934ef2715d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81985
x-xss-protection: 0
last-modified: Wed, 03 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Apr 2024 12:59:23 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
900 B 45ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.60

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0817e1810c8de83ebc932bde0bd8094fb48bf0ecc906b8bef8caa5b9ad5b1fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 Apr 2024 12:54:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Apr 2024 12:59:23 GMT

GET
BLOB 200
OK ba92707b-94ad-4922-8e41-e8fe1e9838a4
https://www.cyfirma.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.cyfirma.com/ba92707b-94ad-4922-8e41-e8fe1e9838a4
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 404 footerbg.png
www.cyfirma.com/template/assets/media/2022/09/ 64 KB
64 KB 2981ms
2981ms Image
text/html 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/template/assets/media/2022/09/footerbg.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.60

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1f4a0435d192e1649695b99ae67b2e38b6de6564f4a769b1b079cffe93205d1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.60
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:26 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: EXPIRED
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.cyfirma.com/
cache-control: max-age=28800, must-revalidate
cf-ray: 86e93c4fdb7c8c40-FRA
link: <https://www.cyfirma.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 83ms
11ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f0c572590421075878908e0b380c5a6d404f72aa7d6d125385943be658f8399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.cyfirma.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 02:30:17 GMT
x-content-type-options: nosniff
age: 383346
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7932
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Mar 2025 02:30:17 GMT

GET
H2 200 fa-light-300.woff2
www.cyfirma.com/template/assets/fonts/ 153 KB
154 KB 28ms
25ms Font
font/woff2 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/fonts/fa-light-300.woff2

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99bbc5cbd07c3d36c28f1a02bc0f1e7e7f3f4423ec93f07a13ffc884b8aa1a34

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/template/assets/css/all.css
Origin: https://www.cyfirma.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1269
content-length: 156980
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "26534-5e56a3f9b7500"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fdb7e8c40-FRA

GET
H2 200 fa-solid-900.woff2
www.cyfirma.com/template/assets/fonts/ 115 KB
115 KB 30ms
28ms Font
font/woff2 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/fonts/fa-solid-900.woff2

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47c58e41e2f38d9813c39b6641c96e12408522bf774779cb58973f67303875a7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/template/assets/css/all.css
Origin: https://www.cyfirma.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1270
content-length: 117616
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "1cb70-5e56a3f9b7500"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fdb808c40-FRA

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 86ms
14ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.cyfirma.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 10:16:37 GMT
x-content-type-options: nosniff
age: 355366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:02:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Mar 2025 10:16:37 GMT

GET
H2 200 fa-brands-400.woff2
www.cyfirma.com/template/assets/fonts/ 70 KB
71 KB 30ms
27ms Font
font/woff2 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/fonts/fa-brands-400.woff2

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3eb2d0caf3502359966882d146b1a75e34bf933cbdace1c286395ea3fd1f567

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/template/assets/css/all.css
Origin: https://www.cyfirma.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1269
content-length: 72124
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
server: cloudflare
etag: "119bc-5e56a3f9b7500"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4fdb818c40-FRA

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 79ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.cyfirma.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 13:26:32 GMT
x-content-type-options: nosniff
age: 343971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Mar 2025 13:26:32 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 80ms
9ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.cyfirma.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 10:16:35 GMT
x-content-type-options: nosniff
age: 355368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Mar 2025 10:16:35 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.cyfirma.com/my_includes/js/ 18 KB
5 KB 21ms
21ms Script
application/javascript 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/my_includes/js/wp-emoji-release.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cf-cache-status: HIT
age: 1270
content-length: 5039
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Feb 2024 14:32:18 GMT
server: cloudflare
etag: "4904-610b772012080-gzip"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c4feb888c40-FRA

POST
H2 200 apbct_get_pixel_url Show response
www.cyfirma.com/wp-json/cleantalk-antispam/v1/ 81 B
588 B 1348ms
1347ms XHR
application/json 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/wp-json/cleantalk-antispam/v1/apbct_get_pixel_url

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/apps/cleantalk-spam-protect/js/apbct-public-bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fca85050332ade9cf6bc43dda410165f054c6d7daee5d35ddc1ad8372ed0ba52

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
X-WP-Nonce: 931ab22e89
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
allow: POST
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.cyfirma.com
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
vary: Origin
x-robots-tag: noindex
link: <https://www.cyfirma.com/wp-json/>; rel="https://api.w.org/"
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray: 86e93c4feb8c8c40-FRA
x-wp-nonce: 931ab22e89
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/ 502 KB
201 KB 29ms
8ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa4ddb0e0c3bda5d6e61d56a544a7ff9ea3691eaa5126187daa6ed1875ba93e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
Origin: https://www.cyfirma.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 14:10:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82159
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 204859
x-xss-protection: 0
last-modified: Mon, 25 Mar 2024 04:00:24 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Apr 2025 14:10:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 290 KB
97 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KBLXRB4PTX&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b51fa6deb49d07579636ee2657d1c2a9bcb45630270e455ed57adcc183608e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99451
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 Apr 2024 12:59:23 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 34ms
6ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Apr 2024 11:38:42 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4841
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 03 Apr 2024 13:38:42 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 47ms
8ms Script
application/javascript 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Mar 2024 16:03:53 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=54884
accept-ranges: bytes
content-length: 17224

GET
H2 200 jg2ucp2q3y Show response
www.clarity.ms/tag/ 650 B
1015 B 136ms
104ms Script
application/x-javascript 2620:1ec:bdf::62
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/jg2ucp2q3y
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::62 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: bbfd4ee01c84206a5200ba943aef1852961d4e49cf18f8a19bb91ab013587e92

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: -1
date: Wed, 03 Apr 2024 12:59:23 GMT
x-azure-ref: 20240403T125923Z-u0tfp2zs3x5yreat4daukzvwgn0000000630000000001gq9
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 650
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 197 KB
71 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-80179732-4&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1144e510fd7e77265bad7dd5a423b80ce5802c21d748b7cb8c8c8791b16b5a34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73093
x-xss-protection: 0
last-modified: Wed, 03 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Apr 2024 12:59:23 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
89 KB 28ms
28ms Script
application/javascript 142.250.185.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XN67BK9M7N&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-80179732-4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

75a5cb174679882eb03adb56bc973d6c8789f155e2d0d8d02e9633a0a38972c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91296
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 Apr 2024 12:59:23 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 36ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-KBLXRB4PTX&gtm=45je4410v897044746z8852032066za200&_p=1712149163409&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1313224456.1712149164&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1712149163&sct=1&seg=0&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F&dt=CosmicDuke%20Malware%20Analysis%20-%20CYFIRMA&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=6054
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KBLXRB4PTX&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 12:59:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 57ms
19ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-KBLXRB4PTX&cid=1313224456.1712149164&gtm=45je4410v897044746z8852032066za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KBLXRB4PTX&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 12:59:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 48ms
31ms Image
image/gif 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KBLXRB4PTX&cid=1313224456.1712149164&gtm=45je4410v897044746z8852032066za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=2093172998

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 12:59:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
221 B 14ms
13ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=921940618&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F&ul=en-us&de=UTF-8&dt=CosmicDuke%20Malware%20Analysis%20-%20CYFIRMA&sd=24-bit&sr=800x600&vp=1600x1113&je=0&_u=YADAAAABAAAAACAAI~&jid=1105125360&gjid=451453403&cid=1313224456.1712149164&tid=UA-80179732-4&_gid=196738775.1712149164&_r=1&_slc=1&gtm=45He4410n815GT46FNv852032066za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=1201670030

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

bb2ccb10404cc6a241da8ff58b2ccb32e483c021f9123c09d4e5f565af4fc718

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 12:59:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
68 B 13ms
13ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=921940618&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F&ul=en-us&de=UTF-8&dt=CosmicDuke%20Malware%20Analysis%20-%20CYFIRMA&sd=24-bit&sr=800x600&vp=1600x1113&je=0&_u=YAHAAUABAAAAACAAI~&jid=842462160&gjid=1113545005&cid=1313224456.1712149164&tid=UA-80179732-4&_gid=196738775.1712149164&_r=1&gtm=457e4410za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&jsscut=1&npa=1&z=652327530

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 12:59:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysi...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysi...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4091476%26time%3D1712149163700%26li_adsId%3D531d129a-9304-4f02-8094-bc2cc7b5eb74%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysi...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analys...

0
264 B

198ms
180ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQL4-xMdQt_qHQAAAY6kCvFe4zti9A83NeopMO-gbzRQJbEFkO5px0vrYGb6ADjMwA
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: E2E574F838A545039AE5027EA3200018 Ref B: FRAEDGE1418 Ref C: 2024-04-03T12:59:24Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYVMMrBxBKdTGI/9629TA==

Redirect headers

date: Wed, 03 Apr 2024 12:59:23 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 7AFC8FE478154C9AB6D77ECDFC443ECA Ref B: FRAEDGE1818 Ref C: 2024-04-03T12:59:24Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1712149163700&li_adsId=531d129a-9304-4f02-8094-bc2cc7b5eb74&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQL4-xMdQt_qHQAAAY6kCvFe4zti9A83NeopMO-gbzRQJbEFkO5px0vrYGb6ADjMwA
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYVMMq+mr6THSn7BT6RxA==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 264 KB
91 KB 28ms
28ms Script
application/javascript 142.250.185.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XN67BK9M7N&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

62db2f77782bb7b4324f8dcce2cd17530f215eccc5a272a5e8507ff81f1cde3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93175
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 Apr 2024 12:59:23 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 15ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-XN67BK9M7N&gtm=45je4410v9135687612za200&_p=1712149163409&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1313224456.1712149164&ul=en-us&sr=800x600&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1712149163&sct=1&seg=0&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F&dt=CosmicDuke%20Malware%20Analysis%20-%20CYFIRMA&en=page_view&_fv=1&_ss=1&tfd=6098
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XN67BK9M7N&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 12:59:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyfirma.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.26/ 60 KB
25 KB 13ms
13ms Script
application/javascript 2620:1ec:bdf::62
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.26/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/jg2ucp2q3y
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::62 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5d0a9506ee0c2e64325d59451eff05b24df4cd07dc65f300b3bc39e28379640d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:23 GMT
content-encoding: br
last-modified: Mon, 01 Apr 2024 13:40:06 GMT
etag: W/"0x8DC52513DD96806"
vary: Accept-Encoding
x-azure-ref: 20240403T125923Z-u0tfp2zs3x5yreat4daukzvwgn0000000630000000001gqg
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: c19ef472-e01e-003c-4b4e-84071c000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

POST
H/1.1 204
No Content collect Show response
i.clarity.ms/ 0
295 B 564ms
353ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Wed, 03 Apr 2024 12:59:24 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 189ms
189ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.cyfirma.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:24 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A8FBF3389BB04449B618D921848FE66C Ref B: FRAEDGE1818 Ref C: 2024-04-03T12:59:24Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.cyfirma.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYVMMrEq/cUuugSzZRfmA==

GET
H/1.1 200
OK adc14be0d2dc093e71053944377fc651.gif
moderate10.cleantalk.org/pixel/ 43 B
264 B 30ms
6ms Image
image/gif 2a01:4f8:202:5466::4
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://moderate10.cleantalk.org/pixel/adc14be0d2dc093e71053944377fc651.gif
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a01:4f8:202:5466::4 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Apr 2024 12:59:24 GMT
X-Server-IP: 2a01:4f8:202:5466::4
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H/1.1 204
No Content collect Show response
i.clarity.ms/ 0
295 B 105ms
105ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Wed, 03 Apr 2024 12:59:25 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=57346362EB9C40FD88A87EA32585D8B1&RedC=c.clarity.ms&MXFR=3E78EADA5CF76EFC373AFE8C58F76002
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=57346362EB9C40FD88A87EA32585D8B1&MUID=341D86F51A3861090E5492A31B94602A

42 B
441 B

29ms
29ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=57346362EB9C40FD88A87EA32585D8B1&MUID=341D86F51A3861090E5492A31B94602A
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 12:59:27 GMT
last-modified: Fri, 01 Mar 2024 22:54:48 GMT
server: Microsoft-IIS/10.0
etag: "3e26b762b6cda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 03 Apr 2024 12:59:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F87ACC4D97DF425997C9C0B291F65866 Ref B: FRA31EDGE0721 Ref C: 2024-04-03T12:59:27Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=57346362EB9C40FD88A87EA32585D8B1&MUID=341D86F51A3861090E5492A31B94602A
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 fevicon-black.png
www.cyfirma.com/media/2020/03/ 5 KB
5 KB 21ms
21ms Other
image/png 2606:4700:10::6816:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/media/2020/03/fevicon-black.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:189e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47cd1bd50cbb69fd9eb4be85e06efc3fb46d41d0f5ddfe4ff97f96efa99e101a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.cyfirma.com/research/cosmicduke-malware-analysis/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 12:59:27 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1271
content-length: 5188
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Aug 2022 13:21:06 GMT
server: cloudflare
etag: "1444-5e56a38cff480"
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 86e93c694df38c40-FRA

POST
H/1.1 204
No Content collect Show response
i.clarity.ms/ 0
295 B 99ms
98ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Wed, 03 Apr 2024 12:59:29 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

Verdicts & Comments Add Verdict or Comment

200 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.cyfirma.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: hb2nrkobgv61m9qo5aglss88k3
.cyfirma.com/	1970-01-21 04:21:25	Name: _fw_crm_v Value: cd8afa7a-dc0d-4fc0-b839-ebc4ad8a0593
www.cyfirma.com/	1970-01-20 20:21:53	Name: first_session Value: %7B%22visits%22%3A1%2C%22start%22%3A1712149163408%2C%22last_visit%22%3A1712149163408%2C%22url%22%3A%22https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Fcosmicduke-malware-analysis%2F%22%2C%22path%22%3A%22%2Fresearch%2Fcosmicduke-malware-analysis%2F%22%2C%22referrer%22%3A%22%22%2C%22referrer_info%22%3A%7B%22host%22%3A%22%22%2C%22path%22%3A%22blank%22%2C%22protocol%22%3A%22about%3A%22%2C%22port%22%3A80%2C%22search%22%3A%22%22%2C%22query%22%3A%7B%7D%7D%2C%22search%22%3A%7B%22engine%22%3Anull%2C%22query%22%3Anull%7D%2C%22version%22%3A0.4%7D
.cyfirma.com/	1970-01-21 05:11:49	Name: _ga_KBLXRB4PTX Value: GS1.1.1712149163.1.0.1712149163.60.0.0
.www.cyfirma.com/	1970-01-21 05:11:49	Name: _ga Value: GA1.3.1313224456.1712149164
.www.cyfirma.com/	1970-01-20 19:37:15	Name: _gid Value: GA1.3.196738775.1712149164
.www.cyfirma.com/	1970-01-20 19:35:49	Name: _gat_UA-80179732-4 Value: 1
.cyfirma.com/	1970-01-20 19:37:15	Name: _gid Value: GA1.2.196738775.1712149164
.cyfirma.com/	1970-01-20 19:35:49	Name: _gat_gtag_UA_80179732_4 Value: 1
.cyfirma.com/	1970-01-21 05:11:49	Name: _ga_XN67BK9M7N Value: GS1.1.1712149163.1.0.1712149163.0.0.0
.cyfirma.com/	1970-01-21 05:11:49	Name: _ga Value: GA1.1.1313224456.1712149164
www.clarity.ms/	1970-01-21 04:21:25	Name: CLID Value: 5b5b80fb6ad440de8db5b4fdd10fab7a.20240403.20250403
.cyfirma.com/	1970-01-21 04:21:25	Name: _clck Value: 17ss6dn%7C2%7Cfkm%7C0%7C1554
.linkedin.com/	1970-01-20 21:45:25	Name: li_sugr Value: 676c39df-5f16-41ab-9d99-5b042dbabeb7
.linkedin.com/	1970-01-21 04:21:25	Name: bcookie Value: "v=2&f24d6b0f-cfa3-4e03-8def-73526c8c2ef0"
.linkedin.com/	1970-01-20 19:37:15	Name: lidc Value: "b=OGST05:s=O:r=O:a=O:p=O:g=3019:u=1:x=1:i=1712149163:t=1712235563:v=2:sig=AQEccSqrDG-TrAYrQdKHqV1O2I8HSoEY"
.linkedin.com/	1970-01-20 20:19:01	Name: UserMatchHistory Value: AQJOkoqseyN-RgAAAY6kCu_Z0K-QyNmaT4E7ANjqpuEHMl5HGLsdEdRLc9s82CcP2R1uKq9yOn9jIQ
.linkedin.com/	1970-01-20 20:19:01	Name: AnalyticsSyncHistory Value: AQL8sQ1MWjEHUQAAAY6kCu_ZoGZ05wBeC_rcAJpN8LIwDO552kwx9Ovn_QdZSX63vsXxPmamXVUIMshGxNfYWQ
.www.linkedin.com/	1970-01-21 04:21:25	Name: bscookie Value: "v=1&2024040312592411005026-0727-41f1-858f-59fb2563c96cAQHQ4OuA0gPJbNKFdVrabOtSuw4esyvw"
.linkedin.com/	1970-01-20 23:55:01	Name: li_gc Value: MTswOzE3MTIxNDkxNjQ7MjswMjEK4Bw1ri6dOlUJqSisKyDYhZK1ynovvY2xDEJIHeADKQ==
.cyfirma.com/	1970-01-20 19:37:15	Name: _clsk Value: 15aseil%7C1712149164447%7C1%7C1%7Ci.clarity.ms%2Fcollect
.bing.com/	1970-01-21 04:57:25	Name: MUID Value: 341D86F51A3861090E5492A31B94602A
.c.bing.com/	1970-01-20 19:45:53	Name: MR Value: 0
.c.bing.com/	1970-01-21 04:57:25	Name: SRM_B Value: 341D86F51A3861090E5492A31B94602A
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 04:57:25	Name: MUID Value: 341D86F51A3861090E5492A31B94602A
.c.clarity.ms/	1970-01-20 19:45:53	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 19:35:49	Name: ANONCHK Value: 0

50 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://www.cyfirma.com/template/assets/media/2022/09/footerbg.png Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.cyfirma.com/research/cosmicduke-malware-analysis/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

beta05.cyfirma.com
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdnjs.cloudflare.com
challenges.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
i.clarity.ms
in.fw-cdn.com
moderate10.cleantalk.org
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
snap.licdn.com
stats.g.doubleclick.net
www.clarity.ms
www.cyfirma.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
104.16.87.20
104.17.25.14
13.107.42.14
142.250.185.232
142.250.186.35
142.250.74.196
18.244.18.101
2001:4860:4802:32::36
2606:4700:10::6816:189e
2606:4700::6811:3b8
2620:1ec:21::14
2620:1ec:bdf::62
2620:1ec:c11::200
2a00:1450:4001:802::200a
2a00:1450:4001:810::2003
2a00:1450:4001:812::2003
2a00:1450:4001:813::200e
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9a
2a01:4f8:202:5466::4
2a02:26f0:480:f::213:7edd
52.167.85.21
68.219.88.97
0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180
01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349
02abbc042e9fa3908c036564fd470902e5be05dddfe17d8265f662a49ba39bde
07ce60e24df059952c6c4f6a82cdb94603280a563a2c2e467f71dc712d0892a7
0817e1810c8de83ebc932bde0bd8094fb48bf0ecc906b8bef8caa5b9ad5b1fd4
08d5a31905fcea7c4470ef2dff074e2af72a8b9731cf50a66be43934ef2715d6
108def0528b188d78212d66957bd99f7bef9309a3e697f78c8a0255fa10fec87
1144e510fd7e77265bad7dd5a423b80ce5802c21d748b7cb8c8c8791b16b5a34
1aa4c3d21c2a86169948b5acc1bf4a8589bd4898c5bca6f46a20ae8727b30179
1aeb9107928bb523947c28e17358efb50a07b942e15ed0a72259a5794ea2ca96
1b706803296305c6ad67535ffeda65e61a7cc85724865d84ec850a99981ffbe2
1b8dfcf33ce7eeaac56a5eb424781ab10e383db86314b195f568acc61fec3f16
1dcab65b9993e052b1144e982a61f761add74cd404b717830a3449d7f2d4c522
1f440edf6913d74304304e6683667a8688721562b495feb3c33420a4f0f7d515
1ff2c9e2f3c7e90edd5cbce389f57806f5f20b8d2e00f1503766ff438469470a
23d41ad24253295ba1183df47a908dee1985d8bce88c27b216da890ddd9f3e3a
290dc8deb77632ee52a3e08c01def62f5fb715b5c85fbc4afaa99a3c8b4d1a4e
2fbb1317e09b00ee140f43e416c854d5f3706c122c18653259a8fe63ef94119a
3b37d315dcea0fbeea45df259f6e857e674da51c9618efc9928b6cd5205189da
3f0bf6c7c4247fa5a2100058e45c6fe238c225fd1b73233a7dc30281c521926c
40790d44e3deecffafb17b8cdd23a754eabb0faee9c6dfeb3a3b7b17c2fbaa6a
425a515894a7215256e54706cc640acbb4fb34fd17eb29b374846d8b106e6f8e
4319403a5fb2c6d8ead8fefad5370fac31ebf65f447aaaf810100129bc373c18
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
47c58e41e2f38d9813c39b6641c96e12408522bf774779cb58973f67303875a7
47cd1bd50cbb69fd9eb4be85e06efc3fb46d41d0f5ddfe4ff97f96efa99e101a
4948aa9fd1875b6f894bf7ac085914baf38bc27d8b0699864a849c7b7f233ca7
4e55b451621a060d376f1b31af3b370ea3d65ab7532ca82e875e52882deefbae
4f2c1f098f7a28dbab913d292da562c06b45d6495ec9a60e6cbc6b99564ef5e4
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
503f9aa8675e396e6feec3369148a12f5c863c5068d573e72a3f2f4d217ac0d3
531d54b0a13396e41b2d0bd6338d03830ec2349d28a681b0838f2acbf134d255
539f5ac9dfd20b0944a5dcbf121289df379e4197e9263006b96b931c7bc18c5b
5d0a9506ee0c2e64325d59451eff05b24df4cd07dc65f300b3bc39e28379640d
62db2f77782bb7b4324f8dcce2cd17530f215eccc5a272a5e8507ff81f1cde3e
63ab9a2fb6fb65ca5debaa8686408bab41a073db2d5abcf0db248279d944ac51
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f0c572590421075878908e0b380c5a6d404f72aa7d6d125385943be658f8399
734eb66ec42044d294644d6e06b73eb7723ec74db2f6dd89c5bc98f0775695cf
738d4cf265345f71cce17d9a69eb8f20df5de1fa2a6e5be1c6ca76824cf8745a
7395c811c0079171a777baa56abfbdb5b912807bf11c8b7212b6489003e04307
759975539752ee86c2b252c115886ddf8ec8b9eaefd05dfb858db0f8f4a042a5
75a5cb174679882eb03adb56bc973d6c8789f155e2d0d8d02e9633a0a38972c1
773ce3c2e4dac8aab2d726f03cb53c9e9bd192981b7b7cb8e7d3e160fd97a562
77a602c28abf68cd5867c3346688578baa388fe47cd0374d900a98cdecd7fbb0
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7cf8b2588497dcd12fa96a75731c6ec327491f8d55f18da0af72b70afa6713af
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1
7fdaf38cb5b61dc1c6aa4ebc2270efd5c7caeb9ffc26017272f902e6ad07f899
84cc57d3cc87630aa3180ee548f38d33ea73969ff46765d7446e07df029abfd3
85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85
86e08c2b8e9027640e44408d0840e35f8d3ea353352aeed3aa390f78ad96d23b
8923b419e4c8664c907336088b47b301a9117ae7ccd572153901aa5fefaca506
8abb2fc8999a29631175acd7bbe2c32c3e955189013f2280607090d5213f46ba
8b1e23677bd4f08ecc320c5d24120e37c201893662f1735a227e40b9e294dff3
8b51fa6deb49d07579636ee2657d1c2a9bcb45630270e455ed57adcc183608e5
8c1f806310322c848c4c996ca568a03b3b16cf9487cbccf09aef3cf17e2c643d
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
974e81270e14d0829929fe7cf9e20bd0ad6c651a6c4203b6799740b970174a52
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
99bbc5cbd07c3d36c28f1a02bc0f1e7e7f3f4423ec93f07a13ffc884b8aa1a34
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9c0647c53dde19cd56b2dfd0626db41f3db20c92984e1e6a4d469c19e4823adf
9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d
a11f55caea154cdc5bb990fbc8cfcca5bacdde16cc1fb7bcd6d594576d65a812
a3eb2d0caf3502359966882d146b1a75e34bf933cbdace1c286395ea3fd1f567
a5d082a8a8042007ac2f3b4e5e0eee1f0b24d8d5c1fbf304275ef72d87a11d07
a98855ff9dd707b642bd4510039182325edbd4a1bf745eccde5a0a1d15b5b783
aa4ddb0e0c3bda5d6e61d56a544a7ff9ea3691eaa5126187daa6ed1875ba93e7
afeaafb4379950052a66395e6a3c04e1292c01be1f9b6c74cb448039be290da6
b1144e8a1e8ebadaf6f5b5725b753bf9c704c8bab459d07878d93da7c80a6046
b2134b4b272bc464e6e24c4349d5ad4b2046234f8dc1291e8127e4c52d6c1723
b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88
b336cf8710d8097c7de836d5534ff7c803b00c260c9500a4cb4b95f1905230c1
b3eede500590266592b52e0bb9b9ce990674d3c692e6291f19fa2ed2973789cd
b70afed08e44bc1907904f7e27c6bdd98b8808d18295b603fa173aecbf3a6964
b82368a28809e066c7a394775e69bc6ce1ca857317222b8b0ea4ffe53ae5b5f3
b905e0fbcc7a6ad1c69672ccd6782c66b23f9393b79de7b58f24eb631cc1dccf
bb2ccb10404cc6a241da8ff58b2ccb32e483c021f9123c09d4e5f565af4fc718
bbfd4ee01c84206a5200ba943aef1852961d4e49cf18f8a19bb91ab013587e92
bc3b59c278627cdb29d8975817ed927204ced9233e8776df01625d775637d226
c1f4a0435d192e1649695b99ae67b2e38b6de6564f4a769b1b079cffe93205d1
c3a3abafb3feeb073411dfd60890e6dfbe2e42bdf5557fbaf0044e528a4c4e3e
c57362794ada29200eaf4fe57394ee81787ad537dc2bf73eae86954954b9beb3
cba79732c9d0e64aa7a033590990e73fe8bbf3da12e72a0376cd68aeda1acbfb
ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d2e584d67a5b1a868363ed5e83a72ea6bc2cad8a052f64583d0fe95e7fa36e97
d4ca6310bab0846e407ba41ba9664c5a1e35ec39abaf980849ea7eb101416499
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df3b87a847789de9079b37932722e12ab2e868ac4e64a5ab13d1e22905d67ccd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e4572b48ee33a09c5296563555166ea2bedc103f79e046748d39ab86dc8591
e5d1ab29b4db88b7a272c5f21f745e82ac8da845c0de88c126e53991c775892a
e8e5aea71b92d5bc2e05586277048d2b3b558e75aa7df216a28e4b77bceecc8d
e9a165e6df0822efa90d6dd86806a9c090b78863a4167c2d6e2c97e870362391
ea057af1a737b4f0d108831bdc5de7617f55a5e74de56ad7f85f01e1d4020cb2
eb159f0e64f868842c4076aa1bad566f788936364cd8766e60e63c61f7b5d88e
eb29e39d9917d6ff545bc0c2c31ebc6b478664309178f7ed82da046caf6d2c0f
ecac4fc801141ce552220be4bb12969e2ee625e2cf08cf0edbac579a279b28f1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f317ff168377c5b94d740f17e27e8859d4f89abd2ff2416c0041684adcfa1004
f7bb442b06bfb13ecfee3c3ec2b6b19440a33e080ca9378f8d6f161281bd01ed
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fca85050332ade9cf6bc43dda410165f054c6d7daee5d35ddc1ad8372ed0ba52
fd8027b53a97cbd5782e85c5908e563c39776703ff9279f50658e630927b4167
ff92fb3496d6674df076843447fef6e881d41a8db9e41d5b52ffce80185bc17d

www.cyfirma.com Open in urlscan Pro 2606:4700:10::6816:189e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

117 Requests

97 %HTTPS

61 %IPv6

16 Domains

25 Subdomains

23 IPs

5 Countries

4081 kBTransfer

6850 kBSize

28 Cookies

6 Outgoing links

Page URL History

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cyfirma.com Open in urlscan Pro
2606:4700:10::6816:189e Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

97 %
HTTPS

61 %
IPv6

16
Domains

25
Subdomains

23
IPs

5
Countries

4081 kB
Transfer

6850 kB
Size

28
Cookies

117 HTTP transactions
0 data transactions