www.zscaler.com Open in urlscan Pro
104.18.29.74 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Effective URL:
https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Submission: On October 05 via api (October 5th 2023, 2:27:03 pm UTC) from DE — Scanned from DE

Summary HTTP 167 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 46 IPs in 4 countries across 47 domains to perform 167 HTTP transactions. The main IP is 104.18.29.74, located in and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com. The Cisco Umbrella rank of the primary domain is 65635.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 7th 2023. Valid for: a year.

This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.18.28.74 104.18.28.74	13335 (CLOUDFLAR...) (CLOUDFLARENET)
46	104.18.29.74 104.18.29.74	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	104.18.130.236 104.18.130.236	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.58.254.253 52.58.254.253	16509 (AMAZON-02) (AMAZON-02)
3	172.217.18.8 172.217.18.8	15169 (GOOGLE) (GOOGLE)
1	172.64.155.119 172.64.155.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
2	142.250.185.142 142.250.185.142	15169 (GOOGLE) (GOOGLE)
12	23.213.161.224 23.213.161.224	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 8	18.66.147.101 18.66.147.101	16509 (AMAZON-02) (AMAZON-02)
2	2.21.20.155 2.21.20.155	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	104.19.148.8 104.19.148.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	204.79.197.200 204.79.197.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
3	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
1	104.18.36.196 104.18.36.196	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	52.222.236.41 52.222.236.41	16509 (AMAZON-02) (AMAZON-02)
1	143.204.215.36 143.204.215.36	16509 (AMAZON-02) (AMAZON-02)
1	52.7.151.245 52.7.151.245	14618 (AMAZON-AES) (AMAZON-AES)
1	108.138.7.95 108.138.7.95	16509 (AMAZON-02) (AMAZON-02)
1	35.244.142.80 35.244.142.80	15169 (GOOGLE) (GOOGLE)
1	108.138.15.119 108.138.15.119	16509 (AMAZON-02) (AMAZON-02)
2	3.216.46.62 3.216.46.62	14618 (AMAZON-AES) (AMAZON-AES)
2	184.31.85.59 184.31.85.59	16625 (AKAMAI-AS) (AKAMAI-AS)
2	216.239.38.181 216.239.38.181	15169 (GOOGLE) (GOOGLE)
2	64.233.184.154 64.233.184.154	15169 (GOOGLE) (GOOGLE)
1 3	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
1	95.101.111.178 95.101.111.178	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	142.250.184.196 142.250.184.196	15169 (GOOGLE) (GOOGLE)
2	3.125.168.0 3.125.168.0	16509 (AMAZON-02) (AMAZON-02)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6 9	54.76.203.233 54.76.203.233	16509 (AMAZON-02) (AMAZON-02)
2	157.240.251.35 157.240.251.35	32934 (FACEBOOK) (FACEBOOK)
3 5	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	216.239.36.54 216.239.36.54	15169 (GOOGLE) (GOOGLE)
5	104.16.136.15 104.16.136.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.27.91 13.32.27.91	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.74 18.66.122.74	16509 (AMAZON-02) (AMAZON-02)
2	18.153.4.44 18.153.4.44	16509 (AMAZON-02) (AMAZON-02)
4	143.204.215.101 143.204.215.101	16509 (AMAZON-02) (AMAZON-02)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	99.81.137.90 99.81.137.90	16509 (AMAZON-02) (AMAZON-02)
1 1	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
1 2	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	70.42.32.95 70.42.32.95	13789 (INTERNAP-...) (INTERNAP-BLK3)
2	104.22.0.204 104.22.0.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
167	46

1 104.18.28.74 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 104.18.29.74 (None, )

ASN13335 (CLOUDFLARENET, US)

www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.130.236 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.254.253 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-254-253.eu-central-1.compute.amazonaws.com

netlify-rum.netlify.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.18.8 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.155.119 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.213.161.224 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-224.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.66.147.101 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-101.fra60.r.cloudfront.net

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.21.20.155 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-155.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.19.148.8 (None, )

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.36.196 (None, )

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.236.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-41.fra56.r.cloudfront.net

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-36.fra53.r.cloudfront.net

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.151.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-151-245.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.7.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-95.fra56.r.cloudfront.net

d2i34c80a0ftze.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.15.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-15-119.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.216.46.62 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-46-62.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.85.59 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-85-59.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.38.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.184.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.173.215 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.111.178 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-178.deploy.static.akamaitechnologies.com

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.125.168.0 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-168-0.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 54.76.203.233 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-203-233.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.251.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.36.54 (United States)

ASN15169 (GOOGLE, US)

us-central1-adaptive-growth.cloudfunctions.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.136.15 (None, )

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-91.fra56.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-74.fra60.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.153.4.44 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-153-4-44.eu-central-1.compute.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.215.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-101.fra53.r.cloudfront.net

st.fullcircleinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

306-zej-256.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.81.137.90 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-137-90.eu-west-1.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.34 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.27.193 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.95 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.22.0.204 (None, )

ASN13335 (CLOUDFLARENET, US)

acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	zscaler.com 1 redirects www.zscaler.com — Cisco Umbrella Rank: 65635	723 KB
17	adroll.com 8 redirects s.adroll.com — Cisco Umbrella Rank: 3302 d.adroll.com — Cisco Umbrella Rank: 1495	38 KB
13	6sc.co j.6sc.co — Cisco Umbrella Rank: 6581 c.6sc.co — Cisco Umbrella Rank: 9925 ipv6.6sc.co — Cisco Umbrella Rank: 6931 b.6sc.co — Cisco Umbrella Rank: 4494	24 KB
9	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2609 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 5672 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 5762 tracking.crazyegg.com — Cisco Umbrella Rank: 4823	91 KB
8	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 385	129 KB
6	google.com analytics.google.com — Cisco Umbrella Rank: 178 www.google.com — Cisco Umbrella Rank: 2	1 KB
6	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 stats.g.doubleclick.net — Cisco Umbrella Rank: 98 cm.g.doubleclick.net — Cisco Umbrella Rank: 255	6 KB
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 25281 ws.zoominfo.com — Cisco Umbrella Rank: 5039	29 KB
5	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 416 www.linkedin.com — Cisco Umbrella Rank: 708	5 KB
4	fullcircleinsights.com st.fullcircleinsights.com — Cisco Umbrella Rank: 114064	4 KB
3	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 542 ib.adnxs.com — Cisco Umbrella Rank: 261	2 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 11100	3 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 28664 ibc-flow.techtarget.com — Cisco Umbrella Rank: 25250	2 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 187	124 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	301 KB
2	acsbapp.com acsbapp.com — Cisco Umbrella Rank: 4430 cdn.acsbapp.com — Cisco Umbrella Rank: 4621	221 KB
2	openx.net 1 redirects us-u.openx.net — Cisco Umbrella Rank: 547	516 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 716	1 KB
2	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 17700	45 KB
2	cloudfunctions.net us-central1-adaptive-growth.cloudfunctions.net — Cisco Umbrella Rank: 3200	123 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 116	239 B
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 10864	907 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3987	6 KB
2	bing.com bat.bing.com — Cisco Umbrella Rank: 427	13 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 981	19 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	21 KB
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 900	145 B
1	lltrck.com lltrck.com — Cisco Umbrella Rank: 40367	272 B
1	mktoresp.com 306-zej-256.mktoresp.com	318 B
1	sf14g.com t.sf14g.com — Cisco Umbrella Rank: 112033	36 KB
1	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1808 insight.adsrvr.org Failed	3 KB
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 3174	6 KB
1	cloudfront.net d2i34c80a0ftze.cloudfront.net	11 KB
1	mountain.com dx.mountain.com — Cisco Umbrella Rank: 5803 px.mountain.com Failed	6 KB
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 15276	1 KB
1	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 7829	25 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 655	321 B
1	netlify.app netlify-rum.netlify.app — Cisco Umbrella Rank: 44615	4 KB
0	3lift.com Failed eb2.3lift.com Failed
0	taboola.com Failed sync.taboola.com Failed
0	yahoo.com Failed ups.analytics.yahoo.com Failed
0	pubmatic.com Failed image2.pubmatic.com Failed
0	rubiconproject.com Failed pixel.rubiconproject.com Failed
0	rlcdn.com Failed idsync.rlcdn.com Failed
0	bidswitch.net Failed x.bidswitch.net Failed
0	clearbit.com Failed app.clearbit.com Failed
0	Failed function sub() { [native code] }. Failed
167	47

	Domain	Requested by
47	www.zscaler.com	1 redirects www.zscaler.com
9	d.adroll.com	6 redirects s.adroll.com
9	b.6sc.co
8	s.adroll.com	2 redirects www.googletagmanager.com s.adroll.com d.adroll.com
8	cdn.cookielaw.org	www.zscaler.com cdn.cookielaw.org
6	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
4	st.fullcircleinsights.com	cdn.bizible.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	px.ads.linkedin.com	2 redirects cdn.bizible.com
4	www.google.com
3	js.zi-scripts.com	www.zscaler.com js.zi-scripts.com
3	connect.facebook.net	www.zscaler.com connect.facebook.net
3	googleads.g.doubleclick.net	www.googletagmanager.com
3	www.googletagmanager.com	www.zscaler.com www.googletagmanager.com
2	ib.adnxs.com	1 redirects
2	us-u.openx.net	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	x.clearbitjs.com	tag.clearbitscripts.com
2	us-central1-adaptive-growth.cloudfunctions.net	cdn.pdst.fm
2	www.facebook.com
2	ibc-flow.techtarget.com	cdn.bizible.com
2	epsilon.6sense.com	cdn.bizible.com
2	stats.g.doubleclick.net	www.googletagmanager.com cdn.bizible.com
2	analytics.google.com	www.googletagmanager.com
2	munchkin.marketo.net	www.zscaler.com munchkin.marketo.net
2	bat.bing.com	www.googletagmanager.com bat.bing.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	www.google-analytics.com	www.googletagmanager.com cdn.bizible.com
1	cdn.acsbapp.com	acsbapp.com
1	acsbapp.com	www.zscaler.com
1	sync.outbrain.com
1	cm.g.doubleclick.net	1 redirects
1	tracking.crazyegg.com	script.crazyegg.com
1	lltrck.com
1	306-zej-256.mktoresp.com	munchkin.marketo.net
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	www.linkedin.com	1 redirects
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	secure.adnxs.com	cdn.bizible.com
1	t.sf14g.com	www.zscaler.com
1	js.adsrvr.org	www.googletagmanager.com
1	cdn.pdst.fm	www.zscaler.com
1	d2i34c80a0ftze.cloudfront.net	www.googletagmanager.com
1	dx.mountain.com	www.zscaler.com
1	tag.clearbitscripts.com	www.googletagmanager.com
1	trk.techtarget.com	www.zscaler.com
1	cdn.bizible.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	netlify-rum.netlify.app	www.zscaler.com
0	px.mountain.com Failed	dx.mountain.com
0	eb2.3lift.com Failed
0	sync.taboola.com Failed
0	ups.analytics.yahoo.com Failed
0	image2.pubmatic.com Failed
0	pixel.rubiconproject.com Failed
0	idsync.rlcdn.com Failed
0	x.bidswitch.net Failed
0	app.clearbit.com Failed	cdn.bizible.com
0	insight.adsrvr.org Failed	js.adsrvr.org
0	54.156.2.105 Failed	dx.mountain.com
167	64

This site contains links to these domains. Also see Links.

Domain
accessibe.com
revolutionaries.zscaler.com
help.zscaler.com
admin.zscaler.net
admin.zscalerone.net
admin.zscalertwo.net
admin.zscalerthree.net
admin.zscalerbeta.net
admin.zscloud.net
admin.private.zscaler.com
reg.zenithlive.com
securitypreview.zscaler.com
customer.zscaler.com
community.zscaler.com
ir.zscaler.com
www.facebook.com
twitter.com
www.linkedin.com
threatlibrary.zscaler.com
facebook.com
linkedin.com
youtube.com

Subject Issuer	Validity	Valid
www.zscaler.com DigiCert SHA2 Extended Validation Server CA	`2023-02-07` - `2024-03-09`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.netlify.app DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-21` - `2024-01-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
6sc.co R3	`2023-08-19` - `2023-11-17`	3 months	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-09` - `2024-03-08`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-01` - `2024-07-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-14` - `2023-10-12`	3 months	crt.sh
js.zi-scripts.com Amazon RSA 2048 M03	`2023-09-17` - `2024-10-16`	a year	crt.sh
clearbitscripts.com Amazon RSA 2048 M01	`2023-06-11` - `2024-07-09`	a year	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2023-06-12` - `2024-06-23`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
cdn.pdst.fm GTS CA 1D4	`2023-09-22` - `2023-12-21`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
t.sf14g.com Amazon RSA 2048 M01	`2023-07-10` - `2024-08-07`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-09-21` - `2023-12-20`	3 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2022-11-08` - `2023-12-07`	a year	crt.sh
misc.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
crazyegg.com Amazon RSA 2048 M02	`2023-05-28` - `2024-06-26`	a year	crt.sh
clearbitjs.com Amazon RSA 2048 M01	`2023-03-17` - `2024-04-14`	a year	crt.sh
aws-st.fullcircleinsights.com Amazon RSA 2048 M01	`2023-05-30` - `2024-06-26`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
lltrck.com Amazon RSA 2048 M02	`2023-07-26` - `2024-08-23`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-06-02` - `2023-12-02`	6 months	crt.sh
acsbapp.com GTS CA 1P5	`2023-08-30` - `2023-11-28`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Frame ID: 2708F063634BB30978E3B6553F5A6A36
Requests: 154 HTTP requests in this frame

Frame: https://script.crazyegg.com/pages/data-scripts/0097/6635/site/www.zscaler.com.json?t=1
Frame ID: 99AC766EE2D9E7EB62E939C4EBAA0CEB
Requests: 5 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&upid=27hmsyx&upv=1.1.0
Frame ID: 673C07B3E5A4759BB7E902F7C74A7F73
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BunnyLoader | ThreatLabz

Page URL History Show full URLs

http://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service HTTP 301
https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service Page URL

Detected technologies

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Page Statistics

167
Requests

86 %
HTTPS

0 %
IPv6

47
Domains

64
Subdomains

46
IPs

4
Countries

1892 kB
Transfer

5802 kB
Size

52
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://accessibe.com/blog/knowledgebase/screen-reader-guide
Title: Accessibility Screen-Reader Guide, Feedback, and Issue Reporting

Search URL Search Domain Scan URL

URL: https://revolutionaries.zscaler.com/
Title: CXO REvolutionaries

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/phone-support
Title: Support

Search URL Search Domain Scan URL

URL: https://admin.zscaler.net/
Title: admin.zscaler.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerone.net/
Title: admin.zscalerone.net

Search URL Search Domain Scan URL

URL: https://admin.zscalertwo.net/
Title: admin.zscalertwo.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerthree.net/
Title: admin.zscalerthree.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerbeta.net/
Title: admin.zscalerbeta.net

Search URL Search Domain Scan URL

URL: https://admin.zscloud.net/
Title: admin.zscloud.net

Search URL Search Domain Scan URL

URL: https://admin.private.zscaler.com/
Title: Zscaler Private Access

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/client-connector/downloading-zscaler-client-connector
Title: Download Zscaler Client Connectors

Search URL Search Domain Scan URL

URL: https://reg.zenithlive.com/flow/zscaler/zenithlive23/home/page/event
Title: Zenith Live

Search URL Search Domain Scan URL

URL: http://securitypreview.zscaler.com/
Title: Security Preview

Search URL Search Domain Scan URL

URL: https://customer.zscaler.com/
Title: Customer Success Center

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/
Title: Zenith Community

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/
Title: Zscaler Help Portal

Search URL Search Domain Scan URL

URL: https://ir.zscaler.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://tinyurl.com/ynofjmnt

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://tinyurl.com/ynofjmnt%20%E2%80%94%20BunnyLoader,%20the%20newest%20Malware-as-a-Service%22

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://tinyurl.com/ynofjmnt

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=win32.downloader.bunnyloader
Title: Win32.Downloader.BunnyLoader

Search URL Search Domain Scan URL

URL: https://facebook.com/zscaler
Title: Visit us on Facebook

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/zscaler
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/zscaler
Title: Follow us on Twitter

Search URL Search Domain Scan URL

URL: https://youtube.com/user/ZscalerMarketing
Title: Subscribe our Youtube Channel

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service HTTP 301
https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 90

https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 91

https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 105

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1696516015149&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1696516015149&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1696516015149%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fbunnyloader-newest-malware-service%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1696516015149&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cookiesTest=true&liSync=true

Request Chain 133

https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cookie=&adroll_s_ref=&keyw=&p0=5475 HTTP 302
https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js

Request Chain 139

https://d.adroll.com/cm/b/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E

Request Chain 140

https://d.adroll.com/cm/g/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=nZkPCUKZvwof8eT17gLVOg HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 141

https://d.adroll.com/cm/index/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expiration=1728052016 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expiration=1728052016&C=1

Request Chain 142

https://d.adroll.com/cm/l/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=9d990f094299bf0a1ff1e4f5ee02d53a

Request Chain 143

https://d.adroll.com/cm/n/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expires=365

Request Chain 144

https://d.adroll.com/cm/o/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=9d990f094299bf0a1ff1e4f5ee02d53a&gdpr=0&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=9d990f094299bf0a1ff1e4f5ee02d53a&gdpr=0&gdpr_consent=

Request Chain 145

https://d.adroll.com/cm/outbrain/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=&us_privacy=1---

Request Chain 146

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 147

https://d.adroll.com/cm/r/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 148

https://d.adroll.com/cm/taboola/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E

Request Chain 149

https://d.adroll.com/cm/triplelift/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&dongle=c85e

Request Chain 150

https://d.adroll.com/cm/x/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DOWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E

167 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request bunnyloader-newest-malware-service Show response
www.zscaler.com/blogs/security-research/
Redirect Chain

http://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

389 KB
57 KB

440ms
82ms

Document
text/html

104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

7ace24b38f86556fd1ad49b43856a00f1cdee0d86c8c23ca1d34cb790f8210a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 5
cache-control: public,max-age=0,must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8116577f8cfd91ef-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 05 Oct 2023 14:26:48 GMT
server: cloudflare
strict-transport-security: max-age=31536000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-middleware-next: 1
x-nextjs-cache: REVALIDATED
x-nf-render-mode: odb ttl=300
x-nf-request-id: 01HC03QTYB5TQ525H5GE179F82
x-powered-by: Next.js

Redirect headers

CF-RAY: 8116577d2b043a9c-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Thu, 05 Oct 2023 14:26:48 GMT
Expires: Thu, 05 Oct 2023 15:26:48 GMT
Location: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 45 KB
7 KB 488ms
48ms Script
application/x-javascript 104.18.130.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/OtAutoBlock.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef401955627aaaedffd337dc3a7c4f9ad56f5dcd31f13833772760cda1aaa437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Oct 2023 14:26:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 44548
content-md5: 1BoBNuQl7UMMaO7E490CGQ==
content-length: 6406
x-ms-lease-status: unlocked
last-modified: Tue, 27 Dec 2022 13:11:15 GMT
server: cloudflare
etag: 0x8DAE80BD5AAEF51
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 78b21313-c01e-00c3-79e1-5a51a5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 811657845fd49b83-FRA
expires: Fri, 06 Oct 2023 14:26:49 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 462ms
22ms Script
application/javascript 104.18.130.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Oct 2023 14:26:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: h6ThlO7ea17v6JNPXbI1zQ==
age: 80676
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6822
x-ms-lease-status: unlocked
last-modified: Tue, 03 Oct 2023 06:34:45 GMT
server: cloudflare
etag: 0x8DBC3DAD582B491
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 4ac89543-201e-005a-6132-f65f64000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 811657845fd59b83-FRA

GET
H2 200 image
www.zscaler.com/_next/ 23 KB
23 KB 89ms
57ms Image
image/webp 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fpage%2Fbunnyloader-malware%2Fbunnyloader_cover_image.jpg&w=3840&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9194024c45e9645268fca98c11f83b4356d3edbcdcec9512d179a5a52f0bc312

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN cms.zscaler.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVBXQ2P2F9W6S8N6H0KW
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
server: cloudflare
age: 52602
etag: 39-1U7AI+ZGw/brQrB1Ycj/pHI+ibk
vary: Accept-Encoding
x-frame-options: SAMEORIGIN cms.zscaler.com
content-type: image/webp
cache-control: public,max-age=0,must-revalidate
x-middleware-next: 1
cf-ray: 81165782486891ef-FRA

GET
H2 200 219e54771de95554-s.p.woff2
www.zscaler.com/_next/static/media/ 37 KB
37 KB 129ms
108ms Font
font/woff2 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/219e54771de95554-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Origin: https://www.zscaler.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVA430KJ7PMG8C995VTM
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 65402
content-length: 37876
x-xss-protection: 1; mode=block
server: cloudflare
etag: "148f9e4ffbaa7bcf20d5e0bfe841cc9d-ssl"
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 81165781efab91ef-FRA

GET
H2 200 86085b213eb89904-s.p.woff2
www.zscaler.com/_next/static/media/ 39 KB
42 KB 147ms
127ms Font
font/woff2 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/86085b213eb89904-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Origin: https://www.zscaler.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVA9ERET7YPANNF5Q5F1
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 54552
content-length: 40264
x-xss-protection: 1; mode=block
server: cloudflare
etag: "a9ac231fdcbea4e028f0413ac7938bbc-ssl"
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 81165781ffba91ef-FRA

GET
H2 200 9cdafb0650413334-s.p.woff2
www.zscaler.com/_next/static/media/ 39 KB
42 KB 108ms
88ms Font
font/woff2 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/9cdafb0650413334-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Origin: https://www.zscaler.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVAA9F2FSR6HMWKSRRTK
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66949
content-length: 40336
x-xss-protection: 1; mode=block
server: cloudflare
etag: "0e4a690e19c3d57e2d5adc6ea1bcc3af-ssl"
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 81165781ffbc91ef-FRA

GET
H2 200 91b02aaaf1a4bd22.css
www.zscaler.com/_next/static/css/ 36 KB
10 KB 145ms
125ms Stylesheet
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/91b02aaaf1a4bd22.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dac172c83f0be147307dfd97fa9408a0169b7a9d89a0ff90fe15f0e5afaa9587

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVA58ZCFHZPTYXA91QD8
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 13574
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"e8111f4bcfd44cdf9ad53cb430b0c2a2-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165781ef9e91ef-FRA

GET
H2 200 02751ebafd40155e.css
www.zscaler.com/_next/static/css/ 95 KB
13 KB 105ms
85ms Stylesheet
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/02751ebafd40155e.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2e05217cb6c08c8ac8fccd62fe7541004252cb0fd5fe47716ea55bc7aa555f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QV9WSQ6JVY17XW63WG76
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66776
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"36c27d6edd572ec6da27682de12f21c0-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165781efa091ef-FRA

GET
H2 200 e7dc06e82b868664.css
www.zscaler.com/_next/static/css/ 65 KB
11 KB 70ms
50ms Stylesheet
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/e7dc06e82b868664.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e42f6184ef648fdb8c056ccc6da41e3a09644ce7fdd95362815cd7a12f71605f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVAFNWWXFY8ZF82PDKNW
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66698
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"ecd775d39a4240163baaad1888eb2b56-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165781efa191ef-FRA

GET
H2 200 2bb3d7e9c4ebcf90.css
www.zscaler.com/_next/static/css/ 1 KB
3 KB 133ms
116ms Stylesheet
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/2bb3d7e9c4ebcf90.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56b4fa3a6275dd5e2d4ad2e05d52d82bd4b11bea82e5fdd5d0a7cdf041f8b993

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVA44X9C8GG33VQNTZKG
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 55152
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"8cf012e69e807bb7d016e915b5f5ba50-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165781efa291ef-FRA

GET
H2 200 78b2866af437550b.css
www.zscaler.com/_next/static/css/ 8 KB
4 KB 142ms
126ms Stylesheet
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/78b2866af437550b.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a909387d9a8e4002ad81348f2577b0461b2a70899b74937921e93716cf4a10d8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVABBVERRKPP4VQ82CRH
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 63164
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"4c107082af44f11b731d0403c7d420fe-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165781efa391ef-FRA

GET
H2 200 801f6d9aa34f4b02.css
www.zscaler.com/_next/static/css/ 3 KB
714 B 148ms
132ms Stylesheet
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/801f6d9aa34f4b02.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81ab02c6d40fb1e29a0b2766561bb92e9beb010f5c659dfb81eb1c863e2a5f2c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVA58EBF9M2X4ZASSR14
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 57889
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"5921633ffb227e519533bbe74a8dcd50-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165781efa591ef-FRA

GET
H2 200 ec53f8462e5b8fef.css
www.zscaler.com/_next/static/css/ 7 KB
1 KB 99ms
86ms Stylesheet
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/ec53f8462e5b8fef.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4267d32a59156bafd580f07dc472b45c2594c779b8098747ce396d1d1b7c08ee

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVA44N1Y4RQM0125EGA5
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 65897
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"c91a9454ba7491c681f45223558747e1-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165781efa691ef-FRA

GET
H2 200 d34fc117d4462dbb.css
www.zscaler.com/_next/static/css/ 7 KB
1 KB 66ms
54ms Stylesheet
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d34fc117d4462dbb.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVA3ZYKMCVYKRAGBCJ8P
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 49036
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"1a60b95580ef664fff5bb731e3a0eaa8-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165781efa791ef-FRA

GET
H2 200 5f1c8f1293ef1148.css
www.zscaler.com/_next/static/css/ 13 KB
5 KB 146ms
133ms Stylesheet
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/5f1c8f1293ef1148.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11b5a686821421ce0fb1ce577bde13f68a92cf49fdedd639a8b0551372c64074

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVA4S5VJ5AA21TRKN244
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66901
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"a70fed461250ac2c91f94d4dcd9f139d-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165781efaa91ef-FRA

GET
H2 200 330.59e3c3fd383612ae.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
3 KB 124ms
52ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/330.59e3c3fd383612ae.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5ded1ffe23e46d165dbe335bdd960125108748d53f4b1c8b618c48f4ab56ed8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDCWD5K4EFAB05HEBXF
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 65898
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"5279f05dbfb3490a0c29dddba19e13fc-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8cd91ef-FRA

GET
H2 200 8733.10ba5091f0fa1759.js Show response
www.zscaler.com/_next/static/chunks/ 5 KB
4 KB 150ms
78ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/8733.10ba5091f0fa1759.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19cd0dc7c72395c3b78c3926e6281b07d1e009dcf829e654c83bd24d047ffd8a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDGAQ7MTSGRF2J6EGD9
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66949
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"83e655ea73abcea4d5d0d08748cfea01-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8d091ef-FRA

GET
H2 200 5935.5ad81bc6ba6d1b53.js Show response
www.zscaler.com/_next/static/chunks/ 30 KB
13 KB 140ms
68ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5935.5ad81bc6ba6d1b53.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26786094f79c9105634e05c0ce354b776d226519b2c372d63f4974b9c1abbe48

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDFCX6F96H7ZC0PNWTK
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 1638
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"52d2946706ee89da2f71df9eda77535e-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8d191ef-FRA

GET
H2 200 5130.114568681c024808.js Show response
www.zscaler.com/_next/static/chunks/ 885 B
3 KB 151ms
79ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5130.114568681c024808.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

321dd7db609a2d7a4cb41dfcb4f8a6734e00d6bedeffea72df73e1dc091b37e6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDGK4B9X91R4HERPTCT
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
server: cloudflare
age: 66949
etag: W/"daae7006e568c156b9d1fa44ada711ec-ssl"
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8d391ef-FRA
x-xss-protection: 1; mode=block

GET
H2 200 9531.30ad6da698c5c7bc.js Show response
www.zscaler.com/_next/static/chunks/ 7 KB
5 KB 183ms
112ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/9531.30ad6da698c5c7bc.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3cfbdf99270e24c2b75949272e4f548a74a7aa9dbc3eeb4cbffd443b167fbef

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDKKYRXYYB576SHQ586
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66124
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"2492c8891dd8a11c74866694a2ba2b2e-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8d491ef-FRA

GET
H2 200 6786.71687c972608b640.js Show response
www.zscaler.com/_next/static/chunks/ 3 KB
4 KB 170ms
100ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6786.71687c972608b640.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea78cd3a90f37316510cca9f00cf09508083e6d3449681b972fc03cd42e661a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDJK1J7THEJ9SPTDDM2
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66925
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"0792af1aa6a2b3b2323a2b4ead18857f-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8d691ef-FRA

GET
H2 200 3425.d048ff28c5de0d8d.js Show response
www.zscaler.com/_next/static/chunks/ 53 KB
18 KB 156ms
86ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/3425.d048ff28c5de0d8d.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bdc6b3655532dfc2d519924d65686ac9934358efd08cda36b063ac63809d3fd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDJKHJMTAGASTTWTKNW
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66776
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"62e8858470ce75bdbad1b284cc440f15-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8d791ef-FRA

GET
H2 200 webpack-6a7f4d59a4557026.js Show response
www.zscaler.com/_next/static/chunks/ 9 KB
7 KB 125ms
55ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/webpack-6a7f4d59a4557026.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2222466a042efc035b83df0678351fab8a97ae1d9691b5209ac7880314eb02b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDFC2G6K4M051X3XVSG
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 9281
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"cf194974b3161c2d0c8c59edaca71a9e-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8d891ef-FRA

GET
H2 200 framework-2645a99191cfc5e9.js Show response
www.zscaler.com/_next/static/chunks/ 138 KB
47 KB 137ms
72ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/framework-2645a99191cfc5e9.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c25c0404cd425a831870554b1fd9ace3825cbb08dc56acab61efe80d1cf4b2e6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDF0MMWV820JTQHY5G0
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 63328
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"eabd28ffae46875ae508f87a2c01b703-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8da91ef-FRA

GET
H2 200 main-c0eda78bcf8a5193.js Show response
www.zscaler.com/_next/static/chunks/ 103 KB
33 KB 184ms
118ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/main-c0eda78bcf8a5193.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e79ceafda235e0aca12f694c2a2fe35482cc5dc2bcab095480c3e6ab0ea61af0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDXARQBKFVPEYRSEG6Y
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66948
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"c6dbe74dd1520c3e383e2dd2a530d420-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8db91ef-FRA

GET
H2 200 _app-1b8b337b4d0f431f.js Show response
www.zscaler.com/_next/static/chunks/pages/ 20 KB
10 KB 145ms
80ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/pages/_app-1b8b337b4d0f431f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f567b9f4adac07f91ed47407a28d1d0340037c00dbadcc61fa5720e01962f29

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDNTMK283Z548RDKR3C
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 64438
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"d6a559d808a08d91e7b4f3d66cad6231-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8dc91ef-FRA

GET
H2 200 5157-dbb273093ef3cf1c.js Show response
www.zscaler.com/_next/static/chunks/ 190 KB
51 KB 146ms
87ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5157-dbb273093ef3cf1c.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b109e80c656782e4836c8712e3a36f5699e443e80f05135485b808406edc17f6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDXP011CDQFTM3T8072
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 6523
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"52aad05979003a9486e653a4a532fd7b-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8dd91ef-FRA

GET
H2 200 5403-1ae898f9ed2dbc92.js Show response
www.zscaler.com/_next/static/chunks/ 135 KB
40 KB 152ms
93ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5403-1ae898f9ed2dbc92.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c11b82bff1442d763e6eb3621e6c33bec23eb7230023caf9079b40cb9d02031

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDZEDSGX82GTC5CK502
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66776
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"3a5363eed79f2385db8d3654f20952dc-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8df91ef-FRA

GET
H2 200 8727-2d7d98050edbf550.js Show response
www.zscaler.com/_next/static/chunks/ 77 KB
22 KB 112ms
53ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/8727-2d7d98050edbf550.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caf78a8cea3e3bab59968caee028d3201a25de2856b42034490d4df184eaab6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDKZGWNK8VV76076SJV
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66674
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"0ad2d9583493b9ccc6abd79581d98e6a-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8e191ef-FRA

GET
H2 200 2652-630ce08b4127485f.js Show response
www.zscaler.com/_next/static/chunks/ 113 KB
28 KB 149ms
92ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/2652-630ce08b4127485f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66e801071d61726e0e2f6d0344dd6cca6746000b5f07d6d9ded39248dd06633e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDY8VK0KK41BQZAHW3G
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 9167
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"dcd87e99bbb9b324b174807e5c66fb84-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8e391ef-FRA

GET
H2 200 %5B...slug%5D-869e4022107cb02c.js Show response
www.zscaler.com/_next/static/chunks/pages/blogs/ 2 KB
4 KB 166ms
110ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/pages/blogs/%5B...slug%5D-869e4022107cb02c.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6a1de658799684ccdaff4b4577a481267ac357b2091df7df3a05497cb28469e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDWHVD043ME0ZW93T72
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 65897
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"0cf1367758a7d79d8aea1888687599a8-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8e791ef-FRA

GET
H2 200 _buildManifest.js Show response
www.zscaler.com/_next/static/VGQ-ZD8HYL13QyZNaaQLd/ 1 KB
3 KB 167ms
111ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/VGQ-ZD8HYL13QyZNaaQLd/_buildManifest.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e28ae580be11acb4e7b88ba1f25771013dfefb03d79f8761ba0eb7b3bdee3c3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDK69741RET96MX015Y
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66124
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"6481d9c22f81a6b3e453bdfc4db9b4b7-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8e891ef-FRA

GET
H2 200 _ssgManifest.js Show response
www.zscaler.com/_next/static/VGQ-ZD8HYL13QyZNaaQLd/ 140 B
3 KB 172ms
115ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/VGQ-ZD8HYL13QyZNaaQLd/_ssgManifest.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65c25b225b014ed8ec34579c3d636c0c469ceac68c0d5f3e49ccca778b6c2fab

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVDZXM09W1D4QQEYP4SA
date: Thu, 05 Oct 2023 14:26:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
server: cloudflare
age: 66776
etag: W/"cb9eba502fd7adb0ac168f22c0a8ce2d-ssl"
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public,max-age=0,must-revalidate
cf-ray: 81165782a8ea91ef-FRA
x-xss-protection: 1; mode=block

GET
H2 200 email-decode.min.js Show response
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
852 B 61ms
49ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:49 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
last-modified: Fri, 29 Sep 2023 17:15:01 GMT
server: cloudflare
content-encoding: gzip
etag: W/"65170615-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 81165781ffbd91ef-FRA
expires: Sat, 07 Oct 2023 14:26:49 GMT

GET
H2 200 netlify-rum.js Show response
netlify-rum.netlify.app/ 11 KB
4 KB 397ms
10ms Script
application/javascript 52.58.254.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://netlify-rum.netlify.app/netlify-rum.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.58.254.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-58-254-253.eu-central-1.compute.amazonaws.com

Software

Netlify /

Resource Hash

257ef1b7dd06f88a465e5badb58c57b62cf678d7618ecc2929aa3b428e848122

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QVQRCD2NAV3CH3Z9YBSJ
date: Thu, 05 Oct 2023 14:26:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 231948
etag: "54532a6790b2b7735e09ba58d8c94658-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
content-length: 4025

GET
H2 200 bunny_figure_1.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/page/bunnyloader-malware/ 44 KB
44 KB 50ms
30ms Image
image/avif 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/page/bunnyloader-malware/bunny_figure_1.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b481c8954946825cb226260243c13daed357819760acc0bd38e0593a7a24a98d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:49 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
content-length: 45279
cf-resized: internal=ok/d q=0 n=718+130 c=0+0 v=2023.9.8 l=45279
last-modified: Fri, 29 Sep 2023 19:34:18 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "cfNd3Y8m34GFHuvDiOT2f2fr6g1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive"
content-type: image/avif
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 811657845b0491ef-FRA

GET
H2 200 bunny_figure_2.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/page/bunnyloader-malware/ 39 KB
39 KB 48ms
28ms Image
image/webp 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/page/bunnyloader-malware/bunny_figure_2.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b74934da59a4a9f969cee930e53ac5f7e55a058db68f07501faaa2486d056daf

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:49 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
content-length: 39938
cf-resized: internal=ok/d q=0 n=485+108 c=0+0 v=2023.9.8 l=39938
last-modified: Fri, 29 Sep 2023 19:53:34 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf_jh_5BKF9uHdv3k6J3K9dKUW1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
content-type: image/webp
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 811657846b0891ef-FRA

GET
H2 200 3e894970-e3e9-4783-85e9-7c38eedbfbbf.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 5 KB
2 KB 2697ms
1104ms XHR
application/x-javascript 104.18.130.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/3e894970-e3e9-4783-85e9-7c38eedbfbbf.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7cfd5dc386d092ab9afb5af683856ed88121e55e6bf1024333c3151ccc46e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Oct 2023 14:26:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 70105
content-md5: StpE19/mctRp4PJx19Cb7Q==
content-length: 1739
x-ms-lease-status: unlocked
last-modified: Tue, 27 Dec 2022 13:11:16 GMT
server: cloudflare
etag: 0x8DAE80BD639ADC0
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b2a92248-f01e-00cb-47e1-5a4ad6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8116579d4f695bdd-FRA
expires: Fri, 06 Oct 2023 14:26:53 GMT

GET
H2 200 7763.388ef9f1e59537d2.js Show response
www.zscaler.com/_next/static/chunks/ 999 B
3 KB 88ms
88ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/7763.388ef9f1e59537d2.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-6a7f4d59a4557026.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6635c7a8c9340a594fe3030b37828f0bcc792414b520f48f3e8b566e78e8239e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QX29J0T6PS8Q4K0S994G
date: Thu, 05 Oct 2023 14:26:51 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
server: cloudflare
age: 64524
etag: W/"cf61869a92248c4a243140d8f96f92f9-ssl"
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public,max-age=0,must-revalidate
cf-ray: 8116578d2cc791ef-FRA
x-xss-protection: 1; mode=block

GET
H2 200 5551.be333bf1a8475626.js Show response
www.zscaler.com/_next/static/chunks/ 965 B
3 KB 92ms
90ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5551.be333bf1a8475626.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-6a7f4d59a4557026.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79e4c7ae4935ffccf99e5f7e878bd26041f9b26e242371fa2b9a0d25e828010a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QX26MJDY3SZ9V8F2ZQED
date: Thu, 05 Oct 2023 14:26:51 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
server: cloudflare
age: 64318
etag: W/"5d3dd45a7501cb7252e7bddb030308cc-ssl"
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public,max-age=0,must-revalidate
cf-ray: 8116578d2cce91ef-FRA
x-xss-protection: 1; mode=block

GET
H2 200 6023.eb027d8b2eca9d08.js Show response
www.zscaler.com/_next/static/chunks/ 1007 B
3 KB 31ms
30ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6023.eb027d8b2eca9d08.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-6a7f4d59a4557026.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

decf18e6ed4b163a7a0ef6ddecbafcfb300be5f0cd98140960efc65adb115c59

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QX27M32KFFHC728B8QMN
date: Thu, 05 Oct 2023 14:26:51 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
server: cloudflare
age: 64898
etag: W/"48732aba7648bf3a952f868405c91ca2-ssl"
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public,max-age=0,must-revalidate
cf-ray: 8116578d2ccf91ef-FRA
x-xss-protection: 1; mode=block

GET
H2 200 790.172105aad548b0af.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
3 KB 81ms
81ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/790.172105aad548b0af.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-6a7f4d59a4557026.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

453d1d7e123dbb1eb52bd8bcea12a17ed52a2362bf5b6a7fa629ba720a0e6f41

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QX28YTW43EY29SJQZH6F
date: Thu, 05 Oct 2023 14:26:51 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 65950
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"9c520ebdae4429c498150b6c5d54cce9-ssl"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8116578d2cd091ef-FRA

GET
H2 200 6831.22fb05c3ff44b775.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
3 KB 90ms
89ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6831.22fb05c3ff44b775.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-6a7f4d59a4557026.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbb2df2831ea2234d9a6db640b566056945c3025380ddb99653c9546f6fca8e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QX2C5S3PKDDG7B3RS71P
date: Thu, 05 Oct 2023 14:26:51 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 58085
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"37833668eaa05dd954abf7b60fff8d5f-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8116578d2cd491ef-FRA

GET
H2 200 image
www.zscaler.com/_next/ 26 KB
26 KB 1125ms
1124ms Image
image/webp 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fshopping_for_malware.jpeg&w=640&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/5403-1ae898f9ed2dbc92.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f8dbb0c1da244adb7958e5993a569905651c2664432a7a774c1e3661a213d0f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN cms.zscaler.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QYA2BM59H843SJB3EHMS
date: Thu, 05 Oct 2023 14:26:52 GMT
content-security-policy: default-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
server: cloudflare
age: 22032
etag: 37-nW0ZHCot2yb21PRCkn7569VhWBY
vary: Accept-Encoding
x-frame-options: SAMEORIGIN cms.zscaler.com
content-type: image/webp
cache-control: public,max-age=0,must-revalidate
x-middleware-next: 1
cf-ray: 811657952d2d91ef-FRA

GET
H2 200 image
www.zscaler.com/_next/ 6 KB
6 KB 1141ms
1140ms Image
image/webp 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2F----category-images%2FantiVirus%2Fzscaler-blog-antivirus-3%25402x.jpg&w=640&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/5403-1ae898f9ed2dbc92.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86e997a90e6cc4bbe6b0927dacd313ed69a5a330d5e2b30c802a01af8e3800a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN cms.zscaler.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QYA39CAM2PE3GPKTX6VW
date: Thu, 05 Oct 2023 14:26:52 GMT
content-security-policy: default-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
server: cloudflare
age: 5
etag: "162e-JNDsMoNiDEDZtKUKe8Tb+/eNxDE"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN cms.zscaler.com
content-type: image/webp
cache-control: public,max-age=0,must-revalidate
x-middleware-next: 1
cf-ray: 811657952d2f91ef-FRA

GET
H2 200 image
www.zscaler.com/_next/ 20 KB
20 KB 1132ms
1131ms Image
image/webp 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2F----category-images%2Fbotnets%2Fzscaler-blog-botnets-3%25402x_4.jpg&w=640&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/5403-1ae898f9ed2dbc92.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be0db9e6d91eb7e3237a4fe419cb085d990f8a70a009c3469d468d84e71bf986

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN cms.zscaler.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QYA2B658SD5PQ7PB4ETX
date: Thu, 05 Oct 2023 14:26:52 GMT
content-security-policy: default-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
server: cloudflare
age: 5
etag: 38-AFoHKdcvStW9Uft/TYnupD+nvg0
vary: Accept-Encoding
x-frame-options: SAMEORIGIN cms.zscaler.com
content-type: image/webp
cache-control: public,max-age=0,must-revalidate
x-middleware-next: 1
cf-ray: 811657952d3091ef-FRA

GET
H2 200 02751ebafd40155e.css Show response
www.zscaler.com/_next/static/css/ 95 KB
10 KB 1223ms
1212ms Fetch
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/02751ebafd40155e.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-c0eda78bcf8a5193.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2e05217cb6c08c8ac8fccd62fe7541004252cb0fd5fe47716ea55bc7aa555f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QYBT57FY6XNECN7ZHYFV
date: Thu, 05 Oct 2023 14:26:52 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66928
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"36c27d6edd572ec6da27682de12f21c0-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 811657958d9391ef-FRA

GET
H2 200 e7dc06e82b868664.css Show response
www.zscaler.com/_next/static/css/ 65 KB
11 KB 1128ms
1117ms Fetch
text/css 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/e7dc06e82b868664.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-c0eda78bcf8a5193.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e42f6184ef648fdb8c056ccc6da41e3a09644ce7fdd95362815cd7a12f71605f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QYBXBMN080XZQ762V4GW
date: Thu, 05 Oct 2023 14:26:52 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 62045
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"ecd775d39a4240163baaad1888eb2b56-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 811657958d9591ef-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 466 KB
124 KB 1390ms
70ms Script
application/javascript 172.217.18.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

11a8bbfd193f5e9127191cea897f907518b910553b4cb8bec9cb359c0124ccfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126914
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Oct 2023 14:26:53 GMT

GET
H2 200 fail-over.js Show response
www.zscaler.com/ 0
3 KB 1172ms
1132ms Script
application/javascript 104.18.29.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/fail-over.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-c0eda78bcf8a5193.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.74 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-nf-request-id: 01HC03QZJKXW1FCR4PA4MGM5V0
date: Thu, 05 Oct 2023 14:26:53 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 66285
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
etag: "383af88de014d2b67043cdb4e8caa326-ssl"
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8116579d4d8291ef-FRA

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 83 B
321 B 451ms
31ms XHR
application/json 172.64.155.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029b26f8121f14889b98ac012ec687039b9c5f3091e8245490eb8732f805e3ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 811657a0af742bf1-FRA
access-control-allow-headers: Content-Type

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/ 2 KB
1 KB 517ms
68ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1696516014074&cv=11&fst=1696516014074&bg=ffffff&guid=ON&async=1&gtm=45He3a20&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&hn=www.googleadservices.com&frm=0&tiba=BunnyLoader%20%7C%20ThreatLabz&auid=26188319.1696516014&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

3a93e26b757812a5d19e3a75a2fd16462fc826f01078bbe973cb84f4c172ce26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1328
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 529ms
4ms Script
text/javascript 142.250.185.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 13:51:33 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2121
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 05 Oct 2023 15:51:33 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 2 KB
2 KB 511ms
67ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1696516014084&cv=11&fst=1696516014084&bg=ffffff&guid=ON&async=1&gtm=45He3a20&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&hn=www.googleadservices.com&frm=0&tiba=BunnyLoader%20%7C%20ThreatLabz&auid=26188319.1696516014&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

81aaff1d8cab0873e7f8fd680783676eda2e4f25a4cd847b44e24fc7775b24ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 289 KB
95 KB 31ms
30ms Script
application/javascript 172.217.18.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

c27f707b032aed49a39b643702d3a86e4b047f3672ca36588a928bc7ca456d61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96772
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 05 Oct 2023 14:26:54 GMT

GET
H2 200 6934ae2b-4c76-4229-97d0-8f637b004b88.js Show response
j.6sc.co/j/ 4 KB
4 KB 217ms
189ms Script
application/javascript 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-224.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id: uLuCr1hhLpJjZt0sFSB89FSJa4YqIrE7
date: Thu, 05 Oct 2023 14:26:54 GMT
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 3771
pragma: no-cache
last-modified: Tue, 02 May 2023 17:36:47 GMT
server: AmazonS3
etag: "afb8c61166e7f50fe6d7ab7b6377733c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: XvPRy2IrqUARfOPQkT4PC69-ldPx5l-Ih9wDm-_CKfPbGQxPNIJibw==
expires: Thu, 05 Oct 2023 14:26:54 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 75 KB
24 KB 478ms
26ms Script
text/javascript 18.66.147.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0e7ad47a4bc6ddbb17cb8cbe6167dae4717d0b5962a1d63de2e93e6dc201b9e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Amz-Version-Id: 2W0nFhLgp3U9gUvvEzXT9GuNEpd6A6yg
Content-Encoding: gzip
Via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
Date: Thu, 05 Oct 2023 13:45:36 GMT
Age: 2481
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 03 Aug 2023 19:17:31 GMT
Server: AmazonS3
Etag: W/"67e54a60303cfbf4c3b977aa390ad408"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 3USlxm6GbvkYjtfOcFPKgp0d3aiFZ3yMqwTuPRShskk_Jm1Bfeg3Rg==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 491ms
23ms Script
application/x-javascript 2.21.20.155
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.20.155 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-21-20-155.deploy.static.akamaitechnologies.com

Software

Resource Hash

28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 05 Sep 2023 13:41:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=66274
accept-ranges: bytes
content-length: 3822

GET
H2 200 6635.js Show response
script.crazyegg.com/pages/scripts/0097/ 6 KB
2 KB 512ms
45ms Script
text/javascript 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 773a4525e2a9ce52689427392e4f9b222b25159e4c97386078fbeff07965369f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 10949
cf-polished: origSize=6011
ce-version: 11.5.127
cf-bgj: minify
last-modified: Thu, 05 Oct 2023 11:24:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 811657a34e84382c-FRA

GET
H2 200 bat.js Show response
bat.bing.com/ 44 KB
13 KB 524ms
56ms Script
application/javascript 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

a-0001.a-msedge.net

Software

Resource Hash

a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 05 Oct 2023 14:26:53 GMT
last-modified: Wed, 06 Sep 2023 22:41:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B85618C3A8144EA8864936F664F854BB Ref B: FRAEDGE1316 Ref C: 2023-10-05T14:26:54Z
etag: "09cc4613e1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12981

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 74ms
17ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA7) /
Resource Hash: d43b25c0ef488f3f361c0aa0ce5b9168a0feb1005710e61a55391ae2d1dc3ad2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
last-modified: Thu, 28 Sep 2023 23:06:50 GMT
server: ECS (amb/6BA7)
age: 46638
etag: "9f54ad7660f2d91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25471

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 198 KB
53 KB 466ms
2ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 05 Oct 2023 14:26:54 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53356
x-xss-protection: 0
pragma: public
x-fb-debug: m0XGvgGE3W3EFkK5+SWegpGjLRWpDiDju5gvGYcp+Ht8FzS5jW5vXIqCEqECXIeI4MbHoYhKbXurw+/WZfPYBg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 458ms
71ms Script
text/javascript 104.18.36.196
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.196 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 73731
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 811657a36a0c03cd-FRA
expires: Thu, 05 Oct 2023 14:46:54 GMT

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 201ms
36ms Script
application/javascript 52.222.236.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-41.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c365a59132dd34b492cb3a77d534078dd35cbbf75dbb2eabbe328642b74a291b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id: Rt6XPSKiJ8UdHSAhNzDbvtFnl_cNNgVn
content-encoding: gzip
via: 1.1 2ffde5fadc46cbcc3a678e8713ed76b0.cloudfront.net (CloudFront)
date: Thu, 05 Oct 2023 07:53:17 GMT
last-modified: Mon, 24 Jul 2023 07:50:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 23618
etag: W/"4eb0c668e820abe414d19a11b92dd0fa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: I0-7yFEACnaD9pDO68VBCe6IjA5y9VBAKBQUnP6iAhA6Bj6qHQjEpQ==

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_4076c50391dc25ee5135d900b5939610/ 2 KB
1 KB 748ms
185ms Script
application/javascript 143.204.215.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_4076c50391dc25ee5135d900b5939610/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-36.fra53.r.cloudfront.net

Software

envoy /

Resource Hash

c630fd06ab981a72bc75eabb81827ad5a0e1ebb899e0e80466284e380610ee37

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 86ef89199388021c33b079c598103b12.cloudfront.net (CloudFront)
server: envoy
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
etag: W/"afa11d7addbf859bae69c410aa3335ef"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
x-amz-cf-id: -rbHJUG3CnCZBhCbX_LfUH_gFs9a91qnIiz-uxwmPfttmd0lwhbdzg==

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 20 KB
6 KB 741ms
110ms Script
application/javascript 52.7.151.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cb=52830886897095300term=value
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.151.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-151-245.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: c1117f11a0f8f25b894255b5d906a8849141e16e2fb4e0a981f7f092459211d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
server: istio-envoy
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
x-envoy-upstream-service-time: 3
be: spx-prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 fullcircle.js Show response
d2i34c80a0ftze.cloudfront.net/ 32 KB
11 KB 554ms
13ms Script
application/json 108.138.7.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=731c316a-c46e-4a94-81a9-7cfc0ea0d53e&domain=zscaler.com
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-95.fra56.r.cloudfront.net
Software: /
Resource Hash: aa2b8282a1438a0e53971aa29a5c54f2911a3cb79b44cc20f8521ead150c458f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 03:33:33 GMT
via: 1.1 c888f786e25e6e3c7dbb7e9da462d714.cloudfront.net (CloudFront), 1.1 bfb5bffe90e3b0e760933a7a07d850ba.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-C1, FRA56-P6
age: 39202
x-amzn-requestid: f9b703fe-508d-4d01-9396-a39dbbf757b2
x-amzn-trace-id: Root=1-651e2e8d-787c604e00c8586e45883c41;Sampled=0;lineage=be50798f:0
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amz-apigw-id: MTw2JHTVPHcFyfg=
x-amz-cf-id: rwUyeqV773KyQVM61ZLIVihM1eHIU7VwlLbEUM7SlTCdHPP5bhq8dw==

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 26 KB
6 KB 492ms
32ms Script
application/javascript 35.244.142.80
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:36 GMT
content-encoding: gzip
age: 19
x-guploader-uploadid: ADPycdsmOtnZA8CFbQPcK1KP3m57LiDz3orPwUunw7UkdD_s3ormTpx5O3PXe24jC5DRJqllR_qpmRy7KB1YQkEIFnfH9ald2Zg1
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5774
last-modified: Fri, 28 May 2021 20:34:03 GMT
server: UploadServer
etag: "d001d1c9f5a942fa5524eeacb047e819"
vary: Accept-Encoding
x-goog-generation: 1622234043862937
x-goog-hash: crc32c=oKoi/w==, md5=0AHRyfWpQvpVJO6ssEfoGQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 5774
accept-ranges: bytes
content-type: application/javascript;
expires: Thu, 05 Oct 2023 15:26:36 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 244 KB
82 KB 36ms
32ms Script
application/javascript 172.217.18.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-812494211

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

03de655268aee1735f4e61f140be049fa39d06bbb488e0a00e7a98a2718fb4b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84037
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Oct 2023 14:26:54 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 5 KB
3 KB 534ms
26ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 03:51:17 GMT
Content-Encoding: gzip
Via: 1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
Last-Modified: Tue, 01 Aug 2023 20:10:44 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P7
Age: 38139
x-amz-server-side-encryption: AES256
ETag: W/"b7474eac210849250426a8f6a39d00f3"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: n543Ovt1cBngvcfvR1bqlJyK9-PXkeX60OlcLnkwkc6XK9tI8HnC7Q==

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 36 KB
36 KB 594ms
141ms Script
application/javascript 3.216.46.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.216.46.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-216-46-62.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

6b171db7ca7ffee17e14f5d432d37e4ec87d6e7a5ce361670e329f705ee34364

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
strict-transport-security: max-age=2592000
last-modified: Tue, 09 Feb 2021 15:39:01 GMT
server: Kestrel
etag: "1d6fef9b02c88cc"
content-type: application/javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 36940
expires: -1

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 608ms
163ms Script
application/x-javascript 184.31.85.59
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-85-59.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 14:26:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

POST
H2 204 collect
analytics.google.com/g/ 0
254 B 439ms
34ms Ping
text/plain 216.239.38.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je3a20&_p=958670622&_gaz=1&cid=1886675628.1696516014&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1696516014&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&dt=BunnyLoader%20%7C%20ThreatLabz&en=page_view&_fv=1&_nsi=1&_ss=1&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.page_language=en&ep.page_hostname=www.zscaler.com
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 27ms
25ms Ping
text/plain 64.233.184.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=1886675628.1696516014&gtm=45je3a20&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.184.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wa-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.39.0/ 372 KB
89 KB 23ms
22ms Script
application/javascript 104.18.130.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Zp/CcrZmK7hQ2S6c/t9Tpw==
age: 34349
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 90454
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:31:04 GMT
server: cloudflare
etag: 0x8DA87805EB35DE2
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 526a626c-301e-007c-66e1-5a45d3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 811657a11e659b83-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/57d0b2fd-5e95-4e1b-923d-cff7f0c71c9e/ 76 KB
15 KB 32ms
26ms Fetch
application/x-javascript 104.18.130.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/57d0b2fd-5e95-4e1b-923d-cff7f0c71c9e/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69fe3a3cb8e52c9522e1317a41bfda30f19e6c199fb84c66f083cd9e35e46442

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 64364
content-md5: a+O//X2h08gSfqxZ78vXYQ==
content-length: 15164
x-ms-lease-status: unlocked
last-modified: Tue, 27 Dec 2022 13:11:17 GMT
server: cloudflare
etag: 0x8DAE80BD6BFBADE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2fb75736-001e-017b-7ce3-5af503000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 811657a18bc05bdd-FRA
expires: Fri, 06 Oct 2023 14:26:54 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 51 KB
15 KB 110ms
107ms Script
application/javascript 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Aug 2023 22:29:49 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64e7d9dd-cc38"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14993
expires: Thu, 05 Oct 2023 14:26:54 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 13 KB
3 KB 78ms
73ms Fetch
application/json 104.18.130.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Xx897lTVYGjMQiwuGCrzDA==
age: 64364
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3007
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:30:55 GMT
server: cloudflare
etag: 0x8DA87805972EF22
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 787e6ad9-401e-0138-04e1-5adfea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 811657a22c7b5bdd-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 5 KB
2 KB 77ms
72ms Fetch
application/json 104.18.130.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ssl6Phwu9+sah2W05EtyUQ==
age: 24608
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:30:57 GMT
server: cloudflare
etag: 0x8DA87805A8DD1F0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 95db905d-901e-0094-2de3-5ab828000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 811657a22c7c5bdd-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 22 KB
5 KB 78ms
73ms Fetch
text/css 104.18.130.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Oct 2023 14:26:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: B55i3ZY9miZIaUrwjufy0w==
age: 62962
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:31:09 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 7e19b9f3-801e-0003-59e1-5adbe1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 811657a22c805bdd-FRA

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
576 B 515ms
19ms XHR
application/json 37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
an-x-request-uuid: 8551dd22-e89b-476d-a5cb-0fa0871f3938
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zscaler.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 176.115.237.162; 176.115.237.162; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 74ms
43ms XHR
text/html 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
280 B 543ms
50ms XHR
text/html 95.101.111.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.178 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-178.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.zscaler.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: null
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1696516014921_35115186_152233106_23_874_1_182_219";dur=1
content-length: 4
expires: Thu, 05 Oct 2023 14:26:55 GMT

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 221ms
166ms Preflight 52.222.236.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-41.fra56.r.cloudfront.net
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: MVQjWhB5vHcEPhw=
date: Thu, 05 Oct 2023 14:26:54 GMT
vary: Access-Control-Request-Headers
via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
x-amz-cf-id: -sj_rizCbw0Vf8UvBsoaZaEz5vp_xWFcrWj4T_go1qrS-PBYDr-V_Q==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
567 B 437ms
437ms Fetch
application/json 52.222.236.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-41.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 420ff5cf1aa1cd863993bf232454b1cacc2f3d14cea46063ca8d92c715450abd

Request headers

Content-Type: application/json
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer e6609b6e9a1669129391
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
visited_url: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-powered-by: Express
etag: W/"cb-l4piTjjRmvgEVSz4fd8x0/NQRZE"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 203
apigw-requestid: MVQjaiydPHcEPgg=
x-amz-cf-id: YijWCfubQxkyo_Simx1TwukD-LzPU6sDxfzXijEtioK5WRBbiRR1rA==

GET
H2 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
455 B 567ms
75ms Image
image/gif 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1696516014084&cv=11&fst=1696514400000&bg=ffffff&guid=ON&async=1&gtm=45He3a20&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&frm=0&tiba=BunnyLoader%20%7C%20ThreatLabz&fmt=3&is_vtc=1&random=2531929053&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/973777747/ 42 B
108 B 558ms
76ms Image
image/gif 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973777747/?random=1696516014074&cv=11&fst=1696514400000&bg=ffffff&guid=ON&async=1&gtm=45He3a20&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&frm=0&tiba=BunnyLoader%20%7C%20ThreatLabz&fmt=3&is_vtc=1&random=988367431&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
208 B 19ms
18ms XHR
text/plain 142.250.185.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=958670622&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&ul=en-us&de=UTF-8&dt=BunnyLoader%20%7C%20ThreatLabz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAACAAI~&jid=1603251321&gjid=1289774452&cid=1886675628.1696516014&tid=UA-6177009-1&_gid=1918371418.1696516015&_slc=1&gtm=45He3a20n715SLZFK&z=1289804034

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
347 B 449ms
44ms XHR
text/plain 64.233.184.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-6177009-1&cid=1886675628.1696516014&jid=1603251321&gjid=1289774452&_gid=1918371418.1696516015&_u=YCDAiEABBAAAAGAAI~&z=2021832919

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.184.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f154.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 05 Oct 2023 14:26:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js
https://s.adroll.com/j/exp/index.js

28 B
785 B

65ms
65ms

Script
application/javascript

18.66.147.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Server: 18.66.147.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Amz-Version-Id: e6mCeG7.PAM9gYrIJBIXJohubS3UVCEK
Date: Wed, 04 Oct 2023 15:12:32 GMT
Via: 1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
Age: 83664
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Thu, 03 Aug 2023 18:30:18 GMT
Server: AmazonS3
Etag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: qQP4TW2WrXIlsik1alH7L-apy7F_GaXc90SQA01pf6CPPeVaKlImtQ==

Redirect headers

Date: Wed, 04 Oct 2023 15:47:41 GMT
Via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
Age: 81554
X-Amz-Cf-Pop: FRA60-P4
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: V2et82nwnV0v4QFLdSgCe9Pr-39OnIaBlRhMcKxLCNyggRyV5TqnlA==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

80ms
15ms

Script
application/javascript

18.66.147.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Protocol: HTTP/1.1
Server: 18.66.147.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date: Wed, 04 Oct 2023 15:20:56 GMT
Via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
Age: 83160
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: DIvCsvMoa-TQ3k6cdpf7XgQmL85iK6ICQV7-2Sgov5kBYEYkcPYCbg==

Redirect headers

Date: Wed, 04 Oct 2023 15:47:41 GMT
Via: 1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
Age: 81554
X-Amz-Cf-Pop: FRA60-P4
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 5Cx94kw-9GIM4CLFSkjzdNQa41OwkFcXbfNlivky-ZEWtauFcgTYyw==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/ 0
809 B 73ms
66ms Script
text/javascript 18.66.147.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Amz-Version-Id: HzZH.Pp93OdTPCELwnfOYaJ_DFSTO0.4
Date: Thu, 05 Oct 2023 13:41:14 GMT
Via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
Age: 2768
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Mon, 02 Oct 2023 12:01:59 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Zg5ttkKHOTBUEHB1iR2348KfQCtx5KzW-ohMBz5fkxRDhBENBfRedA==

GET
H2 200 1778897272132032 Show response
connect.facebook.net/signals/config/ 139 KB
36 KB 19ms
18ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1778897272132032?v=2.9.132&r=stable&domain=www.zscaler.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

be2a3d40a1b7755b29fbbab5db5e895bb1c83ab76903edc401eed68051b0b7d1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 05 Oct 2023 14:26:54 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 36620
x-xss-protection: 0
pragma: public
x-fb-debug: G5bT5BxmMRZZPe2Jru6ijEQyZ1OulD3Y1RWeAQd1ZkxzzLF/V2PCYWffdbQ0y9qdd2C30zmt8tysSxoUNgTUwA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
15 KB 20ms
20ms Script
application/x-javascript 2.21.20.155
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.20.155 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-21-20-155.deploy.static.akamaitechnologies.com

Software

Resource Hash

3ac17d461ee8b27503b79e7141b02cffef51873f0f27d5c18b4454ee16a0d97a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 01 Oct 2023 16:57:46 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=61215
accept-ranges: bytes
content-length: 14888

GET
H2 200 www.zscaler.com.json Show response
script.crazyegg.com/pages/data-scripts/0097/6635/site/ Frame 99AC 46 KB
7 KB 355ms
31ms XHR
application/json 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6635/site/www.zscaler.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46d7428c97ed0fb83bbbc425f803bad6f8a9554fe66cb7bd6177f0728441f07

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 4278
ce-version: 11.5.127
content-length: 6702
last-modified: Thu, 05 Oct 2023 13:15:37 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 811657a61ced2bb6-FRA

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 1 KB
907 B 132ms
45ms XHR
application/json 3.125.168.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.125.168.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-168-0.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 33a5fe9e24a7939056ef4553c1da06df8adf49abf06ec493d7a2fc6c65a82599

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
Authorization: Token 1dc729230d6b8d19bab5e6236d81f60c4dca0823
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
X-6s-CustomID: WebTag 6934ae2b-4c76-4229-97d0-8f637b004b88

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
content-length: 722

GET
H2 204 26354555.js Show response
bat.bing.com/p/action/ 0
116 B 45ms
45ms Script
text/plain 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/26354555.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

a-0001.a-msedge.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 05 Oct 2023 14:26:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3373354C715C4C149449F473F6A00277 Ref B: FRAEDGE1316 Ref C: 2023-10-05T14:26:54Z
x-cache: CONFIG_NOCACHE

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
461 B 135ms
134ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1696516014746&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&version=2.4
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 2334982
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdsxHjzIlSnS77qzzhIHs_1MUah9oRidTf1myLlcKEx33gNUZ1Or2BJWQ4SKrcN-hWmndalIhQ3DRfZACiLSCGU9y5EGf0wO
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Thu, 05 Oct 2023 15:26:55 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 292ms
291ms Image
image/gif 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=f6f7d9ae-3c1e-434a-8f56-83eceeffa2fc&session=cb794215-cf44-4b24-8dfd-4376257f2ce6&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2005%20Oct%202023%2014%3A26%3A54%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22ab9750bca4342498694e239e304dd3a9%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Oct%202023%2014%3A26%3A54%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%221dc729230d6b8d19bab5e6236d81f60c4dca0823%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Oct%202023%2014%3A26%3A54%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Oct%202023%2014%3A26%3A54%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Oct%202023%2014%3A26%3A54%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%226934ae2b-4c76-4229-97d0-8f637b004b88%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Oct%202023%2014%3A26%3A54%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Oct%202023%2014%3A26%3A54%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Oct%202023%2014%3A26%3A54%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22BunnyLoader%20features%20rapid%20iterations%2C%20anti-sandbox%20tactics%2C%20second-stage%20payload%20executions%2C%20keylogging%2C%20stealing%20capabilities%2C%20and%20remote%20execution.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BunnyLoader%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&pageViewId=2f724522-4a74-42f3-85ce-93650af71565&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.6

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 ULSJHTPGTZGY3EPPZSKHKS Show response
d.adroll.com/consent/check/ 495 B
981 B 743ms
81ms Script
application/javascript 54.76.203.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS?pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&_s=1401235b1428161ee1a7a784acfc1567&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.203.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-203-233.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: 2f2e399ed109a0d4a0b2b0f00ec7d2aa99c3dc2fd42f0720a38dfb35e30c8c6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-type: application/javascript
pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 495
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 387ms
37ms Preflight 3.125.168.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.125.168.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-168-0.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.zscaler.com
access-control-max-age: 1800
date: Thu, 05 Oct 2023 14:26:55 GMT
server: nginx

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 519ms
115ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1696516014746&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 14:26:55 GMT
expires: Thu, 05 Oct 2023 14:26:55 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdvVi3FmxylByuBnCXLI96vZznXs4krboJvlpT9784bO9SRQ0en25phEIMynCW6k54XMpODh14bvEsyMxV1oZwmyQSdIZVjh

GET
H2 200 c8ac64f9729b977ec34fc26849bfa380.js Show response
script.crazyegg.com/pages/versioned/commontransformations-scripts/ 121 KB
41 KB 107ms
77ms Script
text/javascript 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/c8ac64f9729b977ec34fc26849bfa380.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0442b8ebd40f3c8695ae69ccfb684a30ea77354f9871ff6c603b4a895c5fa293

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 19 Sep 2023 10:29:49 GMT
server: cloudflare
age: 260777
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 811657a6ba6e382c-FRA
content-length: 42178

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 444ms
12ms Image
text/plain 157.240.251.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&rl=&if=false&ts=1696516015144&sw=1600&sh=1200&v=2.9.132&r=stable&ec=0&o=30&fbp=fb.1.1696516015132.2053257379&cs_est=true&ler=empty&it=1696516014705&coo=false&exp=a0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-fra5.facebook.com

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 05 Oct 2023 14:26:55 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1696516015149&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1696516015149&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1696516015149%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblog...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1696516015149&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cookiesTest=true&liSyn...

0
398 B

115ms
115ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1696516015149&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cookiesTest=true&liSync=true
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 3EA7958FB00749E4A76F0BBEB2D24478 Ref B: FRAEDGE1112 Ref C: 2023-10-05T14:26:56Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYG+OqC9nL5YyztO0X4Tw==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 14:26:55 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYG+OqAq7PbPLT37p08KA==
pragma: no-cache
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 128D1CB3B06C427A869655F9E3FFBF8F Ref B: FRAEDGE1112 Ref C: 2023-10-05T14:26:56Z
x-frame-options: sameorigin
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1696516015149&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 69ms
68ms Image
image/gif 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-6177009-1&cid=1886675628.1696516014&jid=1603251321&_u=YCDAiEABBAAAAGAAI~&z=2110541202

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 pdst-events-prod-sink Show response
us-central1-adaptive-growth.cloudfunctions.net/ 2 B
123 B 215ms
214ms Fetch
text/html 216.239.36.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by: Host: cdn.pdst.fm
URL: https://cdn.pdst.fm/ping.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.36.54 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
content-encoding: gzip
server: Google Frontend
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 3fbc2fb8bce61b74d09235742593cf1f
cache-control: private
function-execution-id: vq4knv1lksv5
access-control-allow-headers: Content-Type, Accept
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame 0
0 568ms
135ms Preflight
text/html 216.239.36.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.36.54 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 22
content-type: text/html; charset=utf-8
date: Thu, 05 Oct 2023 14:26:55 GMT
function-execution-id: tpezowjjxzsg
server: Google Frontend
x-cloud-trace-context: d40fc1a9ef1d172d0702b38dc411f963

GET
H2 200 www.zscaler.com.json Show response
script.crazyegg.com/pages/data-scripts/0097/6635/sampling/ Frame 99AC 154 B
210 B 36ms
36ms XHR
application/json 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6635/sampling/www.zscaler.com.json?t=471254
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/c8ac64f9729b977ec34fc26849bfa380.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb0ca3b4e459c2227d36198de4c292505f287a534746cb3901c959fccb28a900

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 4278
ce-version: 11.5.127
content-length: 145
last-modified: Thu, 05 Oct 2023 13:15:37 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 811657a75e882bb6-FRA

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 85 KB
27 KB 685ms
69ms Script
application/javascript 104.16.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.136.15 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee9c6658d320d8aa8fbd3135debda38c8483fb11d91b733af4d63ab4bc5f8663

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 2572
x-guploader-uploadid: ADPycdteu1aCh6nz2D0kGirt_mytqSRUQLbCIDTcl98SeqTB-ku1ejr1XV7gxQ5w3whhkzlzIXGUPpxsbxZDe81pYKefQA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Sep 2023 05:31:59 GMT
server: cloudflare
etag: W/"70422a7b3dec4b912002b128eaa19667"
x-goog-hash: crc32c=/+Pg1Q==, md5=cEIqez3sS5EgArEo6qGWZw==
x-goog-generation: 1695101519658995
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 87428
cf-ray: 811657ab3f373624-FRA
expires: Thu, 05 Oct 2023 14:44:03 GMT

GET
H2 200 / Show response
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ 3 KB
2 KB 217ms
216ms Fetch
text/javascript 104.16.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.136.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

98380bf1929d231df06824ffcec5912a07d4ab2089a77c1a27035df43fce597c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
_vtok: MTc2LjExNS4yMzcuMTYy
_zitok: f5fd35e1b3ce656f77181696516015
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/javascript

Response headers

date: Thu, 05 Oct 2023 14:26:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
cf-ray: 811657ac285f3624-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 198ms
198ms Script
application/x-javascript 184.31.85.59
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-85-59.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 14:26:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Sat, 13 Jan 2024 14:26:55 GMT

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ Frame 0
0 763ms
150ms Preflight
text/html 104.16.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.136.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
access-control-allow-origin: https://www.zscaler.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 811657ab3ece8fd6-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 05 Oct 2023 14:26:56 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ Frame 99AC 19 B
463 B 338ms
13ms XHR
application/json 13.32.27.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/c8ac64f9729b977ec34fc26849bfa380.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-91.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 17 May 2023 09:46:59 GMT
via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 12199197
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: hVDLPNWAqvHA7MdAy5AtqFO_faicTaaZeUpBLHLw0JjQPetiQZdR4w==

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ Frame 99AC 19 B
387 B 338ms
14ms XHR
application/json 18.66.122.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/c8ac64f9729b977ec34fc26849bfa380.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-74.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 05 Nov 2022 03:10:02 GMT
via: 1.1 f7e6fd9466c5c2a3b15f0fb077de1afa.cloudfront.net (CloudFront)
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 28898214
etag: "d06f04fccf68d0b228a5923187ce1afd"
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 19
x-amz-cf-id: B5gbfcU66RE3VPMdPZU5pe2i2gz5kXeq535_lq1GZhPUABexhg0ukA==

GET
BLOB 200
OK ccf2afbf-cd94-4e63-85f7-620f7aeb1fa1
https://www.zscaler.com/ 45 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.zscaler.com/ccf2afbf-cd94-4e63-85f7-620f7aeb1fa1
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Length: 45
Content-Type: text/javascript

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_4076c50391dc25ee5135d900b5939610/ 0
21 B 520ms
215ms Script
application/javascript 18.153.4.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_4076c50391dc25ee5135d900b5939610/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_4076c50391dc25ee5135d900b5939610/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-153-4-44.eu-central-1.compute.amazonaws.com

Software

envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
server: envoy
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
content-length: 0

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_4076c50391dc25ee5135d900b5939610/ 168 KB
45 KB 503ms
199ms Script
application/javascript 18.153.4.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_4076c50391dc25ee5135d900b5939610/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_4076c50391dc25ee5135d900b5939610/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-153-4-44.eu-central-1.compute.amazonaws.com

Software

envoy /

Resource Hash

d5ef1f606a0e7736490da1c760d4ad95a34ecd586bda05511cac915e517bdea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: envoy
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600

POST
H2 200 create Show response
st.fullcircleinsights.com/v1/visitors/ 1 KB
2 KB 489ms
488ms XHR
application/json 143.204.215.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-101.fra53.r.cloudfront.net
Software: /
Resource Hash: 829c31f0dcb450d55fe5b683964f4ad77530f079f9bca92399eca48cc44efc72

Request headers

origin-fci: https://www.zscaler.com
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
js-version: 1.0.59
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
x-api-key: qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 05 Oct 2023 14:26:56 GMT
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-651ec7b0-121981ab1582e5117629f43d;Sampled=0;lineage=7c392b7c:0
x-amzn-requestid: 3c01fe1f-b4ab-4ca8-b7c6-a45006a92c7c
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
x-amz-apigw-id: MVQjnGLzPHcF_5w=
content-length: 1408
x-amz-cf-id: 0zjTLNwSgrq1Ir6S9nUqYg8jXMm03mEG31vE0rmNOYtlr2WgRMpnJg==

OPTIONS
H2 200 create
st.fullcircleinsights.com/v1/visitors/ Frame 0
0 740ms
440ms Preflight
application/json 143.204.215.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-101.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.zscaler.com
content-length: 1
content-type: application/json
date: Thu, 05 Oct 2023 14:26:56 GMT
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-amz-apigw-id: MVQjjGRevHcFmCA=
x-amz-cf-id: Ef2oFyWKHvLn4eL8m_GDJWQMGGCsDnvOJXijgsPTE0D7VzrAJR_g7Q==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 26b4dc00-32de-41ff-8b56-81bad429c30a
x-cache: Miss from cloudfront

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 2 KB
2 KB 57ms
56ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1696516015402&cv=11&fst=1696516015402&bg=ffffff&guid=ON&async=1&gtm=45be3a20&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&hn=www.googleadservices.com&frm=0&tiba=BunnyLoader%20%7C%20ThreatLabz&auid=26188319.1696516014&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

81afe6f844b1407a0d684fb31cb814fe9205f4a8952fd3f5615223c4a628023f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1344
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET is
54.156.2.105/ 0
0

GET
BLOB 200
OK 1b62fcc8-b2ce-4227-a52d-107051a7d877
https://www.zscaler.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.zscaler.com/1b62fcc8-b2ce-4227-a52d-107051a7d877
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET up
insight.adsrvr.org/track/ Frame 673C 0
0

POST
H/1.1 200
OK visitWebPage
306-zej-256.mktoresp.com/webevents/ 2 B
318 B 607ms
98ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1696516015465&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-zscaler.com-1696516015464-26302&_mchHo=www.zscaler.com&_mchPo=&_mchRu=%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 14:26:56 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 2f131a92-4fd1-4a41-81dc-017f735689da

GET
H2 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
108 B 24ms
23ms Image
image/gif 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1696516015402&cv=11&fst=1696514400000&bg=ffffff&guid=ON&async=1&gtm=45be3a20&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&frm=0&tiba=BunnyLoader%20%7C%20ThreatLabz&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2275115109&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:55 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 224ms
224ms Image
image/gif 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 tracking
lltrck.com/api/ 43 B
272 B 410ms
160ms Image
image/gif 3.216.46.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lltrck.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&referer=&fp=7baf2707f6c9eb56aee9c05ff91adfce

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.216.46.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-216-46-62.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 05 Oct 2023 14:26:55 GMT
strict-transport-security: max-age=2592000
server: Kestrel
content-length: 43
content-type: image/gif

GET
H2 200 clock Show response
tracking.crazyegg.com/ Frame 99AC 31 B
138 B 267ms
67ms XHR
text/plain 99.81.137.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1696516015675&tk=80f93ae68d664369d14c6654f4ff8042&s=366477&p=%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&u=976635&v=57cb6b22497c35bcc39ef77b7fd683f6dd374059&f=zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&ul=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/c8ac64f9729b977ec34fc26849bfa380.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.137.90 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-137-90.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 12e4e1e87ea86c56e16b848b1e2eede7833c56a70ea5ce4ce33ca21cc99a3bda

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 05 Oct 2023 14:26:55 GMT
cache-control: no-store
server: awselb/2.0
content-length: 31
content-type: text/plain

POST p
app.clearbit.com/v1/ 0
0

GET
H2 200 d9b6b28e3d84db3e4c966a5cf73af402.js Show response
script.crazyegg.com/pages/versioned/trackingpagestate-scripts/ 20 KB
8 KB 24ms
23ms Script
text/javascript 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/trackingpagestate-scripts/d9b6b28e3d84db3e4c966a5cf73af402.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86f2855487ee0f2a026de07b800d0a191f2d66723011cf5e7bddea4669037b33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 29 Sep 2023 18:29:14 GMT
server: cloudflare
age: 260774
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 811657abd957382c-FRA
content-length: 8025

GET
BLOB 200
OK 8cb78670-d1f8-4a51-a5c6-fd505d2ac27b
https://www.zscaler.com/ 256 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.zscaler.com/8cb78670-d1f8-4a51-a5c6-fd505d2ac27b
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 61957894cb0311c13294703d9c3be6d4232f06aed933880cf0fc01f9739daa3f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Length: 256
Content-Type: text/javascript

GET
H/1.1

200
OK

XYPZFM5QENHXRH7RBBI5PW.js Show response
s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/
Redirect Chain

https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%...
https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js

6 KB
3 KB

15ms
15ms

Script
text/javascript

18.66.147.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
Protocol: HTTP/1.1
Server: 18.66.147.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d8f74aa1a6511c753bfbeace923818198461752e585d71de63a219df6295d883

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Amz-Version-Id: JUVkbAiM63Mv3m1uZdm1rO8CvH8bBBeq
Content-Encoding: gzip
Via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
Date: Thu, 05 Oct 2023 14:18:54 GMT
Age: 859
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 12 Jul 2023 12:44:53 GMT
Server: AmazonS3
Etag: W/"dd059e74d8f29eb0c92022985439f660"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: MYV7CaWc23fRhgQS9R7Ky4bIc2Wtp1z4BlRbYK5A7Uo0930g1WPe4A==

Redirect headers

date: Thu, 05 Oct 2023 14:26:56 GMT
x-segment-display-name: Visitors to Unsegmented Pages
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
x-rule-type: p
content-length: 0
pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.22.1
x-rule: *
x-segment-eid: XYPZFM5QENHXRH7RBBI5PW
location: https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: 22OEOVE2YNFA3EKSRERISY
x-segment-name: *
x-advertisable-eid: ULSJHTPGTZGY3EPPZSKHKS
x-conversion-currency

POST
H2 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 321 B
472 B 148ms
148ms Fetch
application/json 104.16.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.136.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
Authorization: bearer 370c892e688e1744cd312ed1426b3a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 05 Oct 2023 14:26:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
etag: W/"141-mLq6O+j3ZcyvZxAx4AvrvpOh24w"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
cf-ray: 811657ad197c3624-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
alt-svc: h3=":443"; ma=86400

GET
H2 200 661bb7e9d0e0abee5d7403d3d65553a1.js Show response
script.crazyegg.com/pages/versioned/tracking-scripts/ 98 KB
32 KB 34ms
34ms Script
text/javascript 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/tracking-scripts/661bb7e9d0e0abee5d7403d3d65553a1.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2182476b2f19b36cc23e9bbdb2dd97b84f4d6eddabc117e374b893fe3cd8cdc5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:56 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 18 Sep 2023 09:40:38 GMT
server: cloudflare
age: 260775
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 811657ac39d1382c-FRA
content-length: 32149

OPTIONS
H2 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 141ms
140ms Preflight
text/html 104.16.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.136.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.zscaler.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 811657ac38128fd6-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 05 Oct 2023 14:26:56 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 8 KB
3 KB 13ms
13ms Script
text/javascript 18.66.147.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: d.adroll.com
URL: https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cookie=&adroll_s_ref=&keyw=&p0=5475
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 203987ff8bd021893a06303e163eeb294647081d8376b725bdacbc414cc4d035

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Amz-Version-Id: kaomAQKNRR_7Pb.3Bms_Xue6LaAItEu.
Content-Encoding: gzip
Via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
Date: Thu, 05 Oct 2023 14:25:51 GMT
Age: 70
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 21 Jun 2023 16:22:01 GMT
Server: AmazonS3
Etag: W/"4a64112c69b3c4b3f104f38d9547a094"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 68YgOce_1Vmv8rPBkOGMtvxQMdmoiRP2qIw6oxHZRGCxqy-aVkqCAg==

GET
H2 200 476377582537549 Show response
connect.facebook.net/signals/config/ 131 KB
35 KB 21ms
21ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/476377582537549?v=2.9.132&r=stable&domain=www.zscaler.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

d37fc15e2982cb0611f5c1fa7092aee2f393650d9cf7d0411f77105eec86058c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 05 Oct 2023 14:26:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 34826
x-xss-protection: 0
pragma: public
x-fb-debug: slWBLfBXlzaPZ+ByWXMXT20fkqlVB6KNqiiXWRP88YrcZTRtpi9v3P3C3c3NwY2cGZ2qQhmNvShqLYIkD+mtLA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET

sync
x.bidswitch.net/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-ma...
https://x.bidswitch.net/sync?dsp_id=44&user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E

0
0

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-ma...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=nZkPCUKZvwof8eT17gLVOg
https://d.adroll.com/cm/g/in

42 B
552 B

34ms
34ms

Image
image/gif

54.76.203.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Server: 54.76.203.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-203-233.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:56 GMT
server: nginx/1.22.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://d.adroll.com/cm/g/in
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newes...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expiration=1728052016
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expiration=1728052016&C=1

43 B
346 B

27ms
27ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expiration=1728052016&C=1
Protocol: H2
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:56 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GIG7qI6toK52qWYHQe71%2FQNQKrINPZKccyU8HCFz6JHQoR5c%2BjXPTfVLLzZn7qf7wIgEQnKD8D2Xncw%2BEuoTBemtgML3N%2F9mfYvpL8mdDy%2FoxvL49FNS%2F23RXYZaDiXyy%2F1hyi9rf%2FbGBA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811657aebc0d4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:56 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FAkb8VRqAMWikGEs3Y7qRwHG9VP7YT%2Boa3UIqlZbz5DsudiOqRwxpE5b1Tl4%2B5Xbn82tpG3uy6hmJHu0kvDIPNScGI%2BIp%2Fdk%2F5q%2BzwOJFM4tN0VaRIwiAKS8tCjxEQka725VzL15LSh%2Bcw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=105&external_user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expiration=1728052016&C=1
cache-control: no-cache
cf-ray: 811657ae8bdb4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-ma...
https://idsync.rlcdn.com/377928.gif?partner_uid=9d990f094299bf0a1ff1e4f5ee02d53a

0
0

GET

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-ma...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expires=365

0
0

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-ma...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=9d990f094299bf0a1ff1e4f5ee02d53a&gdpr=0&gdpr_consent=
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=9d990f094299bf0a1ff1e4f5ee02d53a&gdpr=0&gdpr_consent=

43 B
171 B

40ms
39ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=9d990f094299bf0a1ff1e4f5ee02d53a&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:56 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=9d990f094299bf0a1ff1e4f5ee02d53a&gdpr=0&gdpr_consent=
date: Thu, 05 Oct 2023 14:26:56 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-ne...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=&us_privacy=1---

0
145 B

442ms
93ms

Image
text/plain

70.42.32.95
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=&us_privacy=1---
Protocol: HTTP/1.1
Server: 70.42.32.95 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 14:26:56 GMT
Cache-Control: no-cache
X-TraceId: 5f14fbd4a67f41ca0f524577a9693c81
Content-Length: 0

Redirect headers

location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=&us_privacy=1---
pragma: no-cache
date: Thu, 05 Oct 2023 14:26:56 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 137
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-ne...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXy...

0
0

GET

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-ma...
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
0

GET

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-new...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E

0
0

GET

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-...
https://eb2.3lift.com/xuid?mid=4714&xuid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&dongle=c85e

0
0

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=eb9ef0154fd06439ae346521ea4a6429-1696516016012&pv=2590406510.769494&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-ma...
https://ib.adnxs.com/setuid?entity=172&code=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DOWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E

43 B
921 B

21ms
21ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DOWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:56 GMT
an-x-request-uuid: dbcaf7eb-f82b-4a57-be52-eee9ac555dc6
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 176.115.237.162; 176.115.237.162; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:56 GMT
an-x-request-uuid: a68bba29-25ef-4631-9c3b-3f2b3b6c8668
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DOWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E
cache-control: no-store, no-cache, private
x-proxy-origin: 176.115.237.162; 176.115.237.162; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 in
d.adroll.com/cm/mk/ULSJHTPGTZGY3EPPZSKHKS/ 42 B
517 B 82ms
78ms Image
image/gif 54.76.203.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/mk/ULSJHTPGTZGY3EPPZSKHKS/in?id=id%3A306-ZEJ-256%26token%3A_mch-zscaler.com-1696516015464-26302
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.203.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-203-233.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 05 Oct 2023 14:26:56 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 11ms
10ms Image
text/plain 157.240.251.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=476377582537549&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&rl=&if=false&ts=1696516016339&cd[segment_eid]=XYPZFM5QENHXRH7RBBI5PW&sw=1600&sh=1200&v=2.9.132&r=stable&ec=0&o=29&fbp=fb.1.1696516015132.2053257379&ler=empty&it=1696516014705&coo=false&dpo=LDU&dpoco=0&dpost=0&exp=a0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-fra5.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 05 Oct 2023 14:26:56 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
196 B 117ms
116ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 05 Oct 2023 14:26:55 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 3F9011CB6F8D4F098A0AC284FB7502F2 Ref B: FRAEDGE1112 Ref C: 2023-10-05T14:26:56Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.zscaler.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYG+OqE/rJ4XlrkcWFIIA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 215ms
215ms Image
image/gif 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:56 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 queue Show response
st.fullcircleinsights.com/v1/visits/ 2 KB
2 KB 522ms
520ms XHR
application/json 143.204.215.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-101.fra53.r.cloudfront.net
Software: /
Resource Hash: 8eb41584b7317933a03de640a651d28d67879247601df4708a78462518d8cbe1

Request headers

origin-fci: https://www.zscaler.com
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
js-version: 1.0.59
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
x-api-key: qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 05 Oct 2023 14:26:57 GMT
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-651ec7b1-5b16dd6c7ba93811412d1cd9;Sampled=0;lineage=adebd93c:0
x-amzn-requestid: af2b5c65-653c-46f0-950a-523b9fa0a4d8
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
x-amz-apigw-id: MVQjxFShPHcF7uw=
content-length: 2033
x-amz-cf-id: iE3W7brmCXonuEsYj7NLgyiQdzBykQDji3peKWXNQ1zWwjqlLwGGQw==

OPTIONS
H2 200 queue
st.fullcircleinsights.com/v1/visits/ Frame 0
0 461ms
461ms Preflight
application/json 143.204.215.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-101.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.zscaler.com
content-length: 1
content-type: application/json
date: Thu, 05 Oct 2023 14:26:56 GMT
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-amz-apigw-id: MVQjsHvcvHcFZeA=
x-amz-cf-id: OhB4pH1U-uiqw_vRXBoozuyBgOAP61dxR7fYTOYXpjbdpDGy4TJEmw==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: bccee259-df92-4d34-9441-72c53faa760e
x-cache: Miss from cloudfront

GET
H2 200 app.js Show response
acsbapp.com/apps/app/dist/js/ 750 KB
220 KB 478ms
136ms Script
application/javascript 104.22.0.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acsbapp.com/apps/app/dist/js/app.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.0.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb1716d6ddc1ffb2aa84bca299ebcff6c9685820595c9d24aad1c3d6647f8f29

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:58 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-guploader-uploadid: ADPycdtMSWr0XtFhIWSfieAJrvnzoBD0fjYUGu60NrriVyDYzc7eFcm7vq1FiyWGJg31r2jO9bCJUKzrInuT2kC1hiqc
x-goog-storage-class: STANDARD
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Thu, 21 Sep 2023 09:44:16 GMT
server: cloudflare
etag: W/"d92721be7cf39b11c5d6e09610aadaeb"
vary: Accept-Encoding
x-goog-hash: crc32c=uCZ0pg==, md5=2SchvnzzmxHF1uCWEKra6w==
x-goog-generation: 1695289456172111
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=300, must-revalidate
x-goog-stored-content-length: 768448
cf-ray: 811657b7f960921f-FRA
expires: Fri, 04 Oct 2024 14:26:57 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 221ms
220ms Image
image/gif 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:57 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 config.json Show response
cdn.acsbapp.com/config/zscaler.com/ 162 B
718 B 501ms
169ms Fetch
application/json 104.22.0.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acsbapp.com/config/zscaler.com/config.json
Requested by: Host: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.0.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5ee79971cefa94a9b6e5696f072a4de800aad1e59b1cc93d69992df6f4d50e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:58 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-guploader-uploadid: ADPycduSX2IcT2GqBVcY55ZlT_mOMaOaxrMdY3o36K2O-g4LvwtdcQ1dqkQWu8OScP2sHKHDxM6gHNtSTovKYU4DnzT2DA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Thu, 14 Sep 2023 04:28:32 GMT
server: cloudflare
etag: W/"b5c4522ebd030a26d968a82da24268ab"
vary: Accept-Encoding
x-goog-generation: 1694665712559286
content-type: application/json
access-control-allow-origin: *
x-goog-hash: crc32c=yjRU1Q==, md5=tcRSLr0DCibZaKgtokJoqw==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=300, must-revalidate
x-goog-stored-content-length: 162
cf-ray: 811657bba8d49b7a-FRA
expires: Fri, 04 Oct 2024 14:26:58 GMT

GET st
px.mountain.com/ 0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 504ms
504ms Image
image/gif 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:58 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 17ms
15ms Ping
text/plain 216.239.38.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je3a20&_p=958670622&cid=1886675628.1696516014&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1696516014&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&dt=BunnyLoader%20%7C%20ThreatLabz&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 14:26:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 288ms
216ms Image
image/gif 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:26:59 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 223ms
222ms Image
image/gif 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:27:00 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 227ms
227ms Image
image/gif 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:27:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 253ms
252ms Image
image/gif 23.213.161.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-224.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:27:02 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 54.156.2.105
URL: https://54.156.2.105/is

Domain: insight.adsrvr.org
URL: https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&upid=27hmsyx&upv=1.1.0

Domain: app.clearbit.com
URL: https://app.clearbit.com/v1/p

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E

Domain: idsync.rlcdn.com
URL: https://idsync.rlcdn.com/377928.gif?partner_uid=9d990f094299bf0a1ff1e4f5ee02d53a

Domain: pixel.rubiconproject.com
URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expires=365

Domain: image2.pubmatic.com
URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Domain: ups.analytics.yahoo.com
URL: https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Domain: sync.taboola.com
URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E

Domain: eb2.3lift.com
URL: https://eb2.3lift.com/xuid?mid=4714&xuid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&dongle=c85e

Domain: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=UA-6177009-1%3BG-10SPJ4YJL9&ga_client_id=1886675628.1696516014&shpt=BunnyLoader%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22One%20or%20more%20failures%22%2C%22ga_tracking_id%22%3A%22UA-6177009-1%3BG-10SPJ4YJL9%22%2C%22ga_client_id%22%3A%221886675628.1696516014%22%2C%22shpt%22%3A%22BunnyLoader%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221696516014.1%22%2C%22dcm_gid%22%3A%221918371418.1696516015%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A29%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1696516014.1&dcm_gid=1918371418.1696516015&available_ga=%5B%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221696516014%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cb=52830886897095300term%3Dvalue&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Clanguage%3Den&shoid=%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service

Verdicts & Comments Add Verdict or Comment

144 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

52 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.zscaler.com/	1970-01-20 17:24:52	Name: _gcl_au Value: 1.1.26188319.1696516014
.zscaler.com/	1970-01-21 00:51:16	Name: _ga_10SPJ4YJL9 Value: GS1.1.1696516014.1.0.1696516014.60.0.0
.zscaler.com/	1970-01-21 00:00:52	Name: _biz_uid Value: 08c1d41df9894c0a8da610872fce5fa8
.zscaler.com/	1970-01-20 15:15:17	Name: _biz_sid Value: fb5bc
.zscaler.com/	1970-01-21 00:00:52	Name: _biz_nA Value: 1
.zscaler.com/	1970-01-21 00:00:52	Name: _biz_pendingA Value: %5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D08c1d41df9894c0a8da610872fce5fa8%26_biz_s%3Dfb5bc%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fbunnyloader-newest-malware-service%26_biz_t%3D1696516014364%26_biz_i%3DBunnyLoader%2520%257C%2520ThreatLabz%26_biz_n%3D0%26rnd%3D191512%22%5D
.www.zscaler.com/	1970-01-21 00:00:52	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Oct+05+2023+16%3A26%3A54+GMT%2B0200+(Central+European+Summer+Time)&version=6.39.0&isIABGlobal=false&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0&hosts=H36%3A1%2CH59%3A1%2CH109%3A1%2CH45%3A1%2CH46%3A1%2CH100%3A1%2CH82%3A0%2CH106%3A0%2CH116%3A0%2CH4%3A0%2CH102%3A0%2CH76%3A0%2CH103%3A0%2CH60%3A0%2CH96%3A0%2CH20%3A0%2CH22%3A0%2CH97%3A0%2CH98%3A0%2CH108%3A0%2CH65%3A0%2CH83%3A0%2CH110%3A0%2CH111%3A0%2CH112%3A0%2CH114%3A0%2CH101%3A0%2CH52%3A0%2CH104%3A0%2CH105%3A0%2CH14%3A0%2CH15%3A0%2CH17%3A0%2CH113%3A0%2CH115%3A0&genVendors=
.zscaler.com/	1970-01-21 00:51:16	Name: _ga Value: GA1.2.1886675628.1696516014
.zscaler.com/	1970-01-20 15:16:42	Name: _gid Value: GA1.2.1918371418.1696516015
.zscaler.com/	1970-01-20 15:15:16	Name: _dc_gtm_UA-6177009-1 Value: 1
.techtarget.com/	1970-01-20 15:15:17	Name: __cf_bm Value: RtPM8st0GsD8bKULxamLiXmIlpBH2G4M8dU7gzFM0es-1696516014-0-AV8uVda4fHeKc5AuujVH4pUzYQJMUD795Wsv/QAhjeRS/3v1JGXqbO3g0m9i55+O0gAwFqfP/TruNp5J3zOKh2s=
.zscaler.com/	1970-01-20 15:16:42	Name: _uetsid Value: 3ba67cd0638b11ee96d8c93cbcda3baf
.zscaler.com/	1970-01-21 00:36:52	Name: _uetvid Value: 3ba6a6f0638b11ee930aabd3e49adb72
www.zscaler.com/	1970-01-21 00:51:16	Name: _gd_visitor Value: f6f7d9ae-3c1e-434a-8f56-83eceeffa2fc
www.zscaler.com/	1970-01-20 15:15:30	Name: _gd_session Value: cb794215-cf44-4b24-8dfd-4376257f2ce6
.zscaler.com/	1970-01-20 17:24:52	Name: _fbp Value: fb.1.1696516015132.2053257379
www.zscaler.com/	1970-01-20 15:25:20	Name: _an_uid Value: 0
www.zscaler.com/	1970-01-21 00:00:52	Name: __pdst Value: f304b4b501a64a48bb052f04676c3380
.www.zscaler.com/	1970-01-21 00:51:16	Name: _zitok Value: f5fd35e1b3ce656f77181696516015
.zscaler.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.zscaler.com/	1970-01-21 00:00:52	Name: _ce.s Value: v~57cb6b22497c35bcc39ef77b7fd683f6dd374059~lcw~1696516015316~vpv~0~lcw~1696516015319
.zscaler.com/	1969-12-31 23:59:59	Name: _fcdscst Value: MTY5NjUxNjAxNTM1OQ==
.6sc.co/	1970-01-21 00:51:16	Name: 6suuid Value: e0a0d5175c2b0b00afc71e65bb010000f79d2c00
.zscaler.com/	1970-01-21 00:51:16	Name: _mkto_trk Value: id:306-ZEJ-256&token:_mch-zscaler.com-1696516015464-26302
.doubleclick.net/	1970-01-21 00:51:16	Name: IDE Value: AHWqTUkns83D5iVJjKdms-OZGLLVDJR3yJb1KK9A2OSvjRpTbc-mtdzN7gWHXioF
.zscaler.com/	1970-01-20 15:16:42	Name: _ce.clock_event Value: 1
.zscaler.com/	1970-01-21 00:00:52	Name: cb_user_id Value: null
.zscaler.com/	1970-01-21 00:00:52	Name: cb_group_id Value: null
.zscaler.com/	1970-01-21 00:00:52	Name: cb_anonymous_id Value: %226b4e4964-43bf-404d-a485-e79e380a6f53%22
.zoominfo.com/	1970-01-20 15:15:17	Name: __cf_bm Value: eL7VbYDKVxqaOrJILIUN67Rgv84yMz_sJbXu1Tbcmm4-1696516015-0-ASWpv/D2LuHZ/v5bnJzXmdOQMMBdE8AOCsb/cIGZ4L/4T4inSM6ON0zUolziWosa9pvsURj21y87QcXfPTL0dpM=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: bPmqPvgedMXZXllUmROAku8qYq22GiP6ZEyM_RW_nqU-1696516015908-0-604800000
.zscaler.com/	1970-01-20 15:16:42	Name: _ce.clock_data Value: 48%2C176.115.237.162%2C1%2C8e5269e98501ac65ff2ab303e742fcb1
.zscaler.com/	1970-01-21 00:00:52	Name: _CEFT Value: Q%3D%3D%3D
.zscaler.com/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.linkedin.com/	1970-01-20 17:24:52	Name: li_sugr Value: 0d50798f-410a-4c49-93e9-d6dbba41c5e3
.linkedin.com/	1970-01-21 00:00:52	Name: bcookie Value: "v=2&56bf84bd-b3fb-465c-8546-df622e24fac2"
.linkedin.com/	1970-01-20 15:16:42	Name: lidc Value: "b=VGST01:s=V:r=V:a=V:p=V:g=3010:u=1:x=1:i=1696516015:t=1696602415:v=2:sig=AQGT-p1l0C93dG0IoTPuHR-FUph5-uru"
.www.zscaler.com/	1970-01-21 00:01:13	Name: __adroll_fpc Value: eb9ef0154fd06439ae346521ea4a6429-1696516016012
lltrck.com/	1970-01-21 00:00:52	Name: trackalyzer Value: ca1237de-1bee-4039-b353-d8fbf631c2fa
.linkedin.com/	1970-01-20 15:58:28	Name: UserMatchHistory Value: AQKm2zAUYsfwUAAAAYsAPAfqxUOfNGEOmm8U8wMx0OHd7rWlErOLVHbRcEjSTc86XuBJtAeab9x-iA
.linkedin.com/	1970-01-20 15:58:28	Name: AnalyticsSyncHistory Value: AQIQy6TJ6dNzCgAAAYsAPAfqJRZJjTU732rY1rujvlt_LOYhts1YMVi9IF-LAkxSARWJsOY-BFqRLLaznm_k-g
.www.linkedin.com/	1970-01-21 00:00:52	Name: bscookie Value: "v=1&20231005142656972bb0c5-1ddb-4391-8122-b79dd654fddaAQH3P7-GrSDfJVfp3CbkPhemhYBGb0WJ"
.www.zscaler.com/	1970-01-21 00:00:52	Name: __ar_v4 Value: %7CULSJHTPGTZGY3EPPZSKHKS%3A20231004%3A1%7C22OEOVE2YNFA3EKSRERISY%3A20231004%3A1%7CXYPZFM5QENHXRH7RBBI5PW%3A20231004%3A1
.adnxs.com/	1970-01-20 17:24:52	Name: uuid2 Value: 5409185281213936415
.adnxs.com/	1970-01-20 17:24:52	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2Il]mVEH-!]tbPl@/@8$-^=$UfZFlX[-Ix?r-?x`]nCy`Z=<nE=mcEBEiI.BI8B(Yl`8MF]w(!XZ<US]5)NmmciB+bpRzqF1`b^wN-1an
.casalemedia.com/	1970-01-21 00:00:52	Name: CMID Value: ZR7HsEO97hwDWOzudLbI.QAA
.casalemedia.com/	1970-01-20 17:24:52	Name: CMPS Value: 3269
.casalemedia.com/	1970-01-20 17:24:52	Name: CMPRO Value: 3269
.d.adroll.com/	1970-01-21 00:44:04	Name: __adroll Value: 9d990f094299bf0a1ff1e4f5ee02d53a-g_1696516016-a_1696516015
.adroll.com/	1970-01-21 00:44:04	Name: __adroll_shared Value: 9d990f094299bf0a1ff1e4f5ee02d53a-g_1696516016-a_1696516015
.openx.net/	1970-01-21 00:00:52	Name: i Value: 6f9fa647-e61b-4bbb-a866-109c51eddf8b\|1696516016
.zscaler.com/	1970-01-21 00:51:16	Name: _fcdscv Value: eyJDdXN0b21lcklkIjoiNzMxYzMxNmEtYzQ2ZS00YTk0LTgxYTktN2NmYzBlYTBkNTNlIiwiVmlzaXRvciI6eyJFbWFpbCI6bnVsbCwiRXh0ZXJuYWxWaXNpdG9ySWQiOiI0ZDU0MzA3NS05ZjljLTQ5ZWMtODIyNC0yM2RmZTFkY2QyMjIifSwiVmlzaXRzIjpbXSwiQWN0aXZpdGllcyI6W10sIkRpYWdub3N0aWNNZXNzYWdlIjpudWxsfQ==

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://app.clearbit.com/v1/p Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&expires=365 Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://idsync.rlcdn.com/377928.gif?partner_uid=9d990f094299bf0a1ff1e4f5ee02d53a Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://eb2.3lift.com/xuid?mid=4714&xuid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&dongle=c85e Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=OWQ5OTBmMDk0Mjk5YmYwYTFmZjFlNGY1ZWUwMmQ1M2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://px.mountain.com/st?ga_tracking_id=UA-6177009-1%3BG-10SPJ4YJL9&ga_client_id=1886675628.1696516014&shpt=BunnyLoader%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22One%20or%20more%20failures%22%2C%22ga_tracking_id%22%3A%22UA-6177009-1%3BG-10SPJ4YJL9%22%2C%22ga_client_id%22%3A%221886675628.1696516014%22%2C%22shpt%22%3A%22BunnyLoader%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221696516014.1%22%2C%22dcm_gid%22%3A%221918371418.1696516015%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A29%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1696516014.1&dcm_gid=1918371418.1696516015&available_ga=%5B%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221696516014%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service&cb=52830886897095300term%3Dvalue&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Clanguage%3Den&shoid=%2Fblogs%2Fsecurity-research%2Fbunnyloader-newest-malware-service Message: Failed to load resource: net::ERR_CONNECTION_CLOSED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

306-zej-256.mktoresp.com
54.156.2.105
acsbapp.com
analytics.google.com
app.clearbit.com
assets-tracking.crazyegg.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.acsbapp.com
cdn.bizible.com
cdn.cookielaw.org
cdn.pdst.fm
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d2i34c80a0ftze.cloudfront.net
dsum-sec.casalemedia.com
dx.mountain.com
eb2.3lift.com
epsilon.6sense.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ib.adnxs.com
ibc-flow.techtarget.com
idsync.rlcdn.com
image2.pubmatic.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.zi-scripts.com
lltrck.com
munchkin.marketo.net
netlify-rum.netlify.app
pagestates-tracking.crazyegg.com
pixel.rubiconproject.com
px.ads.linkedin.com
px.mountain.com
s.adroll.com
script.crazyegg.com
secure.adnxs.com
snap.licdn.com
st.fullcircleinsights.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.sf14g.com
tag.clearbitscripts.com
tracking.crazyegg.com
trk.techtarget.com
ups.analytics.yahoo.com
us-central1-adaptive-growth.cloudfunctions.net
us-u.openx.net
ws-assets.zoominfo.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
www.zscaler.com
x.bidswitch.net
x.clearbitjs.com
54.156.2.105
app.clearbit.com
eb2.3lift.com
idsync.rlcdn.com
image2.pubmatic.com
insight.adsrvr.org
pixel.rubiconproject.com
px.mountain.com
sync.taboola.com
ups.analytics.yahoo.com
x.bidswitch.net
104.16.136.15
104.18.130.236
104.18.27.193
104.18.28.74
104.18.29.74
104.18.36.196
104.19.148.8
104.22.0.204
108.138.15.119
108.138.7.95
13.107.42.14
13.32.27.91
142.250.184.196
142.250.185.142
142.250.185.98
143.204.215.101
143.204.215.36
152.195.15.58
157.240.251.35
157.240.251.9
172.217.18.8
172.64.155.119
18.153.4.44
18.66.122.74
18.66.147.101
184.31.85.59
192.28.144.124
2.21.20.155
204.79.197.200
216.239.36.54
216.239.38.181
216.58.206.34
23.213.161.224
3.125.168.0
3.216.46.62
34.111.208.231
35.244.142.80
35.244.159.8
37.252.173.215
52.222.236.41
52.58.254.253
52.7.151.245
54.76.203.233
64.233.184.154
70.42.32.95
95.101.111.178
99.81.137.90
029b26f8121f14889b98ac012ec687039b9c5f3091e8245490eb8732f805e3ca
02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b
03de655268aee1735f4e61f140be049fa39d06bbb488e0a00e7a98a2718fb4b2
0442b8ebd40f3c8695ae69ccfb684a30ea77354f9871ff6c603b4a895c5fa293
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c11b82bff1442d763e6eb3621e6c33bec23eb7230023caf9079b40cb9d02031
0e7ad47a4bc6ddbb17cb8cbe6167dae4717d0b5962a1d63de2e93e6dc201b9e8
11a8bbfd193f5e9127191cea897f907518b910553b4cb8bec9cb359c0124ccfd
11b5a686821421ce0fb1ce577bde13f68a92cf49fdedd639a8b0551372c64074
12e4e1e87ea86c56e16b848b1e2eede7833c56a70ea5ce4ce33ca21cc99a3bda
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
19cd0dc7c72395c3b78c3926e6281b07d1e009dcf829e654c83bd24d047ffd8a
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
203987ff8bd021893a06303e163eeb294647081d8376b725bdacbc414cc4d035
2182476b2f19b36cc23e9bbdb2dd97b84f4d6eddabc117e374b893fe3cd8cdc5
257ef1b7dd06f88a465e5badb58c57b62cf678d7618ecc2929aa3b428e848122
258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26786094f79c9105634e05c0ce354b776d226519b2c372d63f4974b9c1abbe48
28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f2e399ed109a0d4a0b2b0f00ec7d2aa99c3dc2fd42f0720a38dfb35e30c8c6c
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
321dd7db609a2d7a4cb41dfcb4f8a6734e00d6bedeffea72df73e1dc091b37e6
33a5fe9e24a7939056ef4553c1da06df8adf49abf06ec493d7a2fc6c65a82599
3a93e26b757812a5d19e3a75a2fd16462fc826f01078bbe973cb84f4c172ce26
3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4
3ac17d461ee8b27503b79e7141b02cffef51873f0f27d5c18b4454ee16a0d97a
3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34
3f567b9f4adac07f91ed47407a28d1d0340037c00dbadcc61fa5720e01962f29
420ff5cf1aa1cd863993bf232454b1cacc2f3d14cea46063ca8d92c715450abd
4267d32a59156bafd580f07dc472b45c2594c779b8098747ce396d1d1b7c08ee
453d1d7e123dbb1eb52bd8bcea12a17ed52a2362bf5b6a7fa629ba720a0e6f41
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f8dbb0c1da244adb7958e5993a569905651c2664432a7a774c1e3661a213d0f
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56b4fa3a6275dd5e2d4ad2e05d52d82bd4b11bea82e5fdd5d0a7cdf041f8b993
5bdc6b3655532dfc2d519924d65686ac9934358efd08cda36b063ac63809d3fd
5e28ae580be11acb4e7b88ba1f25771013dfefb03d79f8761ba0eb7b3bdee3c3
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
61957894cb0311c13294703d9c3be6d4232f06aed933880cf0fc01f9739daa3f
65c25b225b014ed8ec34579c3d636c0c469ceac68c0d5f3e49ccca778b6c2fab
6635c7a8c9340a594fe3030b37828f0bcc792414b520f48f3e8b566e78e8239e
66e801071d61726e0e2f6d0344dd6cca6746000b5f07d6d9ded39248dd06633e
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
69fe3a3cb8e52c9522e1317a41bfda30f19e6c199fb84c66f083cd9e35e46442
6b171db7ca7ffee17e14f5d432d37e4ec87d6e7a5ce361670e329f705ee34364
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
773a4525e2a9ce52689427392e4f9b222b25159e4c97386078fbeff07965369f
79e4c7ae4935ffccf99e5f7e878bd26041f9b26e242371fa2b9a0d25e828010a
7ace24b38f86556fd1ad49b43856a00f1cdee0d86c8c23ca1d34cb790f8210a2
7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c
805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65
81aaff1d8cab0873e7f8fd680783676eda2e4f25a4cd847b44e24fc7775b24ed
81ab02c6d40fb1e29a0b2766561bb92e9beb010f5c659dfb81eb1c863e2a5f2c
81afe6f844b1407a0d684fb31cb814fe9205f4a8952fd3f5615223c4a628023f
829c31f0dcb450d55fe5b683964f4ad77530f079f9bca92399eca48cc44efc72
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
86e997a90e6cc4bbe6b0927dacd313ed69a5a330d5e2b30c802a01af8e3800a9
86f2855487ee0f2a026de07b800d0a191f2d66723011cf5e7bddea4669037b33
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723
8eb41584b7317933a03de640a651d28d67879247601df4708a78462518d8cbe1
9194024c45e9645268fca98c11f83b4356d3edbcdcec9512d179a5a52f0bc312
98380bf1929d231df06824ffcec5912a07d4ab2089a77c1a27035df43fce597c
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1
a3cfbdf99270e24c2b75949272e4f548a74a7aa9dbc3eeb4cbffd443b167fbef
a909387d9a8e4002ad81348f2577b0461b2a70899b74937921e93716cf4a10d8
aa2b8282a1438a0e53971aa29a5c54f2911a3cb79b44cc20f8521ead150c458f
b109e80c656782e4836c8712e3a36f5699e443e80f05135485b808406edc17f6
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b481c8954946825cb226260243c13daed357819760acc0bd38e0593a7a24a98d
b74934da59a4a9f969cee930e53ac5f7e55a058db68f07501faaa2486d056daf
bb0ca3b4e459c2227d36198de4c292505f287a534746cb3901c959fccb28a900
be0db9e6d91eb7e3237a4fe419cb085d990f8a70a009c3469d468d84e71bf986
be2a3d40a1b7755b29fbbab5db5e895bb1c83ab76903edc401eed68051b0b7d1
beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac
c1117f11a0f8f25b894255b5d906a8849141e16e2fb4e0a981f7f092459211d6
c25c0404cd425a831870554b1fd9ace3825cbb08dc56acab61efe80d1cf4b2e6
c27f707b032aed49a39b643702d3a86e4b047f3672ca36588a928bc7ca456d61
c365a59132dd34b492cb3a77d534078dd35cbbf75dbb2eabbe328642b74a291b
c630fd06ab981a72bc75eabb81827ad5a0e1ebb899e0e80466284e380610ee37
c7cfd5dc386d092ab9afb5af683856ed88121e55e6bf1024333c3151ccc46e36
caf78a8cea3e3bab59968caee028d3201a25de2856b42034490d4df184eaab6c
cb1716d6ddc1ffb2aa84bca299ebcff6c9685820595c9d24aad1c3d6647f8f29
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342
d2222466a042efc035b83df0678351fab8a97ae1d9691b5209ac7880314eb02b
d37fc15e2982cb0611f5c1fa7092aee2f393650d9cf7d0411f77105eec86058c
d43b25c0ef488f3f361c0aa0ce5b9168a0feb1005710e61a55391ae2d1dc3ad2
d5ee79971cefa94a9b6e5696f072a4de800aad1e59b1cc93d69992df6f4d50e3
d5ef1f606a0e7736490da1c760d4ad95a34ecd586bda05511cac915e517bdea4
d8f74aa1a6511c753bfbeace923818198461752e585d71de63a219df6295d883
dac172c83f0be147307dfd97fa9408a0169b7a9d89a0ff90fe15f0e5afaa9587
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
decf18e6ed4b163a7a0ef6ddecbafcfb300be5f0cd98140960efc65adb115c59
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
e2e05217cb6c08c8ac8fccd62fe7541004252cb0fd5fe47716ea55bc7aa555f5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42f6184ef648fdb8c056ccc6da41e3a09644ce7fdd95362815cd7a12f71605f
e46d7428c97ed0fb83bbbc425f803bad6f8a9554fe66cb7bd6177f0728441f07
e5ded1ffe23e46d165dbe335bdd960125108748d53f4b1c8b618c48f4ab56ed8
e79ceafda235e0aca12f694c2a2fe35482cc5dc2bcab095480c3e6ab0ea61af0
e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090
ea78cd3a90f37316510cca9f00cf09508083e6d3449681b972fc03cd42e661a2
ee9c6658d320d8aa8fbd3135debda38c8483fb11d91b733af4d63ab4bc5f8663
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef401955627aaaedffd337dc3a7c4f9ad56f5dcd31f13833772760cda1aaa437
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6a1de658799684ccdaff4b4577a481267ac357b2091df7df3a05497cb28469e
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
fbb2df2831ea2234d9a6db640b566056945c3025380ddb99653c9546f6fca8e4
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.zscaler.com Open in urlscan Pro 104.18.29.74 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

167 Requests

86 %HTTPS

0 %IPv6

47 Domains

64 Subdomains

46 IPs

4 Countries

1892 kBTransfer

5802 kBSize

52 Cookies

25 Outgoing links

Page URL History

Redirected requests

167 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.zscaler.com Open in urlscan Pro
104.18.29.74 Public Scan

Screenshot
Live screenshot

Full Image

167
Requests

86 %
HTTPS

0 %
IPv6

47
Domains

64
Subdomains

46
IPs

4
Countries

1892 kB
Transfer

5802 kB
Size

52
Cookies

167 HTTP transactions
1 data transactions