urlscan.io logo urlscan.io
SecurityTrails logo

www.zscaler.com Open in urlscan Pro
2606:4700::6813:d53e  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Submission: On July 08 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 45 IPs in 6 countries across 38 domains to perform 134 HTTP transactions. The main IP is 2606:4700::6813:d53e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 19th 2021. Valid for: a year.
This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
34 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
7 2a00:1450:400... 15169 (GOOGLE)
1 50.19.224.133 14618 (AMAZON-AES)
2 23.45.104.85 16625 (AKAMAI-AS)
2 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
15 104.111.233.140 16625 (AKAMAI-AS)
1 172.217.23.98 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 6 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
4 152.195.15.58 15133 (EDGECAST)
3 2a03:2880:f02... 32934 (FACEBOOK)
1 163.171.128.148 54994 (QUANTILNE...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2 2620:119:50e1... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 108.174.10.14 14413 (LINKEDIN)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
14 17 63.35.200.21 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 206.19.49.24 17225 (ATT-CERFN...)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f12... 32934 (FACEBOOK)
2 3.65.155.204 16509 (AMAZON-02)
1 35.156.153.71 16509 (AMAZON-02)
1 2 2.18.234.21 16625 (AKAMAI-AS)
1 69.173.144.139 26667 (RUBICONPR...)
1 64.202.112.191 23352 (SERVERCEN...)
1 185.64.189.110 62713 (AS-PUBMATIC)
1 141.226.228.48 200478 (TABOOLA-AS)
1 2 18.192.225.56 16509 (AMAZON-02)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
1 2 3.124.165.65 16509 (AMAZON-02)
1 2 37.252.172.37 29990 (ASN-APPNEX)
1 2 34.98.64.218 15169 (GOOGLE)
1 1 142.250.186.98 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.113.27 54113 (FASTLY)
2 162.247.243.146 13335 (CLOUDFLAR...)
134 45
34    2606:4700::6813:d53e (United States)

ASN13335 (CLOUDFLARENET, US)
www.zscaler.com
3    2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
7    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    50.19.224.133 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-224-133.compute-1.amazonaws.com
t.sf14g.com
2    23.45.104.85 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-104-85.deploy.static.akamaitechnologies.com
munchkin.marketo.net
2    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
15    104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
1    172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
6    2a02:26f0:6c00::210:baab (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
s.adroll.com
1    2a02:26f0:6c00:28c::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
4    152.195.15.58 (United States)

ASN15133 (EDGECAST, US)
cdn.bizible.com
cdn.bizibly.com
3    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    163.171.128.148 (Germany)

ASN54994 (QUANTILNETWORKS, US)
trk.techtarget.com
1    2a00:1450:400c:c08::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2620:119:50e1:101::6cae:b25 (San Jose, United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
1    2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
5    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
17    63.35.200.21 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
d.adroll.mgr.consensu.org
d.adroll.com
2    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
analytics.google.com
2    2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    206.19.49.24 (United States)

ASN17225 (ATT-CERFNET-BLOCK, US)
apt.techtarget.com
3    2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    3.65.155.204 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
epsilon.6sense.com
1    35.156.153.71 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
pixel.advertising.com
2    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
1    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    64.202.112.191 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
1    141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)
sync.taboola.com
2    18.192.225.56 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-225-56.eu-central-1.compute.amazonaws.com
eb2.3lift.com
1    2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
2    3.124.165.65 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
x.bidswitch.net
2    37.252.172.37 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
2    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
1    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
cm.g.doubleclick.net
3    2a00:1450:4001:809::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
visitor.reactful.com
1    2a00:1450:4001:808::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tracking.reactful.com
1    151.101.113.27 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
2    162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
Apex Domain
Subdomains		 Transfer
34 zscaler.com
www.zscaler.com
1 MB
22 adroll.com
s.adroll.com
d.adroll.com
31 KB
15 6sc.co
j.6sc.co
c.6sc.co
b.6sc.co
19 KB
7 googleapis.com
fonts.googleapis.com
4 KB
6 doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
3 KB
5 google.de
www.google.de
361 B
5 google.com
www.google.com
analytics.google.com
666 B
4 reactful.com
visitor.reactful.com
tracking.reactful.com
107 KB
4 linkedin.com
px.ads.linkedin.com
www.linkedin.com
px4.ads.linkedin.com
4 KB
4 google-analytics.com
www.google-analytics.com
19 KB
4 gstatic.com
fonts.gstatic.com
62 KB
3 facebook.com
www.facebook.com
250 B
3 facebook.net
connect.facebook.net
172 KB
3 bizible.com
cdn.bizible.com
32 KB
3 bing.com
bat.bing.com
9 KB
3 cookielaw.org
cdn.cookielaw.org
23 KB
2 nr-data.net
bam-cell.nr-data.net
1 KB
2 openx.net
us-u.openx.net
480 B
2 adnxs.com
ib.adnxs.com
2 KB
2 bidswitch.net
x.bidswitch.net
873 B
2 3lift.com
eb2.3lift.com
738 B
2 casalemedia.com
dsum-sec.casalemedia.com
2 KB
2 6sense.com
epsilon.6sense.com
764 B
2 techtarget.com
trk.techtarget.com
apt.techtarget.com
3 KB
2 googletagmanager.com
www.googletagmanager.com
128 KB
2 marketo.net
munchkin.marketo.net
7 KB
1 newrelic.com
js-agent.newrelic.com
12 KB
1 yahoo.com
ads.yahoo.com
443 B
1 taboola.com
sync.taboola.com
247 B
1 pubmatic.com
simage2.pubmatic.com
547 B
1 outbrain.com
sync.outbrain.com
477 B
1 rubiconproject.com
pixel.rubiconproject.com
239 B
1 advertising.com
pixel.advertising.com
125 B
1 bizibly.com
cdn.bizibly.com
203 B
1 consensu.org
d.adroll.mgr.consensu.org
138 B
1 licdn.com
snap.licdn.com
2 KB
1 googleadservices.com
www.googleadservices.com
14 KB
1 sf14g.com
t.sf14g.com
134 38
Domain Requested by
34 www.zscaler.com www.zscaler.com
16 d.adroll.com 13 redirects www.zscaler.com
13 b.6sc.co www.zscaler.com
7 fonts.googleapis.com www.zscaler.com
6 s.adroll.com 1 redirects www.googletagmanager.com
www.zscaler.com
s.adroll.com
d.adroll.com
5 www.google.de www.zscaler.com
4 www.google.com www.zscaler.com
4 www.google-analytics.com www.googletagmanager.com
www.zscaler.com
cdn.bizible.com
4 fonts.gstatic.com fonts.googleapis.com
3 visitor.reactful.com www.zscaler.com
cdn.bizible.com
3 www.facebook.com www.zscaler.com
connect.facebook.net
3 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
cdn.bizible.com
3 connect.facebook.net www.zscaler.com
connect.facebook.net
3 cdn.bizible.com www.googletagmanager.com
www.zscaler.com
cdn.bizible.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
www.zscaler.com
3 cdn.cookielaw.org www.zscaler.com
cdn.cookielaw.org
2 bam-cell.nr-data.net js-agent.newrelic.com
cdn.bizible.com
2 us-u.openx.net 1 redirects www.zscaler.com
2 ib.adnxs.com 1 redirects www.zscaler.com
2 x.bidswitch.net 1 redirects www.zscaler.com
2 eb2.3lift.com 1 redirects www.zscaler.com
2 dsum-sec.casalemedia.com 1 redirects www.zscaler.com
2 epsilon.6sense.com cdn.bizible.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 px.ads.linkedin.com 2 redirects
2 www.googletagmanager.com www.zscaler.com
www.googletagmanager.com
2 munchkin.marketo.net www.zscaler.com
munchkin.marketo.net
1 js-agent.newrelic.com www.zscaler.com
1 tracking.reactful.com cdn.bizible.com
1 cm.g.doubleclick.net 1 redirects
1 ads.yahoo.com www.zscaler.com
1 sync.taboola.com www.zscaler.com
1 simage2.pubmatic.com www.zscaler.com
1 sync.outbrain.com www.zscaler.com
1 pixel.rubiconproject.com www.zscaler.com
1 pixel.advertising.com www.zscaler.com
1 cdn.bizibly.com www.zscaler.com
1 c.6sc.co j.6sc.co
1 apt.techtarget.com www.zscaler.com
1 analytics.google.com www.googletagmanager.com
1 d.adroll.mgr.consensu.org 1 redirects
1 px4.ads.linkedin.com www.zscaler.com
1 www.linkedin.com 1 redirects
1 trk.techtarget.com www.zscaler.com
1 snap.licdn.com www.googletagmanager.com
1 www.googleadservices.com www.googletagmanager.com
1 j.6sc.co www.zscaler.com
1 t.sf14g.com www.zscaler.com
134 48
Subject Issuer Validity Valid
www.zscaler.com
DigiCert SHA2 Extended Validation Server CA		 2021-02-19 -
2022-03-22		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2021-06-01 -
2022-05-31		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-06-22 -
2021-09-14		 3 months crt.sh
t.sf14g.com
Go Daddy Secure Certificate Authority - G2		 2020-09-09 -
2021-09-09		 a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA		 2021-03-29 -
2022-04-06		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.6sc.co
DigiCert SHA2 Secure Server CA		 2021-03-09 -
2022-03-16		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
adroll.com
R3		 2021-06-14 -
2021-09-12		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-04-30 -
2022-05-11		 a year crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-04-12 -
2021-10-12		 6 months crt.sh
io.bizible.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-30 -
2022-07-05		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-05-26 -
2021-08-24		 3 months crt.sh
trk.techtarget.com
Sectigo RSA Domain Validation Secure Server CA		 2020-02-17 -
2022-05-17		 2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-04-15 -
2021-10-15		 6 months crt.sh
www.google.com
GTS CA 1C3		 2021-06-07 -
2021-08-30		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
adroll.mgr.consensu.org
Amazon		 2020-10-08 -
2021-11-07		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.techtarget.com
Sectigo RSA Domain Validation Secure Server CA		 2019-10-25 -
2021-10-24		 2 years crt.sh
*.6sense.com
Amazon		 2021-06-30 -
2022-07-29		 a year crt.sh
pixel.advertising.com
DigiCert SHA2 High Assurance Server CA		 2021-03-01 -
2021-08-24		 6 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-12-18 -
2022-01-18		 a year crt.sh
*.outbrain.com
Thawte RSA CA 2018		 2019-10-29 -
2021-11-23		 2 years crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2020-12-07 -
2021-12-14		 a year crt.sh
*.taboola.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-06-16 -
2021-07-28		 a month crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2020-06-18 -
2021-08-17		 a year crt.sh
*.reactful.com
Go Daddy Secure Certificate Authority - G2		 2021-05-07 -
2022-06-08		 a year crt.sh
*.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-05-05 -
2022-06-06		 a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Frame ID: 2B71C11584BA00941F60D91900BF66E4
Requests: 132 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers expires /19 Nov 1978/i
Overall confidence: 100%
Detected patterns
  • headers expires /19 Nov 1978/i
Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

134
Requests

99 %
HTTPS

51 %
IPv6

38
Domains

48
Subdomains

45
IPs

6
Countries

1907 kB
Transfer

4833 kB
Size

23
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1625768442128&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1625768442128%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1625768442128&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1625768442128&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&liSync=true&e_ipv6=AQIG7c-6mQ7mYQAAAXqHWbxxo8B2H1a2jTG2OhIXinB5r50V7vUctRob94T4MavY3-bWh5AF
Request Chain 66
  • https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 68
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/ULSJHTPGTZGY3EPPZSKHKS?_s=10b2b9ea347d33a1b5263bfbdde12621&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=10b2b9ea347d33a1b5263bfbdde12621&_b=2
Request Chain 86
  • https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&pv=47653819323.05548&cookie=&adroll_s_ref=&keyw= HTTP 302
  • https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
Request Chain 91
  • https://d.adroll.com/cm/aol/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Request Chain 92
  • https://d.adroll.com/cm/index/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expiration=1657304442 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expiration=1657304442&C=1
Request Chain 93
  • https://d.adroll.com/cm/n/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expires=365
Request Chain 94
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
Request Chain 95
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Request Chain 96
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
Request Chain 97
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://eb2.3lift.com/xuid?mid=4714&xuid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&dongle=c85e HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Request Chain 98
  • https://d.adroll.com/cm/r/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Request Chain 99
  • https://d.adroll.com/cm/b/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
Request Chain 100
  • https://d.adroll.com/cm/x/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://ib.adnxs.com/setuid?entity=172&code=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
Request Chain 102
  • https://d.adroll.com/cm/o/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=d1cd7907204579682d48d06c7644eebe HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d1cd7907204579682d48d06c7644eebe
Request Chain 103
  • https://d.adroll.com/cm/g/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS&google_nid=adroll4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=0c15ByBFeWgtSNBsdkTuvg HTTP 302
  • https://d.adroll.com/cm/g/in

134 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
www.zscaler.com/blogs/security-research/ 		85 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c24d940ef8ea53e7f647678ce74486023796267cb8fd55b54d2212cd01485ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.zscaler.com
:scheme
https
:path
/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:40 GMT
content-type
text/html; charset=UTF-8
cache-control
max-age=2764800, public
link
<https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat>; rel="canonical"
x-ua-compatible
IE=edge
content-language
en
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
expires
Sun, 19 Nov 1978 05:00:00 GMT
last-modified
Thu, 08 Jul 2021 18:20:39 GMT
vary
X-UA-Device,Accept-Encoding
x-request-id
v-32be993e-e019-11eb-8180-6783c7bd6d8a
x-ah-environment
prod
age
0
via
varnish
x-cache
HIT
x-cache-hits
1
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
server
cloudflare
cf-ray
66bb53edddd5c2bd-FRA
content-encoding
br
google_tag.script.js
www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/ 		347 B
419 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/google_tag.script.js?qvxsbz
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/sites/default/files/google_tag/zscaler_marketing_production/google_tag.script.js?qvxsbz
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
3004
x-cache
HIT
x-cache-hits
40
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-6be02c76-e011-11eb-bf8e-4fc7568a6213
last-modified
Thu, 08 Jul 2021 17:23:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
application/javascript
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
66bb53f44a2ac2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
css_q18vFNz3vVs9u-ltuWmTYJRXMPWg_xdBVF0VIqCopSU.css
www.zscaler.com/sites/default/files/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/sites/default/files/css/css_q18vFNz3vVs9u-ltuWmTYJRXMPWg_xdBVF0VIqCopSU.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab5f2f14dcf7bd5b3dbbe96db9699360945730f5a0ff1741545d1522a0a8a525
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/sites/default/files/css/css_q18vFNz3vVs9u-ltuWmTYJRXMPWg_xdBVF0VIqCopSU.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1256617
x-cache
HIT
x-cache-hits
498
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-8511d0e0-bde4-11eb-935a-ab6c554ae53d
last-modified
Mon, 17 May 2021 02:35:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
66bb53f44a36c2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
zscaler-stylesheet.min.css
www.zscaler.com/sites/default/files/cohesion/styles/base/ 		321 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/sites/default/files/cohesion/styles/base/zscaler-stylesheet.min.css?qvxsbz
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e026aa9038d28d8bb04b6c02f56c3d9e97920fa6bc339a1d6b72a99e7d69843
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/sites/default/files/cohesion/styles/base/zscaler-stylesheet.min.css?qvxsbz
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
3004
x-cache
HIT
x-cache-hits
42
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-6bfd2e98-e011-11eb-afa8-d3c04c3e41cc
last-modified
Thu, 08 Jul 2021 17:24:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
66bb53f44a37c2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
css_UT3I8zCGtrm1FAMoJs1Q4KKYthGpIcZnqgjgik8psco.css
www.zscaler.com/sites/default/files/css/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/sites/default/files/css/css_UT3I8zCGtrm1FAMoJs1Q4KKYthGpIcZnqgjgik8psco.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
513dc8f33086b6b9b514032826cd50e0a298b611a921c667aa08e08a4f29b1ca
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/sites/default/files/css/css_UT3I8zCGtrm1FAMoJs1Q4KKYthGpIcZnqgjgik8psco.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1166085
x-cache
HIT
x-cache-hits
668
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-1eefca4a-c9e4-11eb-bac3-077ebecf8980
last-modified
Fri, 04 Jun 2021 12:53:42 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
66bb53f44a3ac2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
zscaler-stylesheet.min.css
www.zscaler.com/sites/default/files/cohesion/styles/theme/ 		25 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/sites/default/files/cohesion/styles/theme/zscaler-stylesheet.min.css?qvxsbz
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
501ec19085d3adda081e5964f9295aedc75ba51a48a30c91539f2f0ccc8b48e9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/sites/default/files/cohesion/styles/theme/zscaler-stylesheet.min.css?qvxsbz
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
3004
x-cache
HIT
x-cache-hits
43
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-6c13f7f4-e011-11eb-9aee-2787d26b3121
last-modified
Thu, 08 Jul 2021 17:24:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
66bb53f44a3dc2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
css_x9K6SsP3v-Nm3Ib67T4g1-6EHxUISbdTR7Hw3TG-6qA.css
www.zscaler.com/sites/default/files/css/ 		376 B
260 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/sites/default/files/css/css_x9K6SsP3v-Nm3Ib67T4g1-6EHxUISbdTR7Hw3TG-6qA.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7d2ba4ac3f7bfe366dc86faed3e20d7ee841f150849b75347b1f0dd31beeaa0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/sites/default/files/css/css_x9K6SsP3v-Nm3Ib67T4g1-6EHxUISbdTR7Hw3TG-6qA.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1169327
x-cache
HIT
x-cache-hits
562
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-3e161f76-bde8-11eb-b11a-1ffff6ad174e
last-modified
Mon, 17 May 2021 02:35:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
66bb53f44a40c2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
subscription
www.zscaler.com/webform/css/ 		73 B
347 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/webform/css/subscription?qvxsbz&qvxsbz
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57140e2d39089d723259e3e86568864036fac49f93021d1def07076ccec81bda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

:path
/webform/css/subscription?qvxsbz&qvxsbz
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
3335
x-cache
HIT
content-type
text/css; charset=UTF-8
x-ah-environment
prod
content-encoding
br
vary
X-UA-Device,Accept-Encoding
x-request-id
v-6f9cc55e-e011-11eb-8bd9-5b0a7e22961b
x-ua-compatible
IE=edge
last-modified
Thu, 08 Jul 2021 17:25:05 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"1625765105"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-language
en
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
max-age=2764800, public
cf-ray
66bb53f44a43c2bd-FRA
x-cache-hits
741
css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
www.zscaler.com/sites/default/files/css/ 		889 KB
103 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d66ef965a7d8e19efab71afb054420d08848530571e1a8e534b0ecdea11a488e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
4111
x-cache
HIT
x-cache-hits
16
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-728b5340-e00f-11eb-aa98-c3abe476b977
last-modified
Thu, 08 Jul 2021 17:10:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
66bb53f44a44c2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
logo.svg
www.zscaler.com/themes/custom/zscaler/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/themes/custom/zscaler/logo.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9889de61b49684c87111bcc4c726a73c3e6d799ca8eefa7f3dc109d533e92470
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/themes/custom/zscaler/logo.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1402845
x-cache
HIT
x-cache-hits
2
x-ah-environment
prod
content-encoding
br
vary
Host, Accept-Encoding
x-request-id
v-d0a7e71c-a1d1-11eb-9f34-47f3dad1539a
last-modified
Mon, 11 Jan 2021 08:07:31 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/svg+xml
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
66bb53f45a4ac2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
zscaler-header-logo-white.png
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/logo/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/logo/zscaler-header-logo-white.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
825f865cf7248c3d146e9f1102829679e3eb598afcfd4d6ae368e3dcb066737e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/themes/custom/zscaler/images/logo/zscaler-header-logo-white.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
HIT
vary
Accept-Encoding
content-length
3783
cf-request-id
0b28f2ccce0000c2bdac3ea000000001
last-modified
Fri, 08 Jan 2021 14:07:04 GMT
server
cloudflare
etag
"cfBjggqeJPY18Oz4jX97CgSA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
public, max-age=1814400
cf-resized
internal=ok/h q=0 n=19 c=1444 v=2021.6.6
accept-ranges
bytes
cf-ray
66bb53f45a4dc2bd-FRA
welcomescreen.JPG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/welcomescreen.JPG
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abb404f7e8dc4bf360da42b9604c09304575182147d7089d7d17e69d9eaad627
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/welcomescreen.JPG
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
9026
cf-request-id
0b28f2ccc30000c2bd3c129000000001
last-modified
Fri, 04 Sep 2020 11:30:25 GMT
server
cloudflare
etag
"cfPWHEbXUeM1kFJT--89FeiA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=920 c=91 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a4fc2bd-FRA
rigek.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		269 KB
269 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/rigek.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
926ee7241a2b70b863bceee11202aba19564c754b098e2491aa911f5f9d22223
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/rigek.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
275464
cf-request-id
0b28f2ccc60000c2bd4093d000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cfoSOYXsdvrx04sfHSZjIzfQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=1357 c=160 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a53c2bd-FRA
firsr_layer_deofu.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/firsr_layer_deofu.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9bf90a30dfa24e763aa905160b6031fca8ffe9979b52bc123b7e57ce4b4ffdb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/firsr_layer_deofu.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:43 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
9470
cf-request-id
0b28f2cccc0000c2bd4336d000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cfpWYGyZ-Ge-KXc8wzLWOriA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=728 c=1994 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a55c2bd-FRA
api_name_resolving.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/api_name_resolving.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a48e1a110cc87847a37769d14a2c7ac89dc85dde58a6bbb48b5a6e83ed476cc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/api_name_resolving.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
3668
cf-request-id
0b28f2ccd00000c2bd9e088000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cfvKaKKK4T51aeKdiQz8leAw"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=868 c=61 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a56c2bd-FRA
mz_code.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/mz_code.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f43667045d11d7212f176c7f8d9c595f2a390a24ead32e9aa20a807d761b15c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/mz_code.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
8919
cf-request-id
0b28f2ccc80000c2bd683b6000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cf1jvm5EdzVxff9y7CFTQ2nw"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=815 c=687 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a5dc2bd-FRA
decrpytion.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/decrpytion.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7c84204d63d097cc066dce7834f32e085088e0f7337cc218bd214d9b93956a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/decrpytion.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
4054
cf-request-id
0b28f2ccc40000c2bda5b9e000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cf3dNgSA4rHWGakfnJgZm8cg"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=798 c=48 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a5fc2bd-FRA
first_post_request.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/first_post_request.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2bc5c873ea08bd577d85881c93d4883fb35807427892397f52e417e85e93149
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/first_post_request.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:43 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
23310
cf-request-id
0b28f2ccc90000c2bd5e8cd000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cfLXe8HKYeW653uB07PMgDaA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=1157 c=1644 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a61c2bd-FRA
2_post%20request.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/2_post%20request.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87611d7a5df4aaa658a0b44dcc2a80c83b1fb8da3a8badee2ad4940b05a20f01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/2_post%20request.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
8114
cf-request-id
0b28f2ccc30000c2bd83994000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cfM0MCwQbTj2pnx2egem_8Sg"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=858 c=31 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a63c2bd-FRA
key-value_post%20data.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/key-value_post%20data.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08757ff01dc82868378519aaf29b377895021e6ff35bef0fc23fa7e77411b6c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/key-value_post%20data.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:43 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
19997
cf-request-id
0b28f2ccd60000c2bdc7aed000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cfrrLUIA_u8WWc7IyXN28umw"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=1171 c=1212 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a68c2bd-FRA
live_control_panel.JPG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/live_control_panel.JPG
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58ecc6c676de68150eeb13baa19829ff4dfb5e8c7afa8b9f67c5fe6a78f19856
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/live_control_panel.JPG
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
34086
cf-request-id
0b28f2cccf0000c2bdbe3d3000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cf9htixomsI89mzTh-d3ihsA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=1043 c=55 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a6ac2bd-FRA
tasklist.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/tasklist.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35957c6bbd8cfcfbead96d1b5f98a8b36bf2e443f11718f01af5dcb5cb404aef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/tasklist.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:43 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
14784
cf-request-id
0b28f2ccca0000c2bd3c972000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cfHpu2Y10C4eYmREf7BQf4Ww"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=1060 c=1162 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a6bc2bd-FRA
graph_OS.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/graph_OS.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfd811395f38d587c8f2b13b0d7e72ce2cbcc5915e3f490098f48bf12ba1d98a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Amadey/graph_OS.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
5016
cf-request-id
0b28f2ccce0000c2bd6c812000000001
last-modified
Fri, 04 Sep 2020 11:30:26 GMT
server
cloudflare
etag
"cfm5yXIobMZMfhvP_auS-c-w"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/m q=0 n=844 c=47 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53f45a6cc2bd-FRA
email-decode.min.js
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
889 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

:path
/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 29 Jun 2021 09:14:34 GMT
server
cloudflare
etag
W/"60dae47a-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800 public
strict-transport-security
max-age=31536000; preload
cf-ray
66bb53f45a46c2bd-FRA
vary
Accept-Encoding
cf-request-id
0b28f2ccb70000c2bdb8884000000001
expires
Sat, 10 Jul 2021 18:20:41 GMT
92ede4fc-c076-4245-8c3f-85e672763690.js
cdn.cookielaw.org/langswitch/ 		2 KB
926 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jul 2021 18:20:41 GMT
content-encoding
GZIP
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
wNMyoZp2a7YtIJ5FlCf5Pg==
age
3104
vary
Accept-Encoding
content-length
737
x-ms-lease-status
unlocked
last-modified
Fri, 14 May 2021 18:29:18 GMT
server
cloudflare
etag
0x8D917062F4AFA7B
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
429e4903-101e-014d-6efc-485851000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
66bb53f459e14ea3-FRA
js_TtG_ZUz6Y7Zpul6XsIjjpGiRLZbQD6tNtgcnJDX8Qew.js
www.zscaler.com/sites/default/files/js/ 		710 KB
185 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/sites/default/files/js/js_TtG_ZUz6Y7Zpul6XsIjjpGiRLZbQD6tNtgcnJDX8Qew.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ed1bf654cfa63b669ba5e97b088e3a468912d96d00fab4db607272435fc41ec
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/sites/default/files/js/js_TtG_ZUz6Y7Zpul6XsIjjpGiRLZbQD6tNtgcnJDX8Qew.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
4111
x-cache
HIT
x-cache-hits
3
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-77289b2e-e00f-11eb-a2fd-57825dc75903
last-modified
Thu, 08 Jul 2021 17:10:57 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/javascript
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
66bb53f45a47c2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
css
fonts.googleapis.com/ 		2 KB
645 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300&display=swap
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
daa21724a6f9d8b57a3a1784c9820f9192be6dbb0caae81405605db3b5fd13ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 08 Jul 2021 17:07:14 GMT
server
ESF
date
Thu, 08 Jul 2021 18:20:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 08 Jul 2021 18:20:41 GMT
css
fonts.googleapis.com/ 		2 KB
621 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400&display=swap
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0136a3f123a1e9b3abff969b246786854e58bd66c321dadec9ee9539ed4ede31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 08 Jul 2021 18:00:40 GMT
server
ESF
date
Thu, 08 Jul 2021 18:20:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 08 Jul 2021 18:20:41 GMT
css
fonts.googleapis.com/ 		2 KB
622 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:500&display=swap
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4a6ce8ee6ce904a9b590e3e458d3332b7ef3a17f53153d31cc2aa30821ebb46f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 08 Jul 2021 18:17:43 GMT
server
ESF
date
Thu, 08 Jul 2021 18:20:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 08 Jul 2021 18:20:41 GMT
css
fonts.googleapis.com/ 		2 KB
623 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:700&display=swap
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
30d75e9a1eca3c2176d50f10c8f846322b5eabd951e51fcbb406ca0aeeeef613
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 08 Jul 2021 18:09:27 GMT
server
ESF
date
Thu, 08 Jul 2021 18:20:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 08 Jul 2021 18:20:41 GMT
css
fonts.googleapis.com/ 		2 KB
654 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Slab:300&display=swap
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
88ad4a43ec6a7f9fa9813e20c076df129708bc52ed5830054e10e6d29da55700
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 08 Jul 2021 18:20:26 GMT
server
ESF
date
Thu, 08 Jul 2021 18:20:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 08 Jul 2021 18:20:41 GMT
css
fonts.googleapis.com/ 		2 KB
655 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Slab:400&display=swap
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
89ec6ec585060963d30537328e9a404d14aa6b797a67b67c1f24c244af4998b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 08 Jul 2021 18:20:41 GMT
server
ESF
date
Thu, 08 Jul 2021 18:20:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 08 Jul 2021 18:20:41 GMT
css
fonts.googleapis.com/ 		2 KB
654 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Slab:700&display=swap
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
64f41676bf2b1e84a1b4df922ee3fb4c8424b1e3a3f304ea8cb1563b4fd91edc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 08 Jul 2021 17:59:17 GMT
server
ESF
date
Thu, 08 Jul 2021 18:20:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 08 Jul 2021 18:20:41 GMT
sf14g.js
t.sf14g.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://t.sf14g.com/sf14g.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.19.224.133 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-19-224-133.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
munchkin.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-104-85.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:41 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 May 2021 01:40:41 GMT
Server
AkamaiNetStorage
ETag
"5379c4a40ff8ae9d2fc6484dd1c57349:1622166041.794746"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
gtm.js
www.googletagmanager.com/ 		256 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/google_tag.script.js?qvxsbz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0b3d1c9bf34cb241a9638e35826e8624628d68229080d94fd15b298f63a590e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
70638
x-xss-protection
0
last-modified
Thu, 08 Jul 2021 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 08 Jul 2021 18:20:41 GMT
75590e24-f605-4d9c-b92c-ca09a93d469f.js
cdn.cookielaw.org/consent/ 		107 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52715f5996e0200b021033694b01e16815f4a69c8d93929e7534e5b657b2c06f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jul 2021 18:20:41 GMT
content-encoding
GZIP
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
PJSn9K1QeTiRBVRvbNjF2Q==
age
2846
vary
Accept-Encoding
content-length
18209
x-ms-lease-status
unlocked
last-modified
Fri, 14 May 2021 18:29:21 GMT
server
cloudflare
etag
0x8D9170631866301
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
eb3d857b-001e-005d-10ef-4828e2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
66bb53f8f91adfbf-FRA
zscaler-company-blogs-seconday-hero-secure-the-workforce%402x.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/blog-hero/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/blog-hero/zscaler-company-blogs-seconday-hero-secure-the-workforce%402x.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
979fad71a30e04878ea6f208924e89593d93fac949e1ddcdd824e265d840b32e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format%3Dauto/sites/default/files/blog-hero/zscaler-company-blogs-seconday-hero-secure-the-workforce%402x.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
HIT
vary
Accept-Encoding
content-length
22456
cf-request-id
0b28f2d0120000c2bd84992000000001
last-modified
Fri, 06 Nov 2020 06:04:35 GMT
server
cloudflare
etag
"cf3GB1jr_2LSh6YDyfkd2ntQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/h q=0 n=35 c=219 v=2021.5.5
accept-ranges
bytes
cf-ray
66bb53f9ae03c2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
zscaler-company-blogs-background-subscribe.jpg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images//blog/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images//blog/zscaler-company-blogs-background-subscribe.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98515abc1dc23dfee77bed4169921a8cdb0d10486277997a31d77ce67aafd8e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/themes/custom/zscaler/images//blog/zscaler-company-blogs-background-subscribe.jpg
pragma
no-cache
cookie
OptanonConsent=isIABGlobal=false&datestamp=Thu+Jul+08+2021+20%3A20%3A42+GMT%2B0200+(Central+European+Summer+Time)&version=6.17.0&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat; _gcl_au=1.1.1922685492.1625768442; _gid=GA1.2.927978976.1625768442; _dc_gtm_UA-6177009-1=1; _uetsid=34518cd0e01911eb8f6b5bc7b7e444ab; _uetvid=3451a7d0e01911ebbfda5da62050932f; _ga_10SPJ4YJL9=GS1.1.1625768442.1.0.1625768442.60; _ga=GA1.1.1933748882.1625768442; _gd_visitor=0de6552b-936e-4fa1-8b18-761d3d70205f; _gd_session=6e297839-a8ae-417b-856a-e6dd37656fea; _biz_uid=dda0e8aec520409fda61225030eec922; _biz_sid=9150c; _biz_nA=1; _fbp=fb.1.1625768442253.404683951; _biz_pendingA=%5B%5D; __adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323; _gd_svisitor=64bb1002e8550000fa41e7609a000000a5e11500; __ar_v4=%7CULSJHTPGTZGY3EPPZSKHKS%3A20210707%3A1%7C22OEOVE2YNFA3EKSRERISY%3A20210707%3A1%7CXYPZFM5QENHXRH7RBBI5PW%3A20210707%3A1; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
HIT
vary
Accept-Encoding
content-length
21326
cf-request-id
0b28f2d2ca0000c2bd7931d000000001
last-modified
Fri, 08 Jan 2021 14:07:04 GMT
server
cloudflare
etag
"cfsKNP26LhJwWEhRnWvHym5A"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/h q=0 n=33 c=83 v=2021.6.6
accept-ranges
bytes
cf-ray
66bb53fe0ebec2bd-FRA
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.zscaler.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Jul 2021 06:52:18 GMT
x-content-type-options
nosniff
age
214103
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Jul 2022 06:52:18 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.zscaler.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Jul 2021 08:57:53 GMT
x-content-type-options
nosniff
age
206568
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:39 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Jul 2022 08:57:53 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.zscaler.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 05 Jul 2021 17:47:08 GMT
x-content-type-options
nosniff
age
261213
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:39 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Jul 2022 17:47:08 GMT
fa-solid-900.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/ 		134 KB
135 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-solid-900.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d23676da3d5b10007f7f675da723f274604cd88397dc25c4721519973994a71
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/themes/custom/zscaler/build/webfonts/fa-solid-900.woff2
pragma
no-cache
origin
https://www.zscaler.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
www.zscaler.com
referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1168960
x-cache
HIT
x-cache-hits
403
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
137704
x-request-id
v-d150baa4-a1d1-11eb-9092-f35bee709e8d
last-modified
Mon, 11 Jan 2021 08:07:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
access-control-allow-origin
*
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
66bb53f92d05c2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.zscaler.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Jul 2021 03:00:34 GMT
x-content-type-options
nosniff
age
228007
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:46 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Jul 2022 03:00:34 GMT
fa-brands-400.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/ 		74 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-brands-400.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79e40ce5098ca3d5d3ed476b2b4e156829bdec21fb8c07bab967f6525f5c5677
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/themes/custom/zscaler/build/webfonts/fa-brands-400.woff2
pragma
no-cache
origin
https://www.zscaler.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
www.zscaler.com
referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1168960
x-cache
HIT
x-cache-hits
158
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
76008
x-request-id
v-e944462c-b38c-11eb-9935-9b25f83038c5
last-modified
Mon, 11 Jan 2021 08:07:27 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
access-control-allow-origin
*
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
66bb53f92d09c2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
fa-light-300.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/ 		181 KB
181 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-light-300.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dc6a571eb2c6ef91003bd4dd0ed914d0bbe394d4347bb503e0d3b1b9295a6db
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/themes/custom/zscaler/build/webfonts/fa-light-300.woff2
pragma
no-cache
origin
https://www.zscaler.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
www.zscaler.com
referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1168960
x-cache
HIT
x-cache-hits
159
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
185360
x-request-id
v-affef50c-b38b-11eb-bc18-9bbb1ad855b1
last-modified
Mon, 11 Jan 2021 08:07:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
access-control-allow-origin
*
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
66bb53f92d0bc2bd-FRA
expires
Thu, 29 Jul 2021 18:20:41 GMT
zscaler-blog-botnets-1%402x_2.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blogs/----category-images/botnets/ 		70 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blogs/----category-images/botnets/zscaler-blog-botnets-1%402x_2.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4019dc0c85c3a21c0c97662c7c896476dd01ce39bd1aa7f4c6c91f62d6095ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format%3Dauto/sites/default/files/images/blogs/----category-images/botnets/zscaler-blog-botnets-1%402x_2.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
MISS
vary
Accept-Encoding
content-length
71898
cf-request-id
0b28f2d07f0000c2bd97909000000001
last-modified
Fri, 04 Sep 2020 11:30:25 GMT
server
cloudflare
etag
"cfzjISjXo-zShySOO9LY8CWQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/webp
cache-control
public, max-age=1814400
cf-resized
internal=ok/h q=0 n=28 c=84 v=2021.7.2
accept-ranges
bytes
cf-ray
66bb53fa4f2ec2bd-FRA
munchkin.js
munchkin.marketo.net/160/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/160/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-104-85.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:42 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Feb 2021 02:54:38 GMT
Server
AkamaiNetStorage
ETag
"19a9335fd71267d56e65bc19390f3100:1613703278.138281"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4811
Expires
Sat, 16 Oct 2021 18:20:42 GMT
optanon.css
cdn.cookielaw.org/skins/6.17.0/default_responsive_alert_bottom_two_button_white/v2/css/ 		20 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/skins/6.17.0/default_responsive_alert_bottom_two_button_white/v2/css/optanon.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jul 2021 18:20:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
PQ+4MhA6SqzcUl00QGzVIQ==
age
354
vary
Accept-Encoding
content-length
3587
x-ms-lease-status
unlocked
last-modified
Thu, 29 Apr 2021 01:57:02 GMT
server
cloudflare
etag
0x8D90AB2154C6F4F
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
71e4bc7e-801e-002a-0fbf-6bada3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
66bb53fabccddfbf-FRA
js
www.googletagmanager.com/gtag/ 		164 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
482473d233bf196f6216a21a1a970b3ff934221cda23079bed46f159b1baa4a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60118
x-xss-protection
0
expires
Thu, 08 Jul 2021 18:20:42 GMT
6si.min.js
j.6sc.co/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
da1b60970149580c709bbc357622d24e7029d658e852e74ef1d861ffb22ad219
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
7764
Pragma
no-cache
Last-Modified
Wed, 17 Mar 2021 01:04:50 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"605155b2-5d6b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Cache-Control
private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Thu, 08 Jul 2021 18:20:42 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
92bd24374fb205c765a133d522acb2772693d2ccd486b7855e2447918de296a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14011
x-xss-protection
0
server
cafe
etag
1690124483490796579
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 08 Jul 2021 18:20:42 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
5573
date
Thu, 08 Jul 2021 16:47:49 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Thu, 08 Jul 2021 18:47:49 GMT
roundtrip.js
s.adroll.com/j/ 		43 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f1bf333796f692318dd70e062d1efe63338e020114d1ee5847055bc82f501f44

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
pAM0.euFDysO58MEarE8oeehvhlA2XbA
Content-Encoding
gzip
ETag
"a392494e5ef76458b487317c249101f0"
x-amz-request-id
GFC88ABM5Z2RT2ET
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
13710
x-amz-id-2
TvEDMOabTBEBYHsC2LGUou2fSYFopQgXagfBlQIxp26nFbNnpsvtb6qfxVs2dCSiiuSGXrgu3fw=
Last-Modified
Wed, 23 Jun 2021 15:49:39 GMT
Server
AmazonS3
Date
Thu, 08 Jul 2021 18:20:42 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
insight.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28c::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:42 GMT
Content-Encoding
gzip
Last-Modified
Tue, 15 Jun 2021 01:25:13 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=20646
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2079
bat.js
bat.bing.com/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 20:25:24 GMT
x-msedge-ref
Ref A: 691BA3880AE448A88C64C1566E35CB0D Ref B: FRAEDGE1216 Ref C: 2021-07-08T18:20:42Z
etag
"0d2a696ff53d71:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
9008
bizible.js
cdn.bizible.com/scripts/ 		83 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D3F) /
Resource Hash
cbd211affe55e09db45f35c705167002bf33043aa4ac51241291d688cd2a1666

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
content-encoding
gzip
last-modified
Wed, 30 Jun 2021 21:50:16 GMT
server
ECS (lcy/1D3F)
age
57298
etag
"14ed9de9f96dd71:0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
32249
fbevents.js
connect.facebook.net/en_US/ 		95 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0d17b8a38d3dce6f7357bbc8da105d92c21b6cf1c4b92351ce2b1861b065f2c5
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
24676
x-xss-protection
0
pragma
public
x-fb-debug
umsBw0PGYJwjlPL9Ru5PFkctneoEqrP7y9h79a900/klT9vrPIGthLbGNHLYOjnCWWcz5PQD1KhvNy3MFSMR3g==
x-fb-trip-id
917726464
x-frame-options
DENY
date
Thu, 08 Jul 2021 18:20:42 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
tracking.js
trk.techtarget.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
PWS/8.3.1.0.8 /
Resource Hash
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:42 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Jun 2019 20:11:17 GMT
Server
PWS/8.3.1.0.8
Age
503
X-Ws-Request-Id
60e741fa_PSdgflkfFRA1eq9_22695-48699
Content-Type
text/javascript
Via
1.1 PSmgnyNY2no188:0 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA1eq94:13 (W)
Cache-Control
max-age=600
X-Px
ht PSdgflkfFRA1eq94FRA
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1711
Expires
Thu, 08 Jul 2021 18:22:19 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
88 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-6177009-1&cid=1933748882.1625768442&jid=625919218&gjid=1869998929&_gid=927978976.1625768442&_u=YGBAgEABAAAAAE~&z=2136948074
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 08 Jul 2021 18:20:42 GMT
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j91&a=1658871373&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&ul=en-us&de=UTF-8&dt=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=625919218&gjid=1869998929&cid=1933748882.1625768442&tid=UA-6177009-1&_gid=927978976.1625768442&gtm=2wg7705SLZFK&z=944944278
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jul 2021 23:33:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
67608
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1625768442128&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pus...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1625768442128%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblog...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1625768442128&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pus...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1625768442128&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pu...
0
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1625768442128&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&liSync=true&e_ipv6=AQIG7c-6mQ7mYQAAAXqHWbxxo8B2H1a2jTG2OhIXinB5r50V7vUctRob94T4MavY3-bWh5AF
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:43 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-edc2
content-type
application/javascript
content-length
0
x-li-uuid
Yv1hGMnjjxaQsSkQrSoAAA==

Redirect headers

date
Thu, 08 Jul 2021 18:20:42 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1625768442128&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&liSync=true&e_ipv6=AQIG7c-6mQ7mYQAAAXqHWbxxo8B2H1a2jTG2OhIXinB5r50V7vUctRob94T4MavY3-bWh5AF
x-li-proto
http/2
x-li-pop
prod-esv5
content-length
0
x-li-uuid
xbEHAsnjjxYANkTyMCsAAA==
1778897272132032
connect.facebook.net/signals/config/ 		260 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1778897272132032?v=2.9.43&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
92899096da7ba51275e62cfd83f21b64254e148edad21f4c1c6b4ffb94b47b8a
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
qGkYruHmr4MLfQVVKd6MEV7+D1bCsG5IQ612a9sPFYILuUhzvsPBVtECDSqrR7ZLgVRBGCYvaGma6xMfhlOK5g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coop_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 08 Jul 2021 18:20:42 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-6177009-1&cid=1933748882.1625768442&jid=625919218&_u=YGBAgEABAAAAAE~&z=419721234
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-6177009-1&cid=1933748882.1625768442&jid=625919218&_u=YGBAgEABAAAAAE~&z=419721234
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
26354555.js
bat.bing.com/p/action/ 		0
142 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/26354555.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ARR/3.0
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
private,max-age=86400
x-msedge-ref
Ref A: C885CAF6DFAD497F854B77FF35732DC3 Ref B: FRAEDGE1216 Ref C: 2021-07-08T18:20:42Z
x-powered-by
ARR/3.0
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=26354555&tm=gtm001&Ver=2&mid=703a94fc-64e5-40f2-a29c-3ae7fe976feb&sid=34518cd0e01911eb8f6b5bc7b7e444ab&vid=3451a7d0e01911ebbfda5da62050932f&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Latest%20Amadey%20Uses%20Screen%20Capture,%20Pushes%20Remcos%20RAT%20%7C%20Blog&kw=ThreatLabZ,%20Amadey,%20botnet,%20Remcos%20RAT&p=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&r=&lt=2037&evt=pageLoad&msclkid=N&sv=1&rn=594240
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 37E66DE575D44AC0B485562995B9AB47 Ref B: FRAEDGE1216 Ref C: 2021-07-08T18:20:42Z
x-cache
CONFIG_NOCACHE
expires
Fri, 01 Jan 1990 00:00:00 GMT
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
E6Gl9B7gPbHVX38jHWUJV0Im5cXEZg8.
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
6J6WV6RWN730WHRP
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
5fY3mOf86PHfXzznpqyZ93VnsPjHl6TGgYcWIYb8oAwsAUfC3CR9Q6oHbvANb3at/wFXTkgrlzE=
Last-Modified
Thu, 20 May 2021 19:48:38 GMT
Server
AmazonS3
Date
Thu, 08 Jul 2021 18:20:42 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Thu, 08 Jul 2021 18:20:42 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/ 		0
773 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
nP5BD7vWWBHZpvXH3fdrqTJ9jSF193nZ
Content-Encoding
gzip
ETag
"d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id
VAV2BK9Y4XQ7F90D
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
x-amz-id-2
U7ljQZSXFVmkVEoZdQlXcmq2sXGP3oK2z1/xHJslVOc0ezEFTa1+aO0+AI2dDRoYrFu7FnrsDqo=
Last-Modified
Wed, 07 Jul 2021 22:41:16 GMT
Server
AmazonS3
Date
Thu, 08 Jul 2021 18:20:42 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/ULSJHTPGTZGY3EPPZSKHKS?_s=10b2b9ea347d33a1b5263bfbdde12621&_b=2
  • https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=10b2b9ea347d33a1b5263bfbdde12621&_b=2
395 B
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=10b2b9ea347d33a1b5263bfbdde12621&_b=2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.35.200.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.0 /
Resource Hash
b93619c765641dd8f0ed1ddc7f5402bc270c7ab7c232bfb4340544104d67ecbf

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-type
application/javascript
content-length
395
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

location
https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=10b2b9ea347d33a1b5263bfbdde12621&_b=2
date
Thu, 08 Jul 2021 18:20:42 GMT
server
nginx/1.20.0
content-length
105
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1625768442156&cv=9&fst=1625768442156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg770&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&tiba=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
71cbe65159ab46a0d306912b77a6dcd94022549a856637b4bf1e531576ca37c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1099
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1625768442161&cv=9&fst=1625768442161&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg770&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&tiba=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d6c82f49292b472c89c130f9b5ebf5293c17a9a01f362e7210eeefeedbd71060
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1098
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
368 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=2oe770&_p=1658871373&sr=1600x1200&_gaz=1&ul=en-us&cid=1933748882.1625768442&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&dt=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&sid=1625768442&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.allowLinker=true&ep.cookieDomain=auto
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=1933748882.1625768442&gtm=2oe770&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-10SPJ4YJL9&cid=1933748882.1625768442&gtm=2oe770&aip=1&z=393899306
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activity.gif
apt.techtarget.com/activity/ 		43 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=2334982&version=2.0&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&r=1625768442230
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:42 GMT
Last-Modified
Tue, 26 Mar 2019 18:30:29 GMT
ETag
"2b-5850384029cff"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=8
Content-Length
43
/
c.6sc.co/ 		47 B
371 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
12f11527bf277a09779270ca82617b5d49f39f0958d64bfc697f2c3db19b776f

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:42 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.zscaler.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=6e297839-a8ae-417b-856a-e6dd37656fea&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A42%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:42 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
/
www.google.com/pagead/1p-user-list/973777747/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/973777747/?random=1625768442156&cv=9&fst=1625767200000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg770&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&tiba=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&async=1&fmt=3&is_vtc=1&random=3326381262&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/973777747/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/973777747/?random=1625768442156&cv=9&fst=1625767200000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg770&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&tiba=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&async=1&fmt=3&is_vtc=1&random=3326381262&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/812494211/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/812494211/?random=1625768442161&cv=9&fst=1625767200000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg770&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&tiba=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&async=1&fmt=3&is_vtc=1&random=2258108402&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/812494211/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/812494211/?random=1625768442161&cv=9&fst=1625767200000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg770&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&tiba=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&async=1&fmt=3&is_vtc=1&random=2258108402&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ipv
cdn.bizible.com/m/ 		43 B
302 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=dda0e8aec520409fda61225030eec922&_biz_s=9150c&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&_biz_t=1625768442240&_biz_i=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&_biz_n=0&rnd=833568&cdn_o=a&_biz_z=1625768442240
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D2F) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
last-modified
Wed, 07 Jul 2021 15:57:52 GMT
server
ECS (lcy/1D2F)
age
94970
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
u
cdn.bizibly.com/ 		43 B
203 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizibly.com/u?_biz_u=dda0e8aec520409fda61225030eec922&_biz_s=9150c&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&_biz_t=1625768442243&_biz_i=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&rnd=878961&cdn_o=a&_biz_z=1625768442243
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D26) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
last-modified
Thu, 08 Jul 2021 04:25:20 GMT
server
ECS (lcy/1D26)
age
50123
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
/
www.facebook.com/tr/ 		44 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&rl=&if=false&ts=1625768442254&sw=1600&sh=1200&v=2.9.43&r=stable&ec=0&o=30&fbp=fb.1.1625768442253.404683951&it=1625768442140&coo=false&rqm=GET
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Thu, 08 Jul 2021 18:20:42 GMT
icon-enlarge-btn.svg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/icons/ 		38 B
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/icons/icon-enlarge-btn.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b649bfd17cc5e3e8af39b22410079ab862bd232a57b91d4fed98115ea97ce3fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

:path
/cdn-cgi/image/format=auto/themes/custom/zscaler/images/icons/icon-enlarge-btn.svg
pragma
no-cache
cookie
OptanonConsent=isIABGlobal=false&datestamp=Thu+Jul+08+2021+20%3A20%3A42+GMT%2B0200+(Central+European+Summer+Time)&version=6.17.0&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat; _gcl_au=1.1.1922685492.1625768442; _gid=GA1.2.927978976.1625768442; _dc_gtm_UA-6177009-1=1; _uetsid=34518cd0e01911eb8f6b5bc7b7e444ab; _uetvid=3451a7d0e01911ebbfda5da62050932f; _ga_10SPJ4YJL9=GS1.1.1625768442.1.0.1625768442.60; _ga=GA1.1.1933748882.1625768442; _gd_visitor=0de6552b-936e-4fa1-8b18-761d3d70205f; _gd_session=6e297839-a8ae-417b-856a-e6dd37656fea; _biz_uid=dda0e8aec520409fda61225030eec922; _biz_sid=9150c; _biz_nA=1; _biz_pendingA=%5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3Ddda0e8aec520409fda61225030eec922%26_biz_s%3D9150c%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat%26_biz_t%3D1625768442240%26_biz_i%3DLatest%2520Amadey%2520Uses%2520Screen%2520Capture%252C%2520Pushes%2520Remcos%2520RAT%2520%257C%2520Blog%26_biz_n%3D0%26rnd%3D833568%22%5D; _fbp=fb.1.1625768442253.404683951
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
x-content-type-options
nosniff
cf-cache-status
EXPIRED
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/plain;charset=utf-8
cache-control
max-age=300
strict-transport-security
max-age=31536000; preload
content-length
38
cf-ray
66bb53fc2aeec2bd-FRA
cf-resized
err=9412
cf-request-id
0b28f2d1a10000c2bdc284b000000001
xdc.js
cdn.bizible.com/ 		116 B
442 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bizible.com/xdc.js?_biz_u=dda0e8aec520409fda61225030eec922&_biz_h=-1906410348&cdn_o=a&jsVer=4.21.05.19
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D3D) /
Resource Hash
54caa5c60139d1c4300ba103ef74b8208d7a5a4389a951b451e66d1c79d2ad6b

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
cache-control
private, must-revalidate, max-age=21600
server
ECS (lcy/1D3D)
content-type
text/javascript; charset=utf-8
etag
9911BD4A
content-length
116
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
XYPZFM5QENHXRH7RBBI5PW.js
s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/
Redirect Chain
  • https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2...
  • https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d810590f9922185c831b7ab654e702787149dd21696fd84feddd24d11b484376

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
OY5SMDU5krq_94RLWz8z8l.mMHNE0s1m
Content-Encoding
gzip
ETag
"87b835687770a0a3459c528393609550"
x-amz-request-id
A10CBA675B20AE4D
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2149
x-amz-id-2
CmUuSWCLBJE70GfiNFq9ZqDzQwrnoPU/WF4R8eEmZgTwc5HCd9RqHwgIUT+kAc0DFWd4Kv1DMow=
Last-Modified
Wed, 16 Dec 2020 02:54:42 GMT
Server
AmazonS3
Date
Thu, 08 Jul 2021 18:20:42 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

pragma
no-cache
x-conversion-value
0.00
server
nginx/1.20.0
x-rule
*
date
Thu, 08 Jul 2021 18:20:42 GMT
x-segment-eid
XYPZFM5QENHXRH7RBBI5PW
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
cache-control
no-store, no-cache, must-revalidate
x-segment-display-name
Visitors to Unsegmented Pages
x-pixel-eid
22OEOVE2YNFA3EKSRERISY
x-segment-name
*
x-advertisable-eid
ULSJHTPGTZGY3EPPZSKHKS
content-length
0
x-conversion-currency
details
epsilon.6sense.com/v3/company/ 		1 KB
764 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.65.155.204 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
46b6d86b3a54a59ec638cac8f5de31970831cc04b472a940635dd3445c58b72c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.zscaler.com/
Authorization
Token d9a28eea7120bf0c47191c72d2fdf42c4de8fc4e
EpsilonCookie
64bb1002e8550000fa41e7609a000000a5e11500

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
content-length
579
details
epsilon.6sense.com/v3/company/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Server
3.65.155.204 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
authorization,epsiloncookie
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
server
nginx
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
access-control-max-age
1800
access-control-allow-methods
OPTIONS,GET
access-control-allow-headers
authorization,epsiloncookie
sendrolling.js
s.adroll.com/j/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/sendrolling.js
Requested by
Host: d.adroll.com
URL: https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&pv=47653819323.05548&cookie=&adroll_s_ref=&keyw=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baab Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
yduMaQmUnAaUPCY8PJPmVVBN46VTUkmk
Content-Encoding
gzip
ETag
"5c44da3d0ddeac28ae4c1facdfbfa217"
x-amz-request-id
P2SY3NJ16BC12P5X
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2719
x-amz-id-2
PQKSPN1seN6xFa04kZMerWJcWYB9jup3y7tO/W7/b/B8fY2NBiffft7uHBu9Jbn5P41AfE1ilKg=
Last-Modified
Wed, 07 Jul 2021 21:30:55 GMT
Server
AmazonS3
Date
Thu, 08 Jul 2021 18:20:42 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
476377582537549
connect.facebook.net/signals/config/ 		260 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/476377582537549?v=2.9.43&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e2c704ba037f0310da2d73dccf95065fdea4d9b3fe122d6ba704d40397830a17
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
VLNB9MzRXi4+DaeltzxDP1gG+Uava7vOh7xA0m37rI4eAO9yfdvcfo94UONuVhi/xFMRzPKU+bbaoXWh+1KFhg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coop_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 08 Jul 2021 18:20:42 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
sync
pixel.advertising.com/ups/55980/
Redirect Chain
  • https://d.adroll.com/cm/aol/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-...
  • https://pixel.advertising.com/ups/55980/sync?uid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
0
125 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/55980/sync?uid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.153.71 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://pixel.advertising.com/ups/55980/sync?uid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
167
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://d.adroll.com/cm/index/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-scree...
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expiration=1657304442
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expiration=1657304442&C=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expiration=1657304442&C=1
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 08 Jul 2021 18:20:42 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 08 Jul 2021 18:20:42 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 08 Jul 2021 18:20:42 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expiration=1657304442&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
333
Expires
Thu, 08 Jul 2021 18:20:42 GMT
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://d.adroll.com/cm/n/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-ca...
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expires=365
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expires=365
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&expires=365
pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
124
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cookie-sync
sync.outbrain.com/
Redirect Chain
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-sc...
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
0
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:42 GMT
Cache-Control
no-cache
X-TraceId
e5706f06cd55e75210c73aeedbf73ae3
Content-Length
0

Redirect headers

location
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
100
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pug
simage2.pubmatic.com/AdServer/
Redirect Chain
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-sc...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...
1 B
547 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:41 GMT
cache-control
no-store, no-cache, private
x-lat
amspug014:0:341
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
220
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-scr...
  • https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
0
247 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream
10.41.10.199:10213
date
Thu, 08 Jul 2021 18:20:42 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
15980

Redirect headers

location
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
111
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
xuid
eb2.3lift.com/
Redirect Chain
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-...
  • https://eb2.3lift.com/xuid?mid=4714&xuid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&dongle=c85e
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.225.56 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-225-56.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
/xuid?ld=1&mid=4714&xuid=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
v1
ads.yahoo.com/cms/
Redirect Chain
  • https://d.adroll.com/cm/r/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-ca...
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
0
443 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

location
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
165
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
sync
x.bidswitch.net/ul_cb/
Redirect Chain
  • https://d.adroll.com/cm/b/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-ca...
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
43 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.165.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

location
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
bounce
ib.adnxs.com/
Redirect Chain
  • https://d.adroll.com/cm/x/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-ca...
  • https://ib.adnxs.com/setuid?entity=172&code=ZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 08 Jul 2021 18:20:42 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
61695819-8730-4b8c-8c0a-5356d3b6a459
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 08 Jul 2021 18:20:42 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
cde950a4-4ec4-4d71-9b63-ee6e8280aa3c
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZDFjZDc5MDcyMDQ1Nzk2ODJkNDhkMDZjNzY0NGVlYmU
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
out
d.adroll.com/cm/l/ 		42 B
180 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/l/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.35.200.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.20.0
content-length
42
vary
Cookie
content-type
image/gif
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://d.adroll.com/cm/o/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-ca...
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=d1cd7907204579682d48d06c7644eebe
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d1cd7907204579682d48d06c7644eebe
43 B
180 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d1cd7907204579682d48d06c7644eebe
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.210.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
via
1.1 google
server
OXGW/16.210.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=d1cd7907204579682d48d06c7644eebe
date
Thu, 08 Jul 2021 18:20:42 GMT
via
1.1 google
server
OXGW/16.210.0
alt-svc
clear
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
in
d.adroll.com/cm/g/
Redirect Chain
  • https://d.adroll.com/cm/g/out?adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-ca...
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=0c15ByBFeWgtSNBsdkTuvg
  • https://d.adroll.com/cm/g/in
42 B
537 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/g/in
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.35.200.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
server
nginx/1.20.0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42
x-result
g.-1.-1.-1

Redirect headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:42 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://d.adroll.com/cm/g/in
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
225
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=476377582537549&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&rl=&if=false&ts=1625768442448&cd[segment_eid]=XYPZFM5QENHXRH7RBBI5PW&sw=1600&sh=1200&v=2.9.43&r=stable&ec=0&o=29&fbp=fb.1.1625768442253.404683951&it=1625768442140&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:42 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
expires
Thu, 08 Jul 2021 18:20:42 GMT
main.rtfl.js
visitor.reactful.com/dist/ 		273 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visitor.reactful.com/dist/main.rtfl.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
4d71e28edcd31a762462d68b69b58c84965188c5f19c64f9d55fe0520e33985d

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 17:31:10 GMT
content-encoding
gzip
server
Google Frontend
age
2972
etag
"T5buNg"
content-type
application/javascript; charset=UTF-8
x-cloud-trace-context
2f906d2ca654b445cb2b71bc42702d83
cache-control
public,public, max-age=432000
content-length
107826
expires
Tue, 13 Jul 2021 17:31:10 GMT
/
visitor.reactful.com/config/494419/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://visitor.reactful.com/config/494419/?page=%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&hash=&referer=&user_id=&hshkgid=82bcfcbf-f9a1-4ab8-8ad7-58093a676ad5&cb_rtfl=_rtfl_jsonp_0
Protocol
H2
Server
2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
url-params-data
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://www.zscaler.com
access-control-allow-methods
GET
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
content-type
text/javascript
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-cloud-trace-context
c92945ea7b77d55c14d3c1b689fbf7dd
date
Thu, 08 Jul 2021 18:20:42 GMT
server
Google Frontend
content-length
0
expires
Thu, 08 Jul 2021 18:20:42 GMT
/
visitor.reactful.com/config/494419/ 		8 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://visitor.reactful.com/config/494419/?page=%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&hash=&referer=&user_id=&hshkgid=82bcfcbf-f9a1-4ab8-8ad7-58093a676ad5&cb_rtfl=_rtfl_jsonp_0
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
69247028426d3ee7957421ac4a4e005b1a0f61cb982e4b87511c378a277019e0

Request headers

Url-Params-Data
e30=
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:43 GMT
content-encoding
gzip
server
Google Frontend
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
access-control-allow-origin
https://www.zscaler.com
x-cloud-trace-context
50341b715ea5bdd28cb8f8d9376cae68
cache-control
no-cache
access-control-allow-credentials
true
content-type
text/html; charset=utf-8
access-control-allow-headers
Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length
1409
expires
Thu, 08 Jul 2021 18:20:43 GMT
/
www.facebook.com/tr/ 		0
15 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundarylWYPaq5PvTW25l9T

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Thu, 08 Jul 2021 18:20:42 GMT
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-length
0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=64bb1002e8550000fa41e7609a000000a5e11500&session=6e297839-a8ae-417b-856a-e6dd37656fea&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A42%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:43 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
422d6d69-7871-4f67-bfad-cfd3005934b4
https://www.zscaler.com/ 		8 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
blob:https://www.zscaler.com/422d6d69-7871-4f67-bfad-cfd3005934b4
Requested by
Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
69247028426d3ee7957421ac4a4e005b1a0f61cb982e4b87511c378a277019e0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
8533
Content-Type
text/html
/
tracking.reactful.com/tracking/494419/ 		6 B
189 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tracking.reactful.com/tracking/494419/
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56

Request headers

Accept
*/*
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 08 Jul 2021 18:20:43 GMT
content-encoding
gzip
server
Google Frontend
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
3edc7f4b7e2bcdd9995d7d2ecba119e1
cache-control
no-cache
content-length
26
nr-1209.min.js
js-agent.newrelic.com/ 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1209.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.27 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1676a8158867ca736ff0a960b9300b8e0e8c016faa2b3211d54d1317213be669

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
Ilyf2heqjbcb6UZHMuleD6bz44kdIrhk
content-encoding
gzip
etag
"ceffb14d16467e17c5360bf7880099fa"
x-amz-request-id
7K3X2D9YD41NCYFB
x-cache
HIT
content-length
11738
x-amz-id-2
qhf66eKs3SPjI6TexPyH9jA0uwaogu9Ae1khezcdoJ4vNe44sP63blPIEZc/Zcun2gZYP8YRu0k=
x-served-by
cache-hhn4070-HHN
last-modified
Thu, 20 May 2021 23:21:18 GMT
server
AmazonS3
x-timer
S1625768444.933360,VS0,VE0
date
Thu, 08 Jul 2021 18:20:43 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
4791
zscaler-cookie-icon-close.png
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/icons/one-trust/ 		776 B
939 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/icons/one-trust/zscaler-cookie-icon-close.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb89d46fb705df36ed668c424a0a476cf8cd36788b7164989c81fcad78d13633
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/themes/custom/zscaler/images/icons/one-trust/zscaler-cookie-icon-close.png
pragma
no-cache
cookie
OptanonConsent=isIABGlobal=false&datestamp=Thu+Jul+08+2021+20%3A20%3A42+GMT%2B0200+(Central+European+Summer+Time)&version=6.17.0&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat; _gcl_au=1.1.1922685492.1625768442; _gid=GA1.2.927978976.1625768442; _dc_gtm_UA-6177009-1=1; _uetsid=34518cd0e01911eb8f6b5bc7b7e444ab; _uetvid=3451a7d0e01911ebbfda5da62050932f; _ga_10SPJ4YJL9=GS1.1.1625768442.1.0.1625768442.60; _ga=GA1.1.1933748882.1625768442; _gd_visitor=0de6552b-936e-4fa1-8b18-761d3d70205f; _gd_session=6e297839-a8ae-417b-856a-e6dd37656fea; _biz_uid=dda0e8aec520409fda61225030eec922; _biz_sid=9150c; _biz_nA=1; _fbp=fb.1.1625768442253.404683951; _biz_pendingA=%5B%5D; __adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323; _gd_svisitor=64bb1002e8550000fa41e7609a000000a5e11500; __ar_v4=%7CULSJHTPGTZGY3EPPZSKHKS%3A20210707%3A1%7C22OEOVE2YNFA3EKSRERISY%3A20210707%3A1%7CXYPZFM5QENHXRH7RBBI5PW%3A20210707%3A1; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _rtfl_s_handshake_guid=82bcfcbf-f9a1-4ab8-8ad7-58093a676ad5; _rtfl_s_494419_specific_site_session=X0RzMVdrZzFpQWF0dkNMdHBYZm5ENzVfNzEyY2RhOGY4YjU2Yzc2MmJkMWVlOTQwMjFlYmI5OTBjZGY4OGQ1Mg==; _rtfl_s_unique_visitor_session=X0gycUdyUmJLVExWZWNnd2ZUOUhLVGxfNDBlNzFlZmYwZjM5NDkwYjAyOGU0YWQwZWE3NGM5MGE5MWRhZjI2Yw==; _rtfl_s_specific_site_sessions_count=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:43 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
HIT
vary
Accept-Encoding
content-length
776
cf-request-id
0b28f2d7e60000c2bd71b17000000001
last-modified
Fri, 08 Jan 2021 14:07:04 GMT
server
cloudflare
etag
"cfgDVbTITiNPxOAYVw6hPFGg"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
public, max-age=1814400
cf-resized
internal=ok/h q=0 n=57 c=46 v=2021.6.6
accept-ranges
bytes
cf-ray
66bb54063864c2bd-FRA
zscaler-cookie-icon-asterik.png
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/icons/one-trust/ 		729 B
896 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/icons/one-trust/zscaler-cookie-icon-asterik.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a60aff57c97d66cc2667db2e23580a4d3910a5106bc7f89fb30622b5f62c37c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff nosniff

Request headers

:path
/cdn-cgi/image/format=auto/themes/custom/zscaler/images/icons/one-trust/zscaler-cookie-icon-asterik.png
pragma
no-cache
cookie
OptanonConsent=isIABGlobal=false&datestamp=Thu+Jul+08+2021+20%3A20%3A42+GMT%2B0200+(Central+European+Summer+Time)&version=6.17.0&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat; _gcl_au=1.1.1922685492.1625768442; _gid=GA1.2.927978976.1625768442; _dc_gtm_UA-6177009-1=1; _uetsid=34518cd0e01911eb8f6b5bc7b7e444ab; _uetvid=3451a7d0e01911ebbfda5da62050932f; _ga_10SPJ4YJL9=GS1.1.1625768442.1.0.1625768442.60; _ga=GA1.1.1933748882.1625768442; _gd_visitor=0de6552b-936e-4fa1-8b18-761d3d70205f; _gd_session=6e297839-a8ae-417b-856a-e6dd37656fea; _biz_uid=dda0e8aec520409fda61225030eec922; _biz_sid=9150c; _biz_nA=1; _fbp=fb.1.1625768442253.404683951; _biz_pendingA=%5B%5D; __adroll_fpc=6120666f4bb565c22252bbf303b6bb4b-1625768442323; _gd_svisitor=64bb1002e8550000fa41e7609a000000a5e11500; __ar_v4=%7CULSJHTPGTZGY3EPPZSKHKS%3A20210707%3A1%7C22OEOVE2YNFA3EKSRERISY%3A20210707%3A1%7CXYPZFM5QENHXRH7RBBI5PW%3A20210707%3A1; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _rtfl_s_handshake_guid=82bcfcbf-f9a1-4ab8-8ad7-58093a676ad5; _rtfl_s_494419_specific_site_session=X0RzMVdrZzFpQWF0dkNMdHBYZm5ENzVfNzEyY2RhOGY4YjU2Yzc2MmJkMWVlOTQwMjFlYmI5OTBjZGY4OGQ1Mg==; _rtfl_s_unique_visitor_session=X0gycUdyUmJLVExWZWNnd2ZUOUhLVGxfNDBlNzFlZmYwZjM5NDkwYjAyOGU0YWQwZWE3NGM5MGE5MWRhZjI2Yw==; _rtfl_s_specific_site_sessions_count=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.zscaler.com
referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.zscaler.com/sites/default/files/css/css_1m75ZafY4Z76txr7BUQg0IhIUwVx4ajlNLDs3qEaSI4.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Jul 2021 18:20:43 GMT
via
varnish
x-content-type-options
nosniff nosniff
cf-cache-status
HIT
vary
Accept-Encoding
content-length
729
cf-request-id
0b28f2d7ec0000c2bdbba85000000001
last-modified
Mon, 11 Jan 2021 08:07:28 GMT
server
cloudflare
etag
"cfE2OXtupEvUNIzcVy-cumJQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
public, max-age=1814400
cf-resized
internal=ok/h q=0 n=19 c=92 v=2021.6.1
accept-ranges
bytes
cf-ray
66bb54063865c2bd-FRA
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1658871373&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&ul=en-us&de=UTF-8&dt=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6Sense&ea=6Sense%20Enrich&el=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&_u=aGDACEABBAAAAG~&jid=1467785255&gjid=20910065&cid=1933748882.1625768442&tid=UA-6177009-1&_gid=927978976.1625768442&_r=1&gtm=2wg7705SLZFK&cd4=France&cd5=credit-suisse.com&cd6=10%2C000%2B&cd7=Credit%20Suisse&cd8=%245B%2B&cd9=Ile-de-France&cd10=Investment%20Banking%20and%20Securities%20Dealing&cd15=%5Bobject%20Object%5D&z=826694987
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j91&a=1658871373&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&ul=en-us&de=UTF-8&dt=Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Engagement&ea=10%25&el=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&_u=aGDACEABBAAAAG~&jid=&gjid=&cid=1933748882.1625768442&tid=UA-6177009-1&_gid=927978976.1625768442&gtm=2wg7705SLZFK&z=1288156544
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jul 2021 23:33:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
67609
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-6177009-1&cid=1933748882.1625768442&jid=1467785255&gjid=20910065&_gid=927978976.1625768442&_u=aGDACEABBAAAAG~&z=161084608
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 08 Jul 2021 18:20:43 GMT
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-6177009-1&cid=1933748882.1625768442&jid=1467785255&_u=aGDACEABBAAAAG~&z=6488338
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:43 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-6177009-1&cid=1933748882.1625768442&jid=1467785255&_u=aGDACEABBAAAAG~&z=6488338
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jul 2021 18:20:43 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
2148692b96
bam-cell.nr-data.net/1/ 		49 B
861 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/2148692b96?a=546882274&v=1209.f04e2b9&to=Ml1VMkNXDEBTWxZaWAsXdgVFXw1dHXwQRkcEVGsIXlIHb3FXDEdFClRbA0NqLFxWXTRaUhJ7WAhFRA1fXl0QHgkTUVIR&rst=4086&ck=1&ref=https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&ap=885&be=1123&fe=3978&dc=1865&perf=%7B%22timing%22:%7B%22of%22:1625768439885,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:8,%22c%22:8,%22s%22:13,%22ce%22:89,%22rq%22:89,%22rp%22:966,%22rpe%22:978,%22dl%22:1115,%22di%22:1863,%22ds%22:1864,%22de%22:2037,%22dc%22:3977,%22l%22:3977,%22le%22:3994%7D,%22navigation%22:%7B%7D%7D&fp=2076&fcp=2076&at=HhpWRAtNH04%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1209.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:44 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
X-NewRelic-App-Data
PxQGQlVRDAMDUVZQFR0VMQFTYkEDCBADUxZRDVZkG3xWEU0YdQhAEgVCVAkDEWQcfgEVFk51XhUUUEJQCgMRQBxSFlIUChoDC1AMWHRMB05WAhtDU1ddBQdWUFFWAwdfBVcECkBKBQNcEV0/
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
66bb54072fc93317-CDG
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=64bb1002e8550000fa41e7609a000000a5e11500&session=6e297839-a8ae-417b-856a-e6dd37656fea&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A43%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:44 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=6c020de4-f050-41b1-84cb-d0cab946637e&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A44%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:45 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=6c020de4-f050-41b1-84cb-d0cab946637e&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A45%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:46 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=6c020de4-f050-41b1-84cb-d0cab946637e&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A46%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:47 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=6c020de4-f050-41b1-84cb-d0cab946637e&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226008%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:48 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=9a57ccc8-9377-4db4-8f7d-ef38d447768d&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A48%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227009%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:49 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=9a57ccc8-9377-4db4-8f7d-ef38d447768d&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A49%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%228010%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:50 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=9a57ccc8-9377-4db4-8f7d-ef38d447768d&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A50%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%229011%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:51 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=9a57ccc8-9377-4db4-8f7d-ef38d447768d&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A51%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%2210012%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:52 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
2148692b96
bam-cell.nr-data.net/events/1/ 		24 B
503 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/events/1/2148692b96?a=546882274&v=1209.f04e2b9&to=Ml1VMkNXDEBTWxZaWAsXdgVFXw1dHXwQRkcEVGsIXlIHb3FXDEdFClRbA0NqLFxWXTRaUhJ7WAhFRA1fXl0QHgkTUVIR&rst=14086&ck=1&ref=https://www.zscaler.com/blogs/security-research/latest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
text/plain

Response headers

Date
Thu, 08 Jul 2021 18:20:54 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zscaler.com
access-control-allow-credentials
true
Connection
keep-alive
CF-Ray
66bb5445590c3317-CDG
Content-Length
24
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=9a57ccc8-9377-4db4-8f7d-ef38d447768d&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A52%20GMT%22%2C%22timeSpent%22%3A%223001%22%2C%22totalTimeSpent%22%3A%2213013%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:55 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=7300366f-ef24-46c0-82ad-cdcb0ca4823f&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Jul%202021%2018%3A20%3A55%20GMT%22%2C%22timeSpent%22%3A%223001%22%2C%22totalTimeSpent%22%3A%2216014%22%7D&isIframe=false&m=%7B%22description%22%3A%22Clickjacking%20is%20really%20starting%20to%20be%20embraced%20by%20attackers%20since%20Jeremiah%20Grossman%20and%20Robert%20Hansen%20first%20spoke%20about%20it%20at%20OWASP%20NYC%20AppSec%202008.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Amadey%2C%20botnet%2C%20Remcos%20RAT%22%2C%22title%22%3A%22Latest%20Amadey%20Uses%20Screen%20Capture%2C%20Pushes%20Remcos%20RAT%20%7C%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&pageViewId=4fa6f5ca-6c2b-46ed-8a45-5edaeae293c9
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 08 Jul 2021 18:20:58 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

120 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| NREUM object| newrelic function| __nr_require number| sf14gv function| OptanonWrapper undefined| mystripe function| $ function| _toConsumableArray function| jQuery object| drupalSettings object| Drupal function| Popper object| Cookies object| APP object| UTIL object| bootstrap object| FormValidation function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry function| Sifter object| MicroPlugin function| Selectize object| IPv6 object| punycode object| SecondLevelDomains function| URI function| URITemplate function| imagesLoaded object| lazySizes object| dataLayer object| OneTrust string| containerName string| languageSwitcherFileName string| useDocumentLanguage string| languageSwitcherFilePathPart string| languageSwitcherURL function| getLanguageSwitcherScriptPath function| isLanguageSwitcherFile string| languageKey object| single_optin_parent object| single_optin_checkbox object| sponsorOptinc function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin undefined| a undefined| c function| jsonFeed object| Optanon string| OnetrustActiveGroups string| OptanonActiveGroups object| google_tag_manager object| google_tag_data function| process6senseData object| _6si string| GoogleAnalyticsObject function| ga string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| _linkedin_data_partner_id object| uetq function| fbq function| _fbq object| techtargetic object| MunchkinTracker object| gaplugins object| gaGlobal object| gaData function| lintrk boolean| _already_called_lintrk function| UET function| UET_init function| UET_push string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks undefined| adroll_tpc_callback function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| onYouTubeIframeAPIReady object| Bizible object| BizTrackingA object| BizA object| _vis_opt_queue object| LC_API boolean| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country number| adroll_xavier_called number| __adroll_xid_ch object| adroll_currency object| adroll_conversion_value object| adroll_conversion_value_in_dollars object| adroll_exp_list string| adroll_seg_eid object| _rctfl undefined| _ object| _rctfl_track

23 Cookies

Domain/Path Name / Value
www.zscaler.com/ Name: _rtfl_s_specific_site_sessions_count
Value: 1
.www.zscaler.com/ Name: _rtfl_s_handshake_guid
Value: 82bcfcbf-f9a1-4ab8-8ad7-58093a676ad5
.www.zscaler.com/ Name: __adroll_fpc
Value: 6120666f4bb565c22252bbf303b6bb4b-1625768442323
www.zscaler.com/ Name: _gd_svisitor
Value: 64bb1002e8550000fa41e7609a000000a5e11500
.zscaler.com/ Name: _fbp
Value: fb.1.1625768442253.404683951
.zscaler.com/ Name: _biz_pendingA
Value: %5B%5D
.zscaler.com/ Name: _biz_nA
Value: 1
www.zscaler.com/ Name: _gd_session
Value: 6e297839-a8ae-417b-856a-e6dd37656fea
.zscaler.com/ Name: _ga_10SPJ4YJL9
Value: GS1.1.1625768442.1.0.1625768442.60
.zscaler.com/ Name: _rtfl_s_unique_visitor_session
Value: X0gycUdyUmJLVExWZWNnd2ZUOUhLVGxfNDBlNzFlZmYwZjM5NDkwYjAyOGU0YWQwZWE3NGM5MGE5MWRhZjI2Yw==
.zscaler.com/ Name: _biz_uid
Value: dda0e8aec520409fda61225030eec922
.www.zscaler.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Thu+Jul+08+2021+20%3A20%3A43+GMT%2B0200+(Central+European+Summer+Time)&version=6.17.0&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Flatest-version-amadey-introduces-screen-capturing-and-pushes-remcos-rat&groups=101%3A1%2C1%3A1%2C0_138025%3A1%2C122%3A1%2C2%3A1%2C0_137957%3A1%2C116%3A1%2C0_138118%3A1%2C119%3A1%2C3%3A1%2C0_138119%3A1%2C4%3A1%2C121%3A1%2C0_138125%3A1%2C0_138122%3A1%2C0_192188%3A1%2C0_192175%3A1%2C0_192171%3A1%2C0_138160%3A1%2C0_138127%3A1%2C0_138123%3A1%2C0_192189%3A1%2C0_192172%3A1%2C0_138128%3A1%2C0_192190%3A1%2C0_138129%3A1%2C0_192170%3A1%2C102%3A1%2C103%3A1%2C104%3A1%2C105%3A1%2C106%3A1%2C107%3A1%2C108%3A1%2C109%3A1%2C110%3A1%2C111%3A1%2C112%3A1%2C113%3A1%2C114%3A1%2C115%3A1%2C117%3A1%2C118%3A1%2C120%3A1%2C123%3A1%2C124%3A1%2C125%3A1%2C126%3A1%2C127%3A1%2C128%3A1%2C129%3A1%2C130%3A1
.www.zscaler.com/ Name: __ar_v4
Value: %7CULSJHTPGTZGY3EPPZSKHKS%3A20210707%3A1%7C22OEOVE2YNFA3EKSRERISY%3A20210707%3A1%7CXYPZFM5QENHXRH7RBBI5PW%3A20210707%3A1
.zscaler.com/ Name: _ga
Value: GA1.1.1933748882.1625768442
.zscaler.com/ Name: _dc_gtm_UA-6177009-1
Value: 1
.zscaler.com/ Name: _gcl_au
Value: 1.1.1922685492.1625768442
.zscaler.com/ Name: _uetvid
Value: 3451a7d0e01911ebbfda5da62050932f
.zscaler.com/ Name: _uetsid
Value: 34518cd0e01911eb8f6b5bc7b7e444ab
.zscaler.com/ Name: _biz_sid
Value: 9150c
.zscaler.com/ Name: _rtfl_s_494419_specific_site_session
Value: X0RzMVdrZzFpQWF0dkNMdHBYZm5ENzVfNzEyY2RhOGY4YjU2Yzc2MmJkMWVlOTQwMjFlYmI5OTBjZGY4OGQ1Mg==
.zscaler.com/ Name: _gid
Value: GA1.2.927978976.1625768442
.zscaler.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
www.zscaler.com/ Name: _gd_visitor
Value: 0de6552b-936e-4fa1-8b18-761d3d70205f

2 Console Messages

Source Level URL
Text
console-api log (Line 1)
Message:
in callback
console-api log URL: https://visitor.reactful.com/dist/main.rtfl.js(Line 39)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yahoo.com
analytics.google.com
apt.techtarget.com
b.6sc.co
bam-cell.nr-data.net
bat.bing.com
c.6sc.co
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
dsum-sec.casalemedia.com
eb2.3lift.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
j.6sc.co
js-agent.newrelic.com
munchkin.marketo.net
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.adroll.com
simage2.pubmatic.com
snap.licdn.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.sf14g.com
tracking.reactful.com
trk.techtarget.com
us-u.openx.net
visitor.reactful.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.zscaler.com
x.bidswitch.net
104.111.233.140
108.174.10.14
141.226.228.48
142.250.186.98
151.101.113.27
152.195.15.58
162.247.243.146
163.171.128.148
172.217.23.98
18.192.225.56
185.64.189.110
2.18.234.21
206.19.49.24
23.45.104.85
2606:4700::6810:9440
2606:4700::6813:d53e
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:80:800::7001
2a00:1450:4001:808::2004
2a00:1450:4001:808::2013
2a00:1450:4001:809::2013
2a00:1450:4001:80e::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200e
2a00:1450:4001:829::2003
2a00:1450:4001:829::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2003
2a00:1450:400c:c04::9a
2a00:1450:400c:c08::9b
2a02:26f0:6c00:28c::25ea
2a02:26f0:6c00::210:baab
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
3.124.165.65
3.65.155.204
34.98.64.218
35.156.153.71
37.252.172.37
50.19.224.133
63.35.200.21
64.202.112.191
69.173.144.139
0136a3f123a1e9b3abff969b246786854e58bd66c321dadec9ee9539ed4ede31
026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429
08757ff01dc82868378519aaf29b377895021e6ff35bef0fc23fa7e77411b6c4
0b3d1c9bf34cb241a9638e35826e8624628d68229080d94fd15b298f63a590e5
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d17b8a38d3dce6f7357bbc8da105d92c21b6cf1c4b92351ce2b1861b065f2c5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12f11527bf277a09779270ca82617b5d49f39f0958d64bfc697f2c3db19b776f
1676a8158867ca736ff0a960b9300b8e0e8c016faa2b3211d54d1317213be669
1a60aff57c97d66cc2667db2e23580a4d3910a5106bc7f89fb30622b5f62c37c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e026aa9038d28d8bb04b6c02f56c3d9e97920fa6bc339a1d6b72a99e7d69843
30d75e9a1eca3c2176d50f10c8f846322b5eabd951e51fcbb406ca0aeeeef613
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
35957c6bbd8cfcfbead96d1b5f98a8b36bf2e443f11718f01af5dcb5cb404aef
3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671
46b6d86b3a54a59ec638cac8f5de31970831cc04b472a940635dd3445c58b72c
482473d233bf196f6216a21a1a970b3ff934221cda23079bed46f159b1baa4a5
4a6ce8ee6ce904a9b590e3e458d3332b7ef3a17f53153d31cc2aa30821ebb46f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c24d940ef8ea53e7f647678ce74486023796267cb8fd55b54d2212cd01485ba
4d71e28edcd31a762462d68b69b58c84965188c5f19c64f9d55fe0520e33985d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ed1bf654cfa63b669ba5e97b088e3a468912d96d00fab4db607272435fc41ec
501ec19085d3adda081e5964f9295aedc75ba51a48a30c91539f2f0ccc8b48e9
513dc8f33086b6b9b514032826cd50e0a298b611a921c667aa08e08a4f29b1ca
52715f5996e0200b021033694b01e16815f4a69c8d93929e7534e5b657b2c06f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54caa5c60139d1c4300ba103ef74b8208d7a5a4389a951b451e66d1c79d2ad6b
57140e2d39089d723259e3e86568864036fac49f93021d1def07076ccec81bda
58ecc6c676de68150eeb13baa19829ff4dfb5e8c7afa8b9f67c5fe6a78f19856
5d23676da3d5b10007f7f675da723f274604cd88397dc25c4721519973994a71
64f41676bf2b1e84a1b4df922ee3fb4c8424b1e3a3f304ea8cb1563b4fd91edc
69247028426d3ee7957421ac4a4e005b1a0f61cb982e4b87511c378a277019e0
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
71cbe65159ab46a0d306912b77a6dcd94022549a856637b4bf1e531576ca37c4
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1
79e40ce5098ca3d5d3ed476b2b4e156829bdec21fb8c07bab967f6525f5c5677
825f865cf7248c3d146e9f1102829679e3eb598afcfd4d6ae368e3dcb066737e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87611d7a5df4aaa658a0b44dcc2a80c83b1fb8da3a8badee2ad4940b05a20f01
88ad4a43ec6a7f9fa9813e20c076df129708bc52ed5830054e10e6d29da55700
89ec6ec585060963d30537328e9a404d14aa6b797a67b67c1f24c244af4998b8
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
926ee7241a2b70b863bceee11202aba19564c754b098e2491aa911f5f9d22223
92899096da7ba51275e62cfd83f21b64254e148edad21f4c1c6b4ffb94b47b8a
92bd24374fb205c765a133d522acb2772693d2ccd486b7855e2447918de296a1
979fad71a30e04878ea6f208924e89593d93fac949e1ddcdd824e265d840b32e
982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee
98515abc1dc23dfee77bed4169921a8cdb0d10486277997a31d77ce67aafd8e1
9889de61b49684c87111bcc4c726a73c3e6d799ca8eefa7f3dc109d533e92470
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1
9dc6a571eb2c6ef91003bd4dd0ed914d0bbe394d4347bb503e0d3b1b9295a6db
a48e1a110cc87847a37769d14a2c7ac89dc85dde58a6bbb48b5a6e83ed476cc2
ab5f2f14dcf7bd5b3dbbe96db9699360945730f5a0ff1741545d1522a0a8a525
abb404f7e8dc4bf360da42b9604c09304575182147d7089d7d17e69d9eaad627
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2bc5c873ea08bd577d85881c93d4883fb35807427892397f52e417e85e93149
b649bfd17cc5e3e8af39b22410079ab862bd232a57b91d4fed98115ea97ce3fd
b7c84204d63d097cc066dce7834f32e085088e0f7337cc218bd214d9b93956a0
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
b93619c765641dd8f0ed1ddc7f5402bc270c7ab7c232bfb4340544104d67ecbf
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23
c7d2ba4ac3f7bfe366dc86faed3e20d7ee841f150849b75347b1f0dd31beeaa0
cb89d46fb705df36ed668c424a0a476cf8cd36788b7164989c81fcad78d13633
cbd211affe55e09db45f35c705167002bf33043aa4ac51241291d688cd2a1666
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56
d66ef965a7d8e19efab71afb054420d08848530571e1a8e534b0ecdea11a488e
d6c82f49292b472c89c130f9b5ebf5293c17a9a01f362e7210eeefeedbd71060
d810590f9922185c831b7ab654e702787149dd21696fd84feddd24d11b484376
da1b60970149580c709bbc357622d24e7029d658e852e74ef1d861ffb22ad219
daa21724a6f9d8b57a3a1784c9820f9192be6dbb0caae81405605db3b5fd13ba
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfd811395f38d587c8f2b13b0d7e72ce2cbcc5915e3f490098f48bf12ba1d98a
e2c704ba037f0310da2d73dccf95065fdea4d9b3fe122d6ba704d40397830a17
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1bf333796f692318dd70e062d1efe63338e020114d1ee5847055bc82f501f44
f4019dc0c85c3a21c0c97662c7c896476dd01ce39bd1aa7f4c6c91f62d6095ea
f43667045d11d7212f176c7f8d9c595f2a390a24ead32e9aa20a807d761b15c4
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f9bf90a30dfa24e763aa905160b6031fca8ffe9979b52bc123b7e57ce4b4ffdb