www.zscaler.com Open in urlscan Pro
2606:4700::6813:d63e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Submission: On October 19 via api (October 19th 2020, 11:12:06 am UTC) from US

Summary HTTP 99 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 36 IPs in 7 countries across 29 domains to perform 99 HTTP transactions. The main IP is 2606:4700::6813:d63e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 1st 2020. Valid for: a year.

This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
39	2606:4700::68... 2606:4700::6813:d63e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:81a::200a	15169 (GOOGLE) (GOOGLE)
1	52.44.242.176 52.44.242.176	14618 (AMAZON-AES) (AMAZON-AES)
2	88.221.60.75 88.221.60.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
3	104.108.67.47 104.108.67.47	16625 (AKAMAI-AS) (AKAMAI-AS)
1	172.217.16.162 172.217.16.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:10c... 2a02:26f0:10c:582::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:825::200e	15169 (GOOGLE) (GOOGLE)
4	68.232.35.12 68.232.35.12	15133 (EDGECAST) (EDGECAST)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	163.171.132.119 163.171.132.119	54994 (QUANTILNE...) (QUANTILNETWORKS)
3	2a00:1450:400... 2a00:1450:4001:820::2013	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	2a00:1450:400... 2a00:1450:400c:c04::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	185.33.221.13 185.33.221.13	29990 (ASN-APPNEX) (ASN-APPNEX)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
2	52.29.125.201 52.29.125.201	16509 (AMAZON-02) (AMAZON-02)
1	93.184.220.42 93.184.220.42	15133 (EDGECAST) (EDGECAST)
1 2	3.220.33.83 3.220.33.83	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:824::2013	15169 (GOOGLE) (GOOGLE)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
2	162.247.242.20 162.247.242.20	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
99	36

39 2606:4700::6813:d63e (United States)

ASN13335 (CLOUDFLARENET, US)

www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.44.242.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-242-176.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.221.60.75 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-75.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.108.67.47 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-67-47.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s11-in-f162.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:10c:582::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.232.35.12 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.132.119 (Germany)

ASN54994 (QUANTILNETWORKS, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

visitor.reactful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

306-zej-256.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.13 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.125.201 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-125-201.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.220.42 (London, United Kingdom)

ASN15133 (EDGECAST, US)

cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.220.33.83 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-33-83.compute-1.amazonaws.com

tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tracking.reactful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.242.20 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-8.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	zscaler.com www.zscaler.com	3 MB
4	google.de www.google.de	407 B
4	google.com www.google.com	407 B
4	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	3 KB
4	reactful.com visitor.reactful.com tracking.reactful.com	106 KB
4	bizible.com cdn.bizible.com	34 KB
4	gstatic.com fonts.gstatic.com	44 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	google-analytics.com www.google-analytics.com	18 KB
3	6sc.co j.6sc.co c.6sc.co b.6sc.co	8 KB
3	cookielaw.org cdn.cookielaw.org	23 KB
2	nr-data.net bam.nr-data.net	457 B
2	leadlander.com 1 redirects tracking.leadlander.com	520 B
2	6sense.com epsilon.6sense.com	301 B
2	facebook.com www.facebook.com	314 B
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	facebook.net connect.facebook.net	91 KB
2	licdn.com snap.licdn.com	3 KB
2	marketo.net munchkin.marketo.net	7 KB
1	newrelic.com js-agent.newrelic.com	10 KB
1	bizibly.com cdn.bizibly.com	327 B
1	adnxs.com secure.adnxs.com	702 B
1	ytimg.com s.ytimg.com	35 KB
1	mktoresp.com 306-zej-256.mktoresp.com	311 B
1	youtube.com www.youtube.com	1 KB
1	googleadservices.com www.googleadservices.com	11 KB
1	googletagmanager.com www.googletagmanager.com	59 KB
1	sf14g.com t.sf14g.com	37 KB
1	googleapis.com fonts.googleapis.com	1 KB
99	29

	Domain	Requested by
39	www.zscaler.com	www.zscaler.com
4	www.google.de	www.zscaler.com
4	www.google.com	www.zscaler.com
4	cdn.bizible.com	www.googletagmanager.com www.zscaler.com cdn.bizible.com
4	fonts.gstatic.com	fonts.googleapis.com
3	visitor.reactful.com	www.zscaler.com visitor.reactful.com
3	www.google-analytics.com	www.googletagmanager.com www.zscaler.com cdn.bizible.com
3	cdn.cookielaw.org	www.zscaler.com cdn.cookielaw.org
2	bam.nr-data.net	js-agent.newrelic.com cdn.bizible.com
2	tracking.leadlander.com	1 redirects www.zscaler.com
2	epsilon.6sense.com	j.6sc.co
2	www.facebook.com	www.zscaler.com connect.facebook.net
2	px.ads.linkedin.com	1 redirects www.zscaler.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	stats.g.doubleclick.net	www.google-analytics.com cdn.bizible.com
2	connect.facebook.net	www.zscaler.com connect.facebook.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	munchkin.marketo.net	www.zscaler.com munchkin.marketo.net
1	js-agent.newrelic.com	www.zscaler.com
1	tracking.reactful.com	cdn.bizible.com
1	cdn.bizibly.com	www.zscaler.com
1	b.6sc.co	www.zscaler.com
1	apt.techtarget.com	www.zscaler.com
1	secure.adnxs.com	j.6sc.co
1	c.6sc.co	j.6sc.co
1	s.ytimg.com	www.youtube.com
1	www.linkedin.com	1 redirects
1	306-zej-256.mktoresp.com	munchkin.marketo.net
1	trk.techtarget.com	www.zscaler.com
1	www.youtube.com	www.zscaler.com
1	www.googleadservices.com	www.googletagmanager.com
1	j.6sc.co	www.zscaler.com
1	www.googletagmanager.com	www.zscaler.com
1	t.sf14g.com	www.zscaler.com
1	fonts.googleapis.com	www.zscaler.com
99	35

This site contains links to these domains. Also see Links.

Domain
cookiepedia.co.uk
onetrust.com
admin.zscaler.net
admin.zscalerone.net
admin.zscalertwo.net
admin.zscalerthree.net
admin.zscalerbeta.net
admin.zscloud.net
admin.private.zscaler.com
help.zscaler.com
securitypreview.zscaler.com
community.zscaler.com
ir.zscaler.com
partners.zscaler.com
apex.zscaler.com
github.com
www.facebook.com
www.linkedin.com
twitter.com
www.zscaler.fr
www.zscaler.de
www.zscaler.jp
www.twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
zscaler.com DigiCert SHA2 Extended Validation Server CA	`2020-02-01` - `2021-06-30`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2020-07-01` - `2021-07-01`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2020-09-09` - `2021-09-09`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2020-01-07` - `2021-04-07`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.google.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
io.bizible.com DigiCert SHA2 Secure Server CA	`2020-10-07` - `2021-11-08`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-17` - `2022-05-17`	2 years	crt.sh
*.reactful.com Go Daddy Secure Certificate Authority - G2	`2020-03-12` - `2021-05-09`	a year	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
www.google.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh
*.6sense.com Amazon	`2020-07-29` - `2021-08-28`	a year	crt.sh
s2.wac.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2019-05-01` - `2020-11-18`	2 years	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2020-04-28` - `2022-04-28`	2 years	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-13` - `2021-05-07`	7 months	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
*.google.de GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Frame ID: 1E8D0CD7DDF34826EF4A5F7480A3F502
Requests: 97 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

99
Requests

99 %
HTTPS

61 %
IPv6

29
Domains

35
Subdomains

36
IPs

7
Countries

4054 kB
Transfer

6908 kB
Size

21
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More Information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://admin.zscaler.net/
Title: admin.zscaler.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerone.net/
Title: admin.zscalerone.net

Search URL Search Domain Scan URL

URL: https://admin.zscalertwo.net/
Title: admin.zscalertwo.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerthree.net/
Title: admin.zscalerthree.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerbeta.net/
Title: admin.zscalerbeta.net

Search URL Search Domain Scan URL

URL: https://admin.zscloud.net/
Title: admin.zscloud.net

Search URL Search Domain Scan URL

URL: https://admin.private.zscaler.com/
Title: Zscaler Private Access

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/phone-support
Title: Support

Search URL Search Domain Scan URL

URL: http://securitypreview.zscaler.com/
Title: Cyber Risk Assessment

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/c/cfa
Title: Engage with the Community

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/
Title: Zenith Community

Search URL Search Domain Scan URL

URL: https://ir.zscaler.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://partners.zscaler.com/English/?_ga=2.99711646.1857841434.1598348033-1446486325.1596884558&_gac=1.2118064.1598192792.1231231
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://apex.zscaler.com/
Title: Partner Inquiry

Search URL Search Domain Scan URL

URL: https://github.com/AlessandroZ/LaZagne
Title: LaZagne

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://tinyurl.com/yyw3twfh
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?title=Qealler%20%E2%80%93%20a%20new%20JAR-based%20information%20stealer&url=https://tinyurl.com/yyw3twfh
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://tinyurl.com/yyw3twfh%20%E2%80%94%20Qealler%20%E2%80%93%20a%20new%20JAR-based%20information%20stealer
Title:

Search URL Search Domain Scan URL

URL: https://www.zscaler.fr/
Title: Français

Search URL Search Domain Scan URL

URL: https://www.zscaler.de/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.zscaler.jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://www.twitter.com/zscaler
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Zscaler
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zscaler
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ZscalerMarketing
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 63

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1603105908089&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1603105908089%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Fqealler-new-jar-based-information-stealer%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1603105908089&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&liSync=true

Request Chain 83

https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&referer=&fp=5d2f10942569cca69057fc09abaea819 HTTP 302
https://tracking.leadlander.com/tracking.png

99 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request qealler-new-jar-based-information-stealer Show response
www.zscaler.com/blogs/research/ 78 KB
20 KB 975ms
918ms Document
text/html 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0a14522f0ae2ddbb0bf22efccb54b2a098f765c19d83c53ed235d415c630112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.zscaler.com
:scheme: https
:path: /blogs/research/qealler-new-jar-based-information-stealer
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 19 Oct 2020 11:11:46 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d3a809b84d4429ad31a3e6bebb00b8d391603105905; expires=Wed, 18-Nov-20 11:11:45 GMT; path=/; domain=.www.zscaler.com; HttpOnly; SameSite=Lax
cache-control: max-age=2764800, public
link: <https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer>; rel="canonical"
x-ua-compatible: IE=edge
content-language: en
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Mon, 19 Oct 2020 11:09:24 GMT
vary: X-UA-Device,Accept-Encoding
x-request-id: v-8bbe6d12-11fb-11eb-80de-0fb2b8d5a8d1
x-ah-environment: prod
age: 141
via: varnish
x-cache: HIT
x-cache-hits: 3
cf-cache-status: DYNAMIC
cf-request-id: 05e227f53e00002488983b9000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
server: cloudflare
cf-ray: 5e4a0f686cce2488-FRA
content-encoding: br

GET
H2 200 google_tag.script.js Show response
www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/ 347 B
368 B 51ms
48ms Script
application/javascript 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/google_tag.script.js?qiaeca

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 266766
x-cache: HIT
status: 200
x-cache-hits: 30
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 05e227f8f300002488f8b27000000001
x-request-id: v-2584576a-0f8e-11eb-a656-833c1e5b15d3
last-modified: Fri, 16 Oct 2020 09:00:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: application/javascript
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f6e2a152488-FRA
expires: Mon, 09 Nov 2020 11:11:46 GMT

GET
H2 200 css_q18vFNz3vVs9u-ltuWmTYJRXMPWg_xdBVF0VIqCopSU.css
www.zscaler.com/sites/default/files/css/ 3 KB
1 KB 48ms
46ms Stylesheet
text/css 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/css/css_q18vFNz3vVs9u-ltuWmTYJRXMPWg_xdBVF0VIqCopSU.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab5f2f14dcf7bd5b3dbbe96db9699360945730f5a0ff1741545d1522a0a8a525

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1663169
x-cache: HIT
status: 200
x-cache-hits: 40
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 05e227f8db00002488f8b24000000001
x-request-id: v-8d9a8ec4-0245-11eb-ba51-435cfd1f27ca
last-modified: Fri, 25 Sep 2020 16:45:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/css
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f6e29b62488-FRA
expires: Mon, 09 Nov 2020 11:11:46 GMT

GET
H2 200 zscaler-stylesheet.min.css
www.zscaler.com/sites/default/files/cohesion/styles/base/ 321 KB
21 KB 47ms
45ms Stylesheet
text/css 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/cohesion/styles/base/zscaler-stylesheet.min.css?qiaeca

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2640b346e5bde91ea975944ac43a8473827ffe710f4906d54808150d401ae075

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 266766
x-cache: HIT
status: 200
x-cache-hits: 34
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 05e227f8db00002488e8ad9000000001
x-request-id: v-2283da0e-0f8e-11eb-95f1-03cc7e8c8914
last-modified: Fri, 16 Oct 2020 09:00:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/css
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f6e29ba2488-FRA
expires: Mon, 09 Nov 2020 11:11:46 GMT

GET
H2 200 css_nUg_4u9yNhaXFIEbU5ZfM00ttl4YMfY7c6l1OcHo1EE.css
www.zscaler.com/sites/default/files/css/ 11 KB
3 KB 33ms
31ms Stylesheet
text/css 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/css/css_nUg_4u9yNhaXFIEbU5ZfM00ttl4YMfY7c6l1OcHo1EE.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d483fe2ef7236169714811b53965f334d2db65e1831f63b73a97539c1e8d441

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 102899
x-cache: HIT
status: 200
x-cache-hits: 27
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 05e227f8dc000024889c95e000000001
x-request-id: v-ccba28a0-108a-11eb-bba7-c3c9ae4ab22f
last-modified: Fri, 25 Sep 2020 16:45:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/css
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f6e29bd2488-FRA
expires: Mon, 09 Nov 2020 11:11:46 GMT

GET
H2 200 zscaler-stylesheet.min.css
www.zscaler.com/sites/default/files/cohesion/styles/theme/ 17 KB
2 KB 34ms
32ms Stylesheet
text/css 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/cohesion/styles/theme/zscaler-stylesheet.min.css?qiaeca

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf283af46a81b464e67984da2c10713b5eb5a6856e330a1275cc6345a63ff4c8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 266766
x-cache: HIT
status: 200
x-cache-hits: 34
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 05e227f8dc00002488782f2000000001
x-request-id: v-2281a04a-0f8e-11eb-adc9-e3479bd43ce4
last-modified: Fri, 16 Oct 2020 09:00:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/css
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f6e29bf2488-FRA
expires: Mon, 09 Nov 2020 11:11:46 GMT

GET
H2 200 css_x9K6SsP3v-Nm3Ib67T4g1-6EHxUISbdTR7Hw3TG-6qA.css
www.zscaler.com/sites/default/files/css/ 376 B
307 B 45ms
44ms Stylesheet
text/css 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/css/css_x9K6SsP3v-Nm3Ib67T4g1-6EHxUISbdTR7Hw3TG-6qA.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7d2ba4ac3f7bfe366dc86faed3e20d7ee841f150849b75347b1f0dd31beeaa0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 108845
x-cache: HIT
status: 200
x-cache-hits: 22
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 05e227f8e600002488953bc000000001
x-request-id: v-15b00cee-1092-11eb-80c8-bb88041e368f
last-modified: Fri, 02 Oct 2020 14:46:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/css
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f6e29c52488-FRA
expires: Mon, 09 Nov 2020 11:11:46 GMT

GET
H2 200 subscription
www.zscaler.com/webform/css/ 73 B
496 B 765ms
763ms Stylesheet
text/css 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/webform/css/subscription?qiaeca&qiaeca

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57140e2d39089d723259e3e86568864036fac49f93021d1def07076ccec81bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:47 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 267026
x-cache: HIT
status: 200
x-ah-environment: prod
content-encoding: br
vary: X-UA-Device,Accept-Encoding
cf-request-id: 05e227f8f200002488ae2fa000000001
x-request-id: v-28e43074-0f8e-11eb-a5b0-6b8e63819d42
x-ua-compatible: IE=edge
last-modified: Fri, 16 Oct 2020 09:01:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1602838881"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-language: en
content-type: text/css; charset=UTF-8
expires: Sun, 19 Nov 1978 05:00:00 GMT
cache-control: max-age=2764800, public
cf-ray: 5e4a0f6e29f32488-FRA
x-cache-hits: 34240

GET
H2 200 css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css
www.zscaler.com/sites/default/files/css/ 1 MB
126 KB 62ms
60ms Stylesheet
text/css 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a4f9dd367931d08480080a58c9da98922911786d10935e2e0fce5607df6645b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 267280
x-cache: HIT
status: 200
x-cache-hits: 20
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 05e227f8f3000024889800c000000001
x-request-id: v-2f73ae48-0f8d-11eb-98e6-7bd0be95bd7e
last-modified: Fri, 16 Oct 2020 08:54:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/css
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f6e2a132488-FRA
expires: Mon, 09 Nov 2020 11:11:46 GMT

GET
H2 200 logo.svg
www.zscaler.com/themes/custom/zscaler/ 4 KB
2 KB 41ms
34ms Image
image/svg+xml 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/logo.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9889de61b49684c87111bcc4c726a73c3e6d799ca8eefa7f3dc109d533e92470

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 396070
x-cache: HIT
status: 200
x-cache-hits: 266
x-ah-environment: prod
content-encoding: br
vary: Host, Accept-Encoding
cf-request-id: 05e227f8f700002488820b4000000001
x-request-id: v-6ceb9790-088f-11eb-a7ca-cb792c5d3334
last-modified: Sat, 25 Jul 2020 17:39:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/svg+xml
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f6e5a222488-FRA
expires: Mon, 09 Nov 2020 11:11:46 GMT

GET
H2 200 zscaler-header-logo-white.png
www.zscaler.com/themes/custom/zscaler/images/logo/ 2 KB
3 KB 41ms
35ms Image
image/png 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/logo/zscaler-header-logo-white.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

840353e97eda0d0721411f79be9b32cf832898137e52e3de834e4a1ccc0f62c8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 108836
cf-polished: status=not_needed
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 2348
cf-request-id: 05e227f8f800002488771bb000000001
x-request-id: v-5a60bfe0-fe00-11ea-a23d-07697ca69002
last-modified: Sat, 25 Jul 2020 17:40:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/png
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a292488-FRA
x-cache-hits: 78

GET
H2 200 picture-6631-1553593061.jpg
www.zscaler.com/sites/default/files/pictures/ 71 KB
71 KB 48ms
42ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/pictures/picture-6631-1553593061.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

263b401a4ec83c1a85ceb67552d812787430be0c9d312a0dfbb0ba57c0dc121a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8322
cf-polished: origSize=74658, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 72290
cf-request-id: 05e227f8f900002488cf0da000000001
x-request-id: v-8a01aaf4-10a0-11eb-9d0f-37731555ad00
last-modified: Thu, 30 Jul 2020 12:25:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a302488-FRA
x-cache-hits: 26

GET
H2 200 Q-image-1.jpg
www.zscaler.com/sites/default/files/images/blogs/ 122 KB
123 KB 47ms
41ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-1.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce35f5c29247a1196ecea5b3240cfac09bf2a4629a4844bba09d6cd92967e229

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=167999, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 125249
cf-request-id: 05e227f8f900002488a08a3000000001
x-request-id: v-c2796e48-10ba-11eb-97e9-3b84bdc09dcf
last-modified: Wed, 23 Sep 2020 21:04:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a332488-FRA
x-cache-hits: 6

GET
H2 200 Q-image-2.jpg
www.zscaler.com/sites/default/files/images/blogs/ 48 KB
49 KB 48ms
42ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-2.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c2314a9c882eb6997e7199a57ecbbdc628cda32b0d8dd20f193055ef49e71ca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=82996, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 49427
cf-request-id: 05e227f8f900002488b093c000000001
x-request-id: v-c27a96ce-10ba-11eb-93be-1bd83fc1af52
last-modified: Wed, 23 Sep 2020 21:04:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a342488-FRA
x-cache-hits: 6

GET
H2 200 Q-image-3.jpg
www.zscaler.com/sites/default/files/images/blogs/ 136 KB
136 KB 47ms
41ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-3.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9bf0d990ed8fe52c6b7669baa37e0751da5de711a69a1c009083f734510eb38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=169961, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 138857
cf-request-id: 05e227f8fa00002488ab02a000000001
x-request-id: v-c27bcbb6-10ba-11eb-adaf-f786fb6eaf5b
last-modified: Wed, 23 Sep 2020 21:04:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a352488-FRA
x-cache-hits: 5

GET
H2 200 Q-image-4.jpg
www.zscaler.com/sites/default/files/images/blogs/ 171 KB
171 KB 41ms
35ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-4.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6e3f1e04b55aa870d490c8bfc00cce1d5a28db5d303b07bd622dc55c5049ae4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=208340, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 175028
cf-request-id: 05e227f8fa00002488e8adc000000001
x-request-id: v-c2781462-10ba-11eb-afbf-a31d0adef079
last-modified: Wed, 23 Sep 2020 21:04:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a362488-FRA
x-cache-hits: 5

GET
H2 200 Q-image-5.jpg
www.zscaler.com/sites/default/files/images/blogs/ 162 KB
162 KB 41ms
36ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-5.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00d23d732218fe75800d99cb6de1e7ae27f7517d62057782fef92cb038d83f5d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=199439, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 165752
cf-request-id: 05e227f8fa00002488ae2fb000000001
x-request-id: v-c27b2882-10ba-11eb-9b44-9bcc57c2d633
last-modified: Wed, 23 Sep 2020 21:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a392488-FRA
x-cache-hits: 6

GET
H2 200 Q-image-6.jpg
www.zscaler.com/sites/default/files/images/blogs/ 177 KB
177 KB 47ms
42ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-6.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af3a44157f470a88d48094365d3cc4c191d8fb2dce75fb6c2bed9b88d57a6fb7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=217420, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 181282
cf-request-id: 05e227f8fa00002488c4387000000001
x-request-id: v-c27ad9e0-10ba-11eb-b5dc-97b7ad1c2f80
last-modified: Wed, 23 Sep 2020 21:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a3a2488-FRA
x-cache-hits: 8

GET
H2 200 Q-image-7.jpg
www.zscaler.com/sites/default/files/images/blogs/ 106 KB
107 KB 48ms
43ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-7.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a35cd326b2cf07e0fa65ddfc1e1845a115d47391f645b05ea89eff473b436a6b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=143948, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 109011
cf-request-id: 05e227f8fb000024887c0f1000000001
x-request-id: v-c27ba424-10ba-11eb-b3f8-2bca6ea81ac7
last-modified: Wed, 23 Sep 2020 21:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a3c2488-FRA
x-cache-hits: 6

GET
H2 200 Q-image-8.jpg
www.zscaler.com/sites/default/files/images/blogs/ 43 KB
43 KB 41ms
37ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-8.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29797557f2a832d3dccb94f9de057083e4af261cc7073911186c1a907dced7fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=68676, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 44145
cf-request-id: 05e227f8fb00002488782f6000000001
x-request-id: v-c27b19f0-10ba-11eb-b289-1b6eacb323da
last-modified: Wed, 23 Sep 2020 21:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a3e2488-FRA
x-cache-hits: 7

GET
H2 200 Q-image-9.jpg
www.zscaler.com/sites/default/files/images/blogs/ 129 KB
129 KB 41ms
37ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-9.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

728ad5841f2e6db4e4715e23710cf7b27ad748d0ee71820e2f21bebe3451b330

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=174112, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 132220
cf-request-id: 05e227f8fb000024889c961000000001
x-request-id: v-c27a0e16-10ba-11eb-a63c-ab0baf7b010f
last-modified: Wed, 23 Sep 2020 21:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a3f2488-FRA
x-cache-hits: 7

GET
H2 200 Q-image-10.jpg
www.zscaler.com/sites/default/files/images/blogs/ 200 KB
200 KB 47ms
43ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-10.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0713b82eeb70267ec6eb59d401260e1dbca6fe8a4c3b9e1d830b8deb8459af5b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=238574, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 204787
cf-request-id: 05e227f8fd0000248873994000000001
x-request-id: v-c2795d18-10ba-11eb-9226-af8f9f85043b
last-modified: Wed, 23 Sep 2020 21:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a412488-FRA
x-cache-hits: 6

GET
H2 200 Q-image-11.jpg
www.zscaler.com/sites/default/files/images/blogs/ 137 KB
138 KB 48ms
43ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-11.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f6bf99f8e9314c7a993b156d0b9e393a687b003c5b77f3e42a7573d110650cf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=184531, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 140686
cf-request-id: 05e227f8fd00002488bb3a7000000001
x-request-id: v-c27b7256-10ba-11eb-b7e2-47b261ed0b13
last-modified: Wed, 23 Sep 2020 21:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a442488-FRA
x-cache-hits: 7

GET
H2 200 Q-image-12.jpg
www.zscaler.com/sites/default/files/images/blogs/ 90 KB
90 KB 54ms
50ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-12.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44d4b2f7aa84fd37d1be3f80a94753178d60616a9c0adefd6e51486674f88492

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=130180, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 92238
cf-request-id: 05e227f8fe00002488bc08c000000001
x-request-id: v-c27b28b4-10ba-11eb-98fd-d3a66318e5f3
last-modified: Wed, 23 Sep 2020 21:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a462488-FRA
x-cache-hits: 5

GET
H2 200 Q-image-13.jpg
www.zscaler.com/sites/default/files/images/blogs/ 178 KB
179 KB 48ms
44ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-13.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a97d3e9898dc000c85c7c60b093d02c12e93cfce3a3d36e64c9e262a1a774a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=216247, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 182529
cf-request-id: 05e227f8fe00002488f8b29000000001
x-request-id: v-c2795912-10ba-11eb-93f1-4fa09709119d
last-modified: Wed, 23 Sep 2020 21:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a4a2488-FRA
x-cache-hits: 6

GET
H2 200 Q-image-14.jpg
www.zscaler.com/sites/default/files/images/blogs/ 116 KB
116 KB 48ms
45ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-14.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f5bc5ffb8a741105348a42379151dc246dfd5648233559418fc8537310b3ff2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=153048, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 118384
cf-request-id: 05e227f8fe00002488d0b39000000001
x-request-id: v-c2784108-10ba-11eb-bf23-77e2ec68c15d
last-modified: Wed, 23 Sep 2020 21:04:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a4b2488-FRA
x-cache-hits: 8

GET
H2 200 Q-image-15.jpg
www.zscaler.com/sites/default/files/images/blogs/ 322 KB
322 KB 50ms
46ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Q-image-15.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

824fb9832dee1f034e5162adc0a5324f14cd873470b0a3e413f06d2abdd489cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 140
cf-polished: origSize=379321, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 329335
cf-request-id: 05e227f8ff0000248890839000000001
x-request-id: v-c2791c2c-10ba-11eb-9936-f37ee1f6926f
last-modified: Wed, 23 Sep 2020 21:04:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a4d2488-FRA
x-cache-hits: 7

GET
H2 200 GettyImages-621921512_0.jpg
www.zscaler.com/sites/default/files/images/blogs/ 267 KB
268 KB 50ms
47ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/GettyImages-621921512_0.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b84fa086d7bbfffa2fd7e5bf184052bd79bc3f873d7b9bfd1a6c58c2302afd13

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 417758
cf-polished: origSize=317402, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 273624
cf-request-id: 05e227f8ff00002488e016c000000001
x-request-id: v-ff4f1924-0e2d-11eb-87bd-23cf3e4fa1be
last-modified: Mon, 12 Oct 2020 20:50:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a502488-FRA
x-cache-hits: 12

GET
H2 200 Z%2BCS2.jpg
www.zscaler.com/sites/default/files/images/blogs/ 175 KB
176 KB 47ms
44ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/Z%2BCS2.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b28e7386addd812124a9af28ec9c5359c9a30e643fd6c189073caaefb2e721ae

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 484346
cf-polished: origSize=222988, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 179365
cf-request-id: 05e227f90000002488b90ac000000001
x-request-id: v-8ef4d030-0d8b-11eb-bdad-dfecf80db5a1
last-modified: Tue, 13 Oct 2020 19:37:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:46 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f6e5a542488-FRA
x-cache-hits: 7

GET
H2 200 email-decode.min.js Show response
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
849 B 36ms
34ms Script
application/javascript 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 14 Oct 2020 13:37:19 GMT
server: cloudflare
etag: W/"5f86ff0f-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=31536000; preload
cf-ray: 5e4a0f6e5a1d2488-FRA
cf-request-id: 05e227f8f500002488bf094000000001
expires: Wed, 21 Oct 2020 11:11:46 GMT

GET
H2 200 92ede4fc-c076-4245-8c3f-85e672763690.js Show response
cdn.cookielaw.org/langswitch/ 2 KB
1 KB 15ms
13ms Script
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 19 Oct 2020 11:11:46 GMT
content-encoding: GZIP
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: wNMyoZp2a7YtIJ5FlCf5Pg==
age: 3451
status: 200
vary: Accept-Encoding
content-length: 737
cf-request-id: 05e227f8e700002c3ecf168000000001
x-ms-lease-status: unlocked
last-modified: Thu, 23 Jul 2020 20:39:49 GMT
server: cloudflare
etag: 0x8D82F488B1FF248
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c1ef666c-401e-0138-43d9-77dfea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5e4a0f6e3b3b2c3e-FRA

GET
H2 200 js_mkG4oFo8ITvEB8m7WvchG6vBZgu6vaSu8RiwMvEgmu4.js Show response
www.zscaler.com/sites/default/files/js/ 650 KB
168 KB 71ms
69ms Script
text/javascript 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/js/js_mkG4oFo8ITvEB8m7WvchG6vBZgu6vaSu8RiwMvEgmu4.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a41b8a05a3c213bc407c9bb5af7211babc1660bbabda4aef118b032f1209aee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:46 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1032866
x-cache: MISS
status: 200
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 05e227f8fa00002488953bf000000001
x-request-id: v-0c67fa3c-0897-11eb-9822-6f59a9ffb8c8
last-modified: Wed, 07 Oct 2020 12:17:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/javascript
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f6e5a1f2488-FRA
expires: Mon, 09 Nov 2020 11:11:46 GMT

GET
H2 200 css
fonts.googleapis.com/ 15 KB
1 KB 16ms
14ms Stylesheet
text/css 2a00:1450:4001:81a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2b54788dd0f1140ff76962ca20b5748907079d67f85f140f2d517848eb3e0208

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 19 Oct 2020 11:11:47 GMT
server: ESF
date: Mon, 19 Oct 2020 11:11:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 19 Oct 2020 11:11:47 GMT

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 37 KB
37 KB 396ms
189ms Script
application/javascript 52.44.242.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.44.242.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-44-242-176.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:47 GMT
last-modified: Thu, 06 Aug 2020 14:28:30 GMT
server: Kestrel
etag: "1d66bfddb0de89b"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 37787
expires: -1

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 70ms
25ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Aug 2020 03:11:00 GMT
Server: AkamaiNetStorage
ETag: "a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 211 KB
59 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/google_tag.script.js?qiaeca

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be6646b2f48ae3c287e7e643ef4689e5ac4a876b370ec92260cd0c6c3ba3111a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:47 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59954
x-xss-protection: 0
last-modified: Mon, 19 Oct 2020 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 19 Oct 2020 11:11:47 GMT

GET
H2 200 75590e24-f605-4d9c-b92c-ca09a93d469f.js Show response
cdn.cookielaw.org/consent/ 107 KB
19 KB 25ms
25ms Script
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

418536118c08ae693b45715835c8ea0ffcab2b6298f2c05d63b6238a5342a5d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 19 Oct 2020 11:11:47 GMT
content-encoding: GZIP
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: F5JM4YKIbDfUDqJkjqiySw==
age: 5425
status: 200
vary: Accept-Encoding
content-length: 18198
cf-request-id: 05e227fbf700003244e7187000000001
x-ms-lease-status: unlocked
last-modified: Thu, 23 Jul 2020 20:39:52 GMT
server: cloudflare
etag: 0x8D82F488D37C4E4
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 9d959f43-e01e-0090-14d9-774daa000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5e4a0f732bc13244-FRA

GET
H2 200 zscaler-blog-post-hero.jpg
www.zscaler.com/sites/default/files/images/page/blog/ 56 KB
56 KB 17ms
16ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/page/blog/zscaler-blog-post-hero.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7aef9ef21af028ca1e990e4374d6143006918c798619d60ad1a25982cde0fc2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:47 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 99796
cf-polished: origSize=59748, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 57501
cf-request-id: 05e227fc0e000024887402f000000001
x-request-id: v-c26e9b8a-10ba-11eb-b5e7-27fa5518da8d
last-modified: Thu, 30 Jul 2020 14:00:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:47 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f734db92488-FRA
x-cache-hits: 1

GET
H2 200 phishing-spam-2%402x.jpg
www.zscaler.com/sites/default/files/images/blogs/----category-images/phishing-spam/ 102 KB
102 KB 15ms
15ms Image
image/jpeg 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/blogs/----category-images/phishing-spam/phishing-spam-2%402x.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b94ac4868ab5a80127158fe2a26e28c3c7972a5873e3d5a02877c4ccca3cfb6b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:47 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 141
cf-polished: origSize=106665, status=vary_header_present
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 104125
cf-request-id: 05e227fc0f0000248886b14000000001
x-request-id: v-c26f52be-10ba-11eb-9f17-8b547a8c2b64
last-modified: Fri, 04 Sep 2020 11:16:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
expires: Mon, 09 Nov 2020 11:11:47 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f734dbe2488-FRA
x-cache-hits: 12

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.zscaler.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 11:20:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 604275
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 12 Oct 2021 11:20:32 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.zscaler.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 15 Oct 2020 05:43:30 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 365297
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Fri, 15 Oct 2021 05:43:30 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.zscaler.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 11:20:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 604275
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 12 Oct 2021 11:20:32 GMT

GET
H2 200 fa-solid-900.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/ 134 KB
135 KB 18ms
18ms Font
text/plain 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-solid-900.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d23676da3d5b10007f7f675da723f274604cd88397dc25c4721519973994a71

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:47 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 102029
x-cache: HIT
status: 200
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 137704
cf-request-id: 05e227fc1900002488a08f4000000001
x-request-id: v-348e8a58-fde3-11ea-a1fb-4b7773c9445f
last-modified: Sat, 25 Jul 2020 17:40:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
access-control-allow-origin: *
expires: Mon, 09 Nov 2020 11:11:47 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f735dda2488-FRA
x-cache-hits: 236

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.zscaler.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 11:20:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 604274
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Tue, 12 Oct 2021 11:20:33 GMT

GET
H2 200 fa-light-300.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/ 181 KB
181 KB 20ms
20ms Font
text/plain 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-light-300.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dc6a571eb2c6ef91003bd4dd0ed914d0bbe394d4347bb503e0d3b1b9295a6db

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:47 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 102252
x-cache: HIT
status: 200
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 185360
cf-request-id: 05e227fc1c00002488bc0d0000000001
x-request-id: v-7798d7c2-effb-11ea-a775-2387e3afdca5
last-modified: Sat, 25 Jul 2020 17:40:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
access-control-allow-origin: *
expires: Mon, 09 Nov 2020 11:11:47 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f735ded2488-FRA
x-cache-hits: 23

GET
H2 200 fa-brands-400.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/ 74 KB
74 KB 17ms
17ms Font
text/plain 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-brands-400.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79e40ce5098ca3d5d3ed476b2b4e156829bdec21fb8c07bab967f6525f5c5677

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:47 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 102252
x-cache: HIT
status: 200
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 76008
cf-request-id: 05e227fc1c00002488f28c3000000001
x-request-id: v-3552ac24-088a-11eb-a993-a73b6da43b21
last-modified: Sat, 25 Jul 2020 17:40:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
access-control-allow-origin: *
expires: Mon, 09 Nov 2020 11:11:47 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f735def2488-FRA
x-cache-hits: 837

GET
H2 200 icon-enlarge-btn.svg
www.zscaler.com/themes/custom/zscaler/images/icons/ 3 KB
1 KB 14ms
14ms Image
image/svg+xml 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/icons/icon-enlarge-btn.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:47 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 90879
x-cache: HIT
status: 200
x-cache-hits: 1
x-ah-environment: prod
content-encoding: br
vary: Host, Accept-Encoding
cf-request-id: 05e227fc6a0000248878348000000001
x-request-id: v-43bef792-f014-11ea-bba5-97eb086ef595
last-modified: Sat, 25 Jul 2020 17:40:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/svg+xml
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
cf-ray: 5e4a0f73df242488-FRA
expires: Mon, 09 Nov 2020 11:11:47 GMT

GET
H2 200 optanon.css
cdn.cookielaw.org/skins/6.3.0/default_responsive_alert_bottom_two_button_white/v2/css/ 20 KB
4 KB 19ms
19ms Stylesheet
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/skins/6.3.0/default_responsive_alert_bottom_two_button_white/v2/css/optanon.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 19 Oct 2020 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: PWkyRiXr+QHryDwIyQmJag==
age: 4992
status: 200
vary: Accept-Encoding
content-length: 3587
cf-request-id: 05e227fcff00003244bb033000000001
x-ms-lease-status: unlocked
last-modified: Fri, 10 Jul 2020 04:10:55 GMT
server: cloudflare
etag: 0x8D824873E42B519
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: a456da9b-501e-00e4-16d9-77cbec000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5e4a0f74cf603244-FRA

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/159/ 11 KB
5 KB 23ms
23ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/159/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:47 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 May 2020 02:24:14 GMT
Server: AkamaiNetStorage
ETag: "79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4810
Expires: Wed, 27 Jan 2021 11:11:47 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 15 KB
7 KB 87ms
25ms Script
application/javascript 104.108.67.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.67.47 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-67-47.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:48 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 22:09:24 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5f6d1914-3a6c"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 6116

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
11 KB 30ms
30ms Script
text/javascript 172.217.16.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

fb5323b78f8c4ac3d3e67de94a47d0b48cad5d735784abce37c0e05ef5c83543

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11245
x-xss-protection: 0
server: cafe
etag: 812263826817654958
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 19 Oct 2020 11:11:48 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 4943
date: Mon, 19 Oct 2020 09:49:25 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Mon, 19 Oct 2020 11:49:25 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
761 B 21ms
20ms Script
application/x-javascript 2a02:26f0:10c:582::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:582::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:48 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=52597
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 69ms
31ms Script
application/javascript 2a00:1450:4001:825::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

dd604e4a9d3132d8aa5c661e20880b07488d65f96386f86e73ec1327293ea2ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:48 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
status: 200
cache-control: no-cache
content-type: application/javascript
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 86 KB
33 KB 100ms
44ms Script
application/x-javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA7) /
Resource Hash: 4c77b84665a1e6bfb24ec928a1ed9045818099f6a6f2e26e2bb22a560067183f

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:48 GMT
content-encoding: gzip
last-modified: Thu, 15 Oct 2020 16:31:04 GMT
server: ECS (amb/6BA7)
age: 66712
etag: "b079809310a3d61:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: max-age=86400
accept-ranges: bytes
content-length: 33784

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 88 KB
23 KB 8ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23070
x-xss-protection: 0
pragma: public
x-fb-debug: O/3kPTN85ts04sEoUea9l8byC0qNWFJDwZF+KkJHsnTmbN0qsOO4842GBeZJb3zRx096d5c/y2kaW0sGRSmcGw==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 19 Oct 2020 11:11:48 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 101ms
39ms Script
text/javascript 163.171.132.119
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:48 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 458
X-Ws-Request-Id: 5f8d7474_PSdgflkfFRA2lp7_29577-57925
Content-Type: text/javascript
Via: 1.1 PSmgnyNY2no188:0 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control: max-age=600
X-Cache-Spec: Yes
X-Px: ht PSdgflkfFRA2gb73FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Mon, 19 Oct 2020 11:14:10 GMT

GET
H2 200 main.rtfl.js Show response
visitor.reactful.com/dist/ 270 KB
105 KB 39ms
13ms Script
application/javascript 2a00:1450:4001:820::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/dist/main.rtfl.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: fdde3016f0fc51a46ce7cf095d624618f57ec46bfe4100631d2d416ddbe132ad

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 10:53:30 GMT
content-encoding: gzip
server: Google Frontend
age: 1098
etag: "vPz6QA"
content-type: application/javascript; charset=UTF-8
status: 200
x-cloud-trace-context: 440bdd8d4a753e3acad066d3f4e5931c
cache-control: public,public, max-age=432000
content-length: 106683
expires: Sat, 24 Oct 2020 10:53:30 GMT

GET
H/1.1 200
OK visitWebPage Show response
306-zej-256.mktoresp.com/webevents/ 2 B
311 B 404ms
101ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1603105908062&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-zscaler.com-1603105908062-21960&_mchHo=www.zscaler.com&_mchPo=&_mchRu=%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:48 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: e2ce6106-3162-462a-a955-6aaab22a4a7a

GET
H/1.1 200
OK insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 10ms
10ms Script
application/x-javascript 2a02:26f0:10c:582::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:582::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:48 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=56311
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1799

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-6177009-1&cid=1257349786.1603105908&jid=1821300707&gjid=1261381678&_gid=655136611.1603105908&_u=YGBAgEABAAAAAE~&z=1829309588

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 19 Oct 2020 11:11:48 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
119 B 6ms
6ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=820708282&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&ul=en-us&de=UTF-8&dt=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=1821300707&gjid=1261381678&cid=1257349786.1603105908&tid=UA-6177009-1&_gid=655136611.1603105908&gtm=2wg9u15SLZFK&z=1895588345

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 09:13:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 7122
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 2 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1603105908085&cv=9&fst=1603105908085&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&tiba=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0baad1ea8d9bcd24ce1353b9d27b563ba6cd5fee7e74cf3804b82e1226466571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1054
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/ 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1603105908088&cv=9&fst=1603105908088&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&tiba=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4170a216435ededa3af57da9e61d3900325b6cbd567c969d89cf1a2317aaece1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1054
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1603105908089&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1603105908089%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblog...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1603105908089&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&liSync=true

0
57 B

191ms
190ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1603105908089&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&liSync=true
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:48 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: rsOgk1RgPxYgnyXYNisAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: 6AiLjFRgPxbAl6299ioAAA==
pragma: no-cache
x-li-pop: afd-prod-esv5
x-msedge-ref: Ref A: 841DF0F7EBEA4997B81170FF95748F6E Ref B: FRAEDGE1105 Ref C: 2020-10-19T11:11:48Z
x-frame-options: sameorigin
date: Mon, 19 Oct 2020 11:11:47 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1603105908089&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 1778897272132032 Show response
connect.facebook.net/signals/config/ 234 KB
68 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1778897272132032?v=2.9.27&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

00ae8ed3516cac0e577b39ad1b921c92be475a75a2e87c6810ab0ad83afaf369

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 69786
x-xss-protection: 0
pragma: public
x-fb-debug: qH/i/Z1nM131oM/9vyXLhIQVau/1AXessY/SaveZqwrwjRf+WKiUcplQTkMZevaFAvsQz/WBj79//0nxd8QB2Q==
x-fb-trip-id: 664085054
date: Mon, 19 Oct 2020 11:11:48 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 20ms
19ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-6177009-1&cid=1257349786.1603105908&jid=1821300707&_u=YGBAgEABAAAAAE~&z=659384323

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 22ms
17ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-6177009-1&cid=1257349786.1603105908&jid=1821300707&_u=YGBAgEABAAAAAE~&z=659384323

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
107 B 50ms
48ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1603105908085&cv=9&fst=1603105200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&tiba=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&async=1&fmt=3&is_vtc=1&random=3989987647&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/812494211/ 42 B
107 B 52ms
50ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/812494211/?random=1603105908085&cv=9&fst=1603105200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&tiba=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&async=1&fmt=3&is_vtc=1&random=3989987647&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/973777747/ 42 B
107 B 49ms
48ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973777747/?random=1603105908088&cv=9&fst=1603105200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&tiba=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&async=1&fmt=3&is_vtc=1&random=3940736266&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/973777747/ 42 B
107 B 42ms
40ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/973777747/?random=1603105908088&cv=9&fst=1603105200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&tiba=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&async=1&fmt=3&is_vtc=1&random=3940736266&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vfl7r2f24/ 96 KB
35 KB 63ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl7r2f24/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1ef01366195120d68c9bfdcab0bb8b0f9a5bfcfd16302bb7bf37c5a74d1bb43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 06:39:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16362
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35387
x-xss-protection: 0
last-modified: Thu, 15 Oct 2020 16:54:46 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Tue, 27 Oct 2020 06:39:06 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
262 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&rl=&if=false&ts=1603105908164&sw=1600&sh=1200&v=2.9.27&r=stable&ec=0&o=30&fbp=fb.1.1603105908162.4102463&it=1603105908097&coo=false&rqm=GET

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:48 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 19 Oct 2020 11:11:48 GMT

OPTIONS
H2 200 /
visitor.reactful.com/config/494419/ 0
0 243ms
224ms Other
text/javascript 2a00:1450:4001:820::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/494419/?page=%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&hash=&referer=&user_id=&hshkgid=644fb99c-2dbd-403c-b88d-187f5930c02b&cb_rtfl=_rtfl_jsonp_0
Protocol: H2
Server: 2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: url-params-data
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

status: 200
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.zscaler.com
access-control-allow-methods: GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
content-type: text/javascript
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-cloud-trace-context: e744c8ee31d476ebeb6959fbde452d33
date: Mon, 19 Oct 2020 11:11:48 GMT
server: Google Frontend
content-length: 0
expires: Mon, 19 Oct 2020 11:11:48 GMT

GET
H2 200 / Show response
visitor.reactful.com/config/494419/ 4 KB
1 KB 358ms
357ms XHR
text/html 2a00:1450:4001:820::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/494419/?page=%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&hash=&referer=&user_id=&hshkgid=644fb99c-2dbd-403c-b88d-187f5930c02b&cb_rtfl=_rtfl_jsonp_0
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 1c7e6c173f840e8c46cf630ddac93303cdd8a75a4c40accb29a807e7d07ab7ee

Request headers

Url-Params-Data: e30=
Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:48 GMT
content-encoding: gzip
server: Google Frontend
status: 200
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
access-control-allow-origin: https://www.zscaler.com
x-cloud-trace-context: 86c99d50b441dcc4ab9891c9a474cdf6
cache-control: no-cache
access-control-allow-credentials: true
content-type: text/html; charset=utf-8
access-control-allow-headers: Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length: 924
expires: Mon, 19 Oct 2020 11:11:48 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
371 B 74ms
24ms XHR
text/plain 104.108.67.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.67.47 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-67-47.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6cac0ea1a72eca354e1a30c46209183d8b46c02a0de806ff927902a46705bf5e

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:48 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.zscaler.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
702 B 55ms
16ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 19 Oct 2020 11:11:48 GMT
X-Proxy-Origin: 82.102.19.136; 82.102.19.136; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.59:80
AN-X-Request-Uuid: debf3342-8e75-4c5f-bc93-c12c89ad6f4d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.zscaler.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
450 B 393ms
99ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=2334982&version=2.0&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&r=1603105908535
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:48 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=83
Content-Length: 43

GET
H/1.1 200
OK img.gif
b.6sc.co/ 43 B
774 B 265ms
215ms Image
image/gif 104.108.67.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=&visitor=c78f9318-388e-4ab1-8339-b0737169056c&session=bfd48760-199c-42c0-8ce0-da3ce7a155aa&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22Zscaler%20ThreatLabZ%20has%20observed%20a%20rise%20in%20the%20malware%27s%20activity%2C%20which%20was%20detected%20in%20the%20Zscaler%20Cloud%20Sandbox.%20%5C%22Qealler%5C%22%20a%20new%20piece%20of%20malware%2C%20is%20written%20in%20Java%20and%20designed%20to%20silently%20steal%20credentials%20in%20infected%20machines.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5C%22Qealler%5C%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler%22%7D&cb=05908538&r=&thirdParty=%7B%7D&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.108.67.47 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-67-47.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 11:11:48 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:51:25 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e5026ad-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v1/company/ 128 B
301 B 71ms
24ms XHR
application/json 52.29.125.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v1/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.125.201 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-125-201.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 05301854d614340b7c1954bf2f43ea5c7306f464865570b1881bc5f2be9fd737

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Authorization: Token d9a28eea7120bf0c47191c72d2fdf42c4de8fc4e
EpsilonCookie: 56b3f7489c0f000074748d5f6900000088f70000

Response headers

date: Mon, 19 Oct 2020 11:11:48 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
content-length: 128

OPTIONS
H2 200 details
epsilon.6sense.com/v1/company/ 0
0 76ms
23ms Other 52.29.125.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v1/company/details
Protocol: H2
Server: 52.29.125.201 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-125-201.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,epsiloncookie
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

status: 200
date: Mon, 19 Oct 2020 11:11:48 GMT
server: nginx/1.16.0
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET
access-control-allow-headers: authorization,epsiloncookie

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
305 B 19ms
18ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=21448a5fbfda45909654e03f73b764f7&_biz_s=6e6515&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&_biz_t=1603105908561&_biz_i=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&_biz_n=0&rnd=269075&cdn_o=a&_biz_z=1603105908562
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B75) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
last-modified: Fri, 16 Oct 2020 01:57:50 GMT
server: ECS (amb/6B75)
age: 292438
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
327 B 20ms
17ms Image
image/gif 93.184.220.42
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=21448a5fbfda45909654e03f73b764f7&_biz_s=6e6515&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&_biz_t=1603105908565&_biz_i=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&rnd=440096&cdn_o=a&_biz_z=1603105908565
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.42 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B97) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
last-modified: Fri, 16 Oct 2020 00:53:22 GMT
server: ECS (amb/6B97)
age: 296306
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2

200

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&referer=&fp=5d2f10942569cca69057fc09ab...
https://tracking.leadlander.com/tracking.png

68 B
296 B

101ms
101ms

Image
image/png

3.220.33.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.220.33.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-220-33-83.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
last-modified: Wed, 26 Sep 2018 16:48:51 GMT
server: Kestrel
etag: "1d455b8cd761bc4"
strict-transport-security: max-age=2592000
content-type: image/png
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
expires: -1

Redirect headers

status: 302
date: Mon, 19 Oct 2020 11:11:48 GMT
server: Kestrel
access-control-allow-origin: *
location: /tracking.png
content-length: 0
strict-transport-security: max-age=2592000

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
413 B 129ms
128ms Script
text/javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=21448a5fbfda45909654e03f73b764f7&_biz_h=-1906410348&cdn_o=a&jsVer=4.20.08.28
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBB) /
Resource Hash: d7cbdf25de7c1668b0dcebb12dfd1e3f33ac42e26f9fd69022f0f100b0986070

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:48 GMT
content-encoding: gzip
server: ECS (amb/6BBB)
etag: E69D1BF0
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 219

POST
H2 200 /
www.facebook.com/tr/ 0
52 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarygPsPT5yBwL8DiMER

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 19 Oct 2020 11:11:48 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 u
cdn.bizible.com/m/ 43 B
122 B 18ms
18ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A306-ZEJ-256%26token%3A_mch-zscaler.com-1603105908062-21960&_biz_u=21448a5fbfda45909654e03f73b764f7&_biz_s=6e6515&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&_biz_t=1603105908566&_biz_i=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&_biz_n=1&rnd=844666&cdn_o=a&_biz_z=1603105908668
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBE) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:48 GMT
last-modified: Fri, 16 Oct 2020 01:13:47 GMT
server: ECS (amb/6BBE)
age: 295081
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
BLOB 200
OK eb3c1c51-359c-42c2-875f-2d53633efcbf Show response
https://www.zscaler.com/ 4 KB
0 Script
text/html

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.zscaler.com/eb3c1c51-359c-42c2-875f-2d53633efcbf
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c7e6c173f840e8c46cf630ddac93303cdd8a75a4c40accb29a807e7d07ab7ee

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 3975
Content-Type: text/html

POST
H2 200 / Show response
tracking.reactful.com/tracking/494419/ 6 B
189 B 172ms
139ms XHR
text/html 2a00:1450:4001:824::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.reactful.com/tracking/494419/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:824::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56

Request headers

Accept: */*
Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 19 Oct 2020 11:11:48 GMT
content-encoding: gzip
server: Google Frontend
status: 200
vary: Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 5f9eb35d8261ebb7555e99b1d6638251
cache-control: no-cache
content-length: 26

GET
H2 200 nr-1184.min.js Show response
js-agent.newrelic.com/ 27 KB
10 KB 20ms
19ms Script
application/javascript 151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1184.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:49 GMT
content-encoding: gzip
x-amz-request-id: A21809B1C987C063
x-cache: HIT
status: 200
content-length: 10624
x-amz-id-2: 5/0iWHe8AbcxZN6Jo3BmJ2Q+tztfRSNwr+lcNTrsM79nJm6KurTN6rNwf14f8ELquc1TIDOjlf4=
x-served-by: cache-hhn4065-HHN
last-modified: Mon, 28 Sep 2020 16:34:45 GMT
server: AmazonS3
x-timer: S1603105909.029385,VS0,VE0
etag: "3d7f312be60d08a2568e311e4762f3af"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 22168

GET
H2 200 zscaler-cookie-icon-close.png
www.zscaler.com/themes/custom/zscaler/images/icons/one-trust/ 236 B
442 B 12ms
11ms Image
image/png 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/icons/one-trust/zscaler-cookie-icon-close.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d94534aa8cc0c365f7a30e88ec2c02207767496c6f6461244e653b4efbe621b8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:49 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 103855
cf-polished: status=not_needed
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 236
cf-request-id: 05e22801250000248873a4a000000001
x-request-id: v-3a5b9370-088a-11eb-bc16-1fb2decbf286
last-modified: Sat, 25 Jul 2020 17:40:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/png
expires: Mon, 09 Nov 2020 11:11:49 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f7b685f2488-FRA
x-cache-hits: 373

GET
H2 200 zscaler-cookie-icon-asterik.png
www.zscaler.com/themes/custom/zscaler/images/icons/one-trust/ 337 B
581 B 19ms
18ms Image
image/png 2606:4700::6813:d63e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/icons/one-trust/zscaler-cookie-icon-asterik.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d63e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50886a52a5df5dc5e0ac727bc7e969b3fe9ccf6b3bb23270c51c23cebbdd6329

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_Ok-d02eTHQhIAICljJ2piSKRF4bRCTXi4PzlYH32ZFs.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:11:49 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 103855
cf-polished: status=not_needed
x-cache: HIT
status: 200
cf-bgj: imgq:100,h2pri
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 337
cf-request-id: 05e22801260000248881a1b000000001
x-request-id: v-ca661336-fdeb-11ea-8a61-434c88055b53
last-modified: Sat, 25 Jul 2020 17:40:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/png
expires: Mon, 09 Nov 2020 11:11:49 GMT
cache-control: public, max-age=1814400
content-security-policy: frame-ancestors 'self';
accept-ranges: bytes
cf-ray: 5e4a0f7b68612488-FRA
x-cache-hits: 153

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
66 B 13ms
13ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=820708282&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&ul=en-us&de=UTF-8&dt=%22Qealler%22%20a%20new%20JAR-based%20Information%20Stealer%20%7C%20Zscaler&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6Sense&ea=6Sense%20Enrich&el=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&_u=aGDACEABBAAAAG~&jid=1851885171&gjid=1520493233&cid=1257349786.1603105908&tid=UA-6177009-1&_gid=655136611.1603105908&_r=1&gtm=2wg9u15SLZFK&cd4=Belgium&cd9=Brussels%20Capital&cd15=&z=367922452

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 2148692b96 Show response
bam.nr-data.net/1/ 57 B
275 B 427ms
106ms Script
text/javascript 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/2148692b96?a=546882274&v=1184.ab39b52&to=Ml1VMkNXDEBTWxZaWAsXdgVFXw1dHXwQRkcEVGsIXlIHb3FXDEdFClRbA0NqLFxWXTRaUhJ7WAhFRA1fXl0QHgkTUVIR&rst=3133&ck=1&ref=https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer&ap=546&be=986&fe=3098&dc=1779&perf=%7B%22timing%22:%7B%22of%22:1603105905922,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:2,%22c%22:2,%22s%22:8,%22ce%22:58,%22rq%22:58,%22rp%22:975,%22rpe%22:979,%22dl%22:977,%22di%22:1778,%22ds%22:1779,%22de%22:1932,%22dc%22:3097,%22l%22:3097,%22le%22:3116%7D,%22navigation%22:%7B%7D%7D&fp=1958&fcp=1958&at=HhpWRAtNH04%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
464 B 43ms
16ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-6177009-1&cid=1257349786.1603105908&jid=1851885171&gjid=1520493233&_gid=655136611.1603105908&_u=aGDACEABBAAAAG~&z=717115965

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 19 Oct 2020 11:11:49 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
87 B 19ms
18ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-6177009-1&cid=1257349786.1603105908&jid=1851885171&_u=aGDACEABBAAAAG~&z=1133503079

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
87 B 19ms
19ms Image
image/gif 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-6177009-1&cid=1257349786.1603105908&jid=1851885171&_u=aGDACEABBAAAAG~&z=1133503079

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK 2148692b96 Show response
bam.nr-data.net/events/1/ 24 B
182 B 107ms
107ms XHR
image/gif 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/2148692b96?a=546882274&v=1184.ab39b52&to=Ml1VMkNXDEBTWxZaWAsXdgVFXw1dHXwQRkcEVGsIXlIHb3FXDEdFClRbA0NqLFxWXTRaUhJ7WAhFRA1fXl0QHgkTUVIR&rst=13132&ck=1&ref=https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.zscaler.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

101 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zscaler.com/	1970-01-23 04:57:18	Name: _rtfl_s_specific_site_sessions_count Value: 1
.zscaler.com/	1970-01-19 22:04:01	Name: _biz_pendingA Value: %5B%5D
.zscaler.com/	1970-01-19 22:04:01	Name: _biz_nA Value: 2
.zscaler.com/	1970-01-19 13:18:27	Name: _biz_sid Value: 6e6515
.zscaler.com/	1970-01-23 04:57:18	Name: _rtfl_s_unique_visitor_session Value: X0lDTGdUNndKdk9oMjRvaXpRTmM4anhfZmE1NGVjYWM4YjlmZTk1YjJhODgxOTIyODk0MWRjNmU0ZjA0M2RhMA==
.zscaler.com/	1970-01-19 22:04:01	Name: _biz_uid Value: 21448a5fbfda45909654e03f73b764f7
www.zscaler.com/	1970-01-19 13:28:30	Name: _an_uid Value: 0
www.zscaler.com/	1970-01-19 13:18:40	Name: _gd_session Value: bfd48760-199c-42c0-8ce0-da3ce7a155aa
www.zscaler.com/	1970-01-20 06:49:37	Name: _gd_svisitor Value: 56b3f7489c0f000074748d5f6900000088f70000
.zscaler.com/	1970-01-19 15:28:01	Name: _fbp Value: fb.1.1603105908162.4102463
.zscaler.com/	1970-01-19 13:18:25	Name: _dc_gtm_UA-6177009-1 Value: 1
.www.zscaler.com/	1970-01-19 22:04:01	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Oct+19+2020+13%3A11%3A49+GMT%2B0200+(Central+European+Summer+Time)&version=6.3.0&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fqealler-new-jar-based-information-stealer&groups=101%3A1%2C1%3A1%2C0_138025%3A1%2C122%3A1%2C2%3A1%2C0_137957%3A1%2C116%3A1%2C0_138118%3A1%2C119%3A1%2C3%3A1%2C0_138119%3A1%2C4%3A1%2C121%3A1%2C0_138125%3A1%2C0_138122%3A1%2C0_192188%3A1%2C0_192175%3A1%2C0_192171%3A1%2C0_138160%3A1%2C0_138127%3A1%2C0_138123%3A1%2C0_192189%3A1%2C0_192172%3A1%2C0_138128%3A1%2C0_192190%3A1%2C0_138129%3A1%2C0_192170%3A1%2C102%3A1%2C103%3A1%2C104%3A1%2C105%3A1%2C106%3A1%2C107%3A1%2C108%3A1%2C109%3A1%2C110%3A1%2C111%3A1%2C112%3A1%2C113%3A1%2C114%3A1%2C115%3A1%2C117%3A1%2C118%3A1%2C120%3A1%2C123%3A1%2C124%3A1%2C125%3A1%2C126%3A1%2C127%3A1%2C128%3A1%2C129%3A1%2C130%3A1
.zscaler.com/	1970-01-20 06:49:37	Name: _ga Value: GA1.2.1257349786.1603105908
.www.zscaler.com/	1970-01-19 14:01:37	Name: __cfduid Value: d3a809b84d4429ad31a3e6bebb00b8d391603105905
.zscaler.com/	1970-01-23 04:57:18	Name: _rtfl_s_494419_specific_site_session Value: Xzc2aXVLRldBbjZJZ250NTJSQ2NaQnNfMjQxMTBlYTQ3ZDY5N2EyY2M4NzAzZjY5ZDIwYzFkYjkxNTgwMmI4Yg==
.zscaler.com/	1970-01-19 13:19:52	Name: _gid Value: GA1.2.655136611.1603105908
.www.zscaler.com/	1970-01-23 04:57:18	Name: _rtfl_s_handshake_guid Value: 644fb99c-2dbd-403c-b88d-187f5930c02b
.zscaler.com/	1970-01-20 06:49:37	Name: _mkto_trk Value: id:306-ZEJ-256&token:_mch-zscaler.com-1603105908062-21960
.zscaler.com/	1970-01-19 22:04:01	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
www.zscaler.com/	1970-01-20 06:49:37	Name: _gd_visitor Value: c78f9318-388e-4ab1-8339-b0737169056c
.zscaler.com/	1970-01-19 15:28:01	Name: _gcl_au Value: 1.1.1516873880.1603105908

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	(Line 1) Message: in callback

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

306-zej-256.mktoresp.com
apt.techtarget.com
b.6sc.co
bam.nr-data.net
c.6sc.co
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
connect.facebook.net
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
j.6sc.co
js-agent.newrelic.com
munchkin.marketo.net
px.ads.linkedin.com
s.ytimg.com
secure.adnxs.com
snap.licdn.com
stats.g.doubleclick.net
t.sf14g.com
tracking.leadlander.com
tracking.reactful.com
trk.techtarget.com
visitor.reactful.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.youtube.com
www.zscaler.com
104.108.67.47
151.101.114.110
162.247.242.20
163.171.132.119
172.217.16.162
185.33.221.13
192.28.144.124
206.19.49.24
2606:4700::6810:9440
2606:4700::6813:d63e
2620:1ec:21::14
2a00:1450:4001:801::2002
2a00:1450:4001:803::2004
2a00:1450:4001:806::2003
2a00:1450:4001:808::2003
2a00:1450:4001:809::2008
2a00:1450:4001:809::200e
2a00:1450:4001:816::200e
2a00:1450:4001:819::2003
2a00:1450:4001:81a::200a
2a00:1450:4001:81b::200e
2a00:1450:4001:820::2013
2a00:1450:4001:824::2013
2a00:1450:4001:825::200e
2a00:1450:400c:c00::9c
2a00:1450:400c:c04::9d
2a02:26f0:10c:582::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
3.220.33.83
52.29.125.201
52.44.242.176
68.232.35.12
88.221.60.75
93.184.220.42
00ae8ed3516cac0e577b39ad1b921c92be475a75a2e87c6810ab0ad83afaf369
00d23d732218fe75800d99cb6de1e7ae27f7517d62057782fef92cb038d83f5d
05301854d614340b7c1954bf2f43ea5c7306f464865570b1881bc5f2be9fd737
0713b82eeb70267ec6eb59d401260e1dbca6fe8a4c3b9e1d830b8deb8459af5b
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
0a97d3e9898dc000c85c7c60b093d02c12e93cfce3a3d36e64c9e262a1a774a8
0baad1ea8d9bcd24ce1353b9d27b563ba6cd5fee7e74cf3804b82e1226466571
0c2314a9c882eb6997e7199a57ecbbdc628cda32b0d8dd20f193055ef49e71ca
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1c7e6c173f840e8c46cf630ddac93303cdd8a75a4c40accb29a807e7d07ab7ee
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
263b401a4ec83c1a85ceb67552d812787430be0c9d312a0dfbb0ba57c0dc121a
2640b346e5bde91ea975944ac43a8473827ffe710f4906d54808150d401ae075
29797557f2a832d3dccb94f9de057083e4af261cc7073911186c1a907dced7fd
2b54788dd0f1140ff76962ca20b5748907079d67f85f140f2d517848eb3e0208
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3a4f9dd367931d08480080a58c9da98922911786d10935e2e0fce5607df6645b
3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671
4170a216435ededa3af57da9e61d3900325b6cbd567c969d89cf1a2317aaece1
418536118c08ae693b45715835c8ea0ffcab2b6298f2c05d63b6238a5342a5d2
44d4b2f7aa84fd37d1be3f80a94753178d60616a9c0adefd6e51486674f88492
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc
4c77b84665a1e6bfb24ec928a1ed9045818099f6a6f2e26e2bb22a560067183f
50886a52a5df5dc5e0ac727bc7e969b3fe9ccf6b3bb23270c51c23cebbdd6329
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57140e2d39089d723259e3e86568864036fac49f93021d1def07076ccec81bda
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d23676da3d5b10007f7f675da723f274604cd88397dc25c4721519973994a71
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6cac0ea1a72eca354e1a30c46209183d8b46c02a0de806ff927902a46705bf5e
6f6bf99f8e9314c7a993b156d0b9e393a687b003c5b77f3e42a7573d110650cf
728ad5841f2e6db4e4715e23710cf7b27ad748d0ee71820e2f21bebe3451b330
779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
79e40ce5098ca3d5d3ed476b2b4e156829bdec21fb8c07bab967f6525f5c5677
824fb9832dee1f034e5162adc0a5324f14cd873470b0a3e413f06d2abdd489cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
840353e97eda0d0721411f79be9b32cf832898137e52e3de834e4a1ccc0f62c8
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8f5bc5ffb8a741105348a42379151dc246dfd5648233559418fc8537310b3ff2
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9889de61b49684c87111bcc4c726a73c3e6d799ca8eefa7f3dc109d533e92470
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
9a41b8a05a3c213bc407c9bb5af7211babc1660bbabda4aef118b032f1209aee
9d483fe2ef7236169714811b53965f334d2db65e1831f63b73a97539c1e8d441
9dc6a571eb2c6ef91003bd4dd0ed914d0bbe394d4347bb503e0d3b1b9295a6db
a35cd326b2cf07e0fa65ddfc1e1845a115d47391f645b05ea89eff473b436a6b
a6e3f1e04b55aa870d490c8bfc00cce1d5a28db5d303b07bd622dc55c5049ae4
a7aef9ef21af028ca1e990e4374d6143006918c798619d60ad1a25982cde0fc2
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
ab5f2f14dcf7bd5b3dbbe96db9699360945730f5a0ff1741545d1522a0a8a525
af3a44157f470a88d48094365d3cc4c191d8fb2dce75fb6c2bed9b88d57a6fb7
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b28e7386addd812124a9af28ec9c5359c9a30e643fd6c189073caaefb2e721ae
b84fa086d7bbfffa2fd7e5bf184052bd79bc3f873d7b9bfd1a6c58c2302afd13
b94ac4868ab5a80127158fe2a26e28c3c7972a5873e3d5a02877c4ccca3cfb6b
bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23
be6646b2f48ae3c287e7e643ef4689e5ac4a876b370ec92260cd0c6c3ba3111a
c1ef01366195120d68c9bfdcab0bb8b0f9a5bfcfd16302bb7bf37c5a74d1bb43
c7d2ba4ac3f7bfe366dc86faed3e20d7ee841f150849b75347b1f0dd31beeaa0
ce35f5c29247a1196ecea5b3240cfac09bf2a4629a4844bba09d6cd92967e229
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf283af46a81b464e67984da2c10713b5eb5a6856e330a1275cc6345a63ff4c8
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
d7cbdf25de7c1668b0dcebb12dfd1e3f33ac42e26f9fd69022f0f100b0986070
d94534aa8cc0c365f7a30e88ec2c02207767496c6f6461244e653b4efbe621b8
d9bf0d990ed8fe52c6b7669baa37e0751da5de711a69a1c009083f734510eb38
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd604e4a9d3132d8aa5c661e20880b07488d65f96386f86e73ec1327293ea2ca
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0a14522f0ae2ddbb0bf22efccb54b2a098f765c19d83c53ed235d415c630112
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
fb5323b78f8c4ac3d3e67de94a47d0b48cad5d735784abce37c0e05ef5c83543
fdde3016f0fc51a46ce7cf095d624618f57ec46bfe4100631d2d416ddbe132ad

www.zscaler.com Open in urlscan Pro 2606:4700::6813:d63e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

99 Requests

99 %HTTPS

61 %IPv6

29 Domains

35 Subdomains

36 IPs

7 Countries

4054 kBTransfer

6908 kBSize

21 Cookies

27 Outgoing links

Redirected requests

99 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.zscaler.com Open in urlscan Pro
2606:4700::6813:d63e Public Scan

Screenshot
Live screenshot

Full Image

99
Requests

99 %
HTTPS

61 %
IPv6

29
Domains

35
Subdomains

36
IPs

7
Countries

4054 kB
Transfer

6908 kB
Size

21
Cookies

99 HTTP transactions
0 data transactions