www.zscaler.com Open in urlscan Pro
2606:4700::6812:1c4a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Submission: On September 10 via api (September 10th 2024, 4:53:53 am UTC) from IN — Scanned from CA

Summary HTTP 139 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 30 IPs in 2 countries across 22 domains to perform 139 HTTP transactions. The main IP is 2606:4700::6812:1c4a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com. The Cisco Umbrella rank of the primary domain is 63584.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 28th 2024. Valid for: a year.

This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
54	2606:4700::68... 2606:4700::6812:1c4a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:23c... 2600:9000:23cb:400:c:d449:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	151.101.66.132 151.101.66.132	54113 (FASTLY) (FASTLY)
9	2606:4700::68... 2606:4700::6812:562a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	104.17.72.206 104.17.72.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2607:f8b0:400... 2607:f8b0:4006:821::2008	15169 (GOOGLE) (GOOGLE)
1	35.168.235.217 35.168.235.217	14618 (AMAZON-AES) (AMAZON-AES)
2	44.221.229.42 44.221.229.42	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	52.13.225.49 52.13.225.49	16509 (AMAZON-02) (AMAZON-02)
7	2600:1f18:e8a... 2600:1f18:e8a:cd04:9b88:a313:d24d:af44	14618 (AMAZON-AES) (AMAZON-AES)
1	23.204.6.193 23.204.6.193	16625 (AKAMAI-AS) (AKAMAI-AS)
12	23.200.88.81 23.200.88.81	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2620:1ec:33:2... 2620:1ec:33:2::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:36::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c06::9b	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81c::2003	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
1	142.251.40.98 142.251.40.98	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:821::200e	15169 (GOOGLE) (GOOGLE)
1	68.67.179.153 68.67.179.153	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:141b:1c0... 2600:141b:1c00:2e::17d1:48d1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2607:f8b0:400... 2607:f8b0:4006:817::2004	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	13.248.142.121 13.248.142.121	16509 (AMAZON-02) (AMAZON-02)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:762b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:752b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
139	30

54 2606:4700::6812:1c4a (United States)

ASN13335 (CLOUDFLARENET, US)

www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:23cb:400:c:d449:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

ob.iseaskies.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.132 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.intellimize.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:562a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.17.72.206 (None, )

ASN13335 (CLOUDFLARENET, US)

info.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:821::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.168.235.217 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-168-235-217.compute-1.amazonaws.com

117186981.intellimizeio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.221.229.42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-221-229-42.compute-1.amazonaws.com

api.intellimize.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.13.225.49 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-13-225-49.us-west-2.compute.amazonaws.com

log.intellimize.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.iseaskies.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.204.6.193 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-204-6-193.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.200.88.81 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-200-88-81.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:33:2::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::9b (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81c::2003 (United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80b::2002 (United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.98 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:821::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.179.153 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:2e::17d1:48d1 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:817::2004 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:762b (United States)

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:752b (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
61	zscaler.com www.zscaler.com — Cisco Umbrella Rank: 63584 info.zscaler.com — Cisco Umbrella Rank: 495273	1 MB
13	6sc.co j.6sc.co — Cisco Umbrella Rank: 12402 c.6sc.co — Cisco Umbrella Rank: 16017 ipv6.6sc.co — Cisco Umbrella Rank: 12823 b.6sc.co — Cisco Umbrella Rank: 6896	23 KB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 554	184 KB
8	iseaskies.com ob.iseaskies.com — Cisco Umbrella Rank: 708145 obs.iseaskies.com — Cisco Umbrella Rank: 827654	42 KB
6	intellimize.co cdn.intellimize.co — Cisco Umbrella Rank: 97696 api.intellimize.co — Cisco Umbrella Rank: 80985 log.intellimize.co — Cisco Umbrella Rank: 74654	107 KB
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 34577 ws.zoominfo.com — Cisco Umbrella Rank: 10891	30 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	510 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 15834	4 KB
3	google.ca www.google.ca — Cisco Umbrella Rank: 9677	191 B
3	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 252 td.doubleclick.net Failed googleads.g.doubleclick.net — Cisco Umbrella Rank: 77	3 KB
3	google.com 1 redirects analytics.google.com — Cisco Umbrella Rank: 238 www.google.com — Cisco Umbrella Rank: 10	88 B
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 18992	648 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	3 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104	21 KB
2	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	73 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 764	702 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 176	3 KB
1	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 8471	1 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	306 B
1	intellimizeio.com 117186981.intellimizeio.com — Cisco Umbrella Rank: 806917
0	acsbapp.com Failed acsbapp.com Failed
139	22

	Domain	Requested by
54	www.zscaler.com	www.zscaler.com js.zi-scripts.com
9	b.6sc.co	www.zscaler.com
9	cdn.cookielaw.org	www.zscaler.com cdn.cookielaw.org
7	obs.iseaskies.com	ob.iseaskies.com www.zscaler.com
7	info.zscaler.com	www.zscaler.com info.zscaler.com
5	www.googletagmanager.com	www.zscaler.com ob.iseaskies.com www.googletagmanager.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
3	js.zi-scripts.com	www.zscaler.com js.zi-scripts.com
3	www.google.ca	www.zscaler.com
3	log.intellimize.co	cdn.intellimize.co
2	epsilon.6sense.com	j.6sc.co
2	www.facebook.com	www.zscaler.com
2	www.google.com	1 redirects www.zscaler.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com
2	bat.bing.com	ob.iseaskies.com bat.bing.com
2	connect.facebook.net	ob.iseaskies.com connect.facebook.net
2	j.6sc.co	www.zscaler.com j.6sc.co
2	api.intellimize.co	cdn.intellimize.co
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	www.googleadservices.com	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	munchkin.marketo.net	www.zscaler.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	117186981.intellimizeio.com	cdn.intellimize.co
1	cdn.intellimize.co	www.zscaler.com
1	ob.iseaskies.com	www.zscaler.com
0	acsbapp.com Failed	www.zscaler.com
0	td.doubleclick.net Failed	www.googletagmanager.com
139	33

This site contains links to these domains. Also see Links.

Domain
threatlabz.zscaler.com
help.zscaler.com
admin.zscaler.net
admin.zscalerone.net
admin.zscalertwo.net
admin.zscalerthree.net
admin.zscalerbeta.net
admin.zscloud.net
admin.private.zscaler.com
admin.zpatwo.net
securitypreview.zscaler.com
customer.zscaler.com
community.zscaler.com
ir.zscaler.com
www.facebook.com
twitter.com
www.linkedin.com
lab52.io
securityintelligence.com
ti.360.net
blog.trendmicro.com
mp.weixin.qq.com
www.welivesecurity.com
threatlibrary.zscaler.com
html.malurl.gen.nc
github.com
facebook.com
linkedin.com
youtube.com

Subject Issuer	Validity	Valid
www.zscaler.com DigiCert SHA2 Extended Validation Server CA	`2024-02-28` - `2025-02-23`	a year	crt.sh
*.iseaskies.com Amazon RSA 2048 M02	`2024-06-18` - `2025-07-18`	a year	crt.sh
cdn.intellimize.co R11	`2024-07-13` - `2024-10-11`	3 months	crt.sh
cookielaw.org WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
info.zscaler.com WE1	`2024-09-07` - `2024-12-06`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.intellimizeio.com Amazon RSA 2048 M02	`2023-10-25` - `2024-11-22`	a year	crt.sh
api.intellimize.co Amazon RSA 2048 M02	`2023-10-25` - `2024-11-22`	a year	crt.sh
geolocation.onetrust.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
log.intellimize.co Amazon RSA 2048 M03	`2023-10-24` - `2024-11-21`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-19` - `2024-09-17`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.google.ca WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.googleadservices.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-04-23` - `2025-05-22`	a year	crt.sh
zi-scripts.com WE1	`2024-07-25` - `2024-10-23`	3 months	crt.sh
zoominfo.com E5	`2024-08-14` - `2024-11-12`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Frame ID: 30A34E97FB14DFAA5004454E930B9FEA
Requests: 127 HTTP requests in this frame

Frame: https://117186981.intellimizeio.com/storage.html
Frame ID: D2EB9FE9F152FE86C35F37142105D131
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-10SPJ4YJL9&gacid=1720633494.1725944026&gtm=45je4940v883639532za200zb71607006&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=721953433
Frame ID: 5A45A103CBF6606D3EC77C1D3A652560
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/812494211?random=1725944026428&cv=11&fst=1725944026428&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 8B44E023E31E38C459518E061A71C00A
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/812494211?random=1725944026497&cv=11&fst=1725944026497&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&ct_cookie_present=0
Frame ID: 4DA443440CE2853134B1275A458E9B0B
Requests: 1 HTTP requests in this frame

Frame: https://info.zscaler.com/index.php/form/XDFrame
Frame ID: 85E7FB1F062C2BF87BA9545016553A51
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

139
Requests

94 %
HTTPS

62 %
IPv6

22
Domains

33
Subdomains

30
IPs

2
Countries

2470 kB
Transfer

7217 kB
Size

22
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://threatlabz.zscaler.com/
Title: ThreatLabz

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/phone-support
Title: Support

Search URL Search Domain Scan URL

URL: https://admin.zscaler.net/
Title: Zscaler Cloud Portal | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalerone.net/
Title: Zscaler Cloud Portal One | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalertwo.net/
Title: Zscaler Cloud Portal Two | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalerthree.net/
Title: Zscaler Cloud Portal Three | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalerbeta.net/
Title: Zscaler Cloud Portal Beta | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscloud.net/
Title: admin.zscloud.net

Search URL Search Domain Scan URL

URL: https://admin.private.zscaler.com/
Title: Zscaler Private Access Cloud Portal One | Admin

Search URL Search Domain Scan URL

URL: https://admin.zpatwo.net/
Title: Zscaler Private Access Cloud Portal Two | Admin

Search URL Search Domain Scan URL

URL: https://threatlabz.zscaler.com/cloud-insights/cloud-activity-dashboard
Title: ThreatLabz Analytics

Search URL Search Domain Scan URL

URL: http://securitypreview.zscaler.com/
Title: Security Preview

Search URL Search Domain Scan URL

URL: https://customer.zscaler.com/
Title: Customer Success Center

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/
Title: Zenith Community

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/
Title: Zscaler Help Portal

Search URL Search Domain Scan URL

URL: https://ir.zscaler.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://tinyurl.com/2aehqxzf

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://tinyurl.com/2aehqxzf%20%E2%80%94%20BlindEagle%20Targets%20Colombian%20Insurance%20Sector%20with%20BlotchyQuasar%22

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://tinyurl.com/2aehqxzf

Search URL Search Domain Scan URL

URL: https://lab52.io/blog/apt-c-36-recent-activity-analysis/
Title: known

Search URL Search Domain Scan URL

URL: https://securityintelligence.com/x-force/x-force-hive0129-targeting-financial-institutions-latam-banking-trojan/
Title: publication

Search URL Search Domain Scan URL

URL: https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/
Title: documented

Search URL Search Domain Scan URL

URL: https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc
Title: here

Search URL Search Domain Scan URL

URL: https://mp.weixin.qq.com/s/T15pdznZZ4ZsVVpcKrWlnQ
Title: past

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/
Title: documented

Search URL Search Domain Scan URL

URL: https://mp.weixin.qq.com/s/6YDnMAf0laiLKukJ04XLTQ
Title: known

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=BlindEagle
Title: Win32.Trojan.BlindEagle

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=HTML.Malurl.Gen.NC
Title: HTML.Malurl.Gen.LZ

Search URL Search Domain Scan URL

URL: http://html.malurl.gen.nc/
Title: HTML.Malurl.Gen.NC

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=HTML.Malurl.Gen.TT
Title: HTML.Malurl.Gen.TT

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=HTML.Phish.Gen.LZ
Title: HTML.Phish.Gen.LZ

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=Win32.Backdoor.Asyncrat.BS
Title: Win32.Backdoor.Asyncrat.BS

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=Win32.Backdoor.Bladabindi.LZ
Title: Win32.Backdoor.Bladabindi.LZ

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=Win32.Backdoor.Dcrat.BS
Title: Win32.Backdoor.Dcrat.BS

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=Win32.Backdoor.Nanocore.BS
Title: Win32.Backdoor.Nanocore.BS

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=Win32.Backdoor.Njrat.BS
Title: Win32.Backdoor.Njrat.BS

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=Win32.Backdoor.Quasarrat.LZ
Title: Win32.Backdoor.Quasarrat.LZ

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=Win32.Backdoor.Remcosrat.BS
Title: Win32.Backdoor.Remcosrat.BS

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=Win32.Backdoor.Smokeloader.BS
Title: Win32.Backdoor.Smokeloader.BS

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?threatname=Win32.Trojan.Agent
Title: Win32.Trojan.Agent

Search URL Search Domain Scan URL

URL: https://github.com/ThreatLabz/iocs/blob/main/blindeagle/blindeagle_domains.txt
Title: GitHub repository

Search URL Search Domain Scan URL

URL: https://facebook.com/zscaler
Title: Visit us on Facebook

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/zscaler
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/zscaler
Title: Follow us on Twitter

Search URL Search Domain Scan URL

URL: https://youtube.com/user/ZscalerMarketing
Title: Subscribe our Youtube Channel

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 105

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=576682375&cv=11&fst=1725944026497&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgijxbECCJzHsQIIm8exAkoVdHJpZ2dlciwgZXZlbnQtc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMIodv2xMq3iAMVEwpoCB2D6QW7MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8 HTTP 302
https://www.google.com/pagead/1p-conversion/812494211/?random=576682375&cv=11&fst=1725944026497&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgijxbECCJzHsQIIm8exAkoVdHJpZ2dlciwgZXZlbnQtc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMIodv2xMq3iAMVEwpoCB2D6QW7MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwDpaXnfeZ02eSXEBQA1sqWlh5cr_XYrcrRNSQ&random=3242574418 HTTP 302
https://www.google.ca/pagead/1p-conversion/812494211/?random=576682375&cv=11&fst=1725944026497&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgijxbECCJzHsQIIm8exAkoVdHJpZ2dlciwgZXZlbnQtc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMIodv2xMq3iAMVEwpoCB2D6QW7MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwDpaXnfeZ02eSXEBQA1sqWlh5cr_XYrcrRNSQ&random=3242574418&ipr=y

139 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request blindeagle-targets-colombian-insurance-sector-blotchyquasar Show response
www.zscaler.com/blogs/security-research/ 424 KB
74 KB 625ms
379ms Document
text/html 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

5ace4b260d8cc098255c19ab9873277521e5084cba91c9a00bc89337d5a8f924

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: https://.pathfactory.com https://explore.zscaler.com; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com .mountain.com https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://.pathfactory.com https://explore.zscaler.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://.pathfactory.com https://explore.zscaler.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://.pathfactory.com https://explore.zscaler.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://.adroll.com/ https://explore.zscaler.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

age: 569
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Durable"; hit; ttl=31, "Next.js"; hit, "Netlify Edge"; fwd=stale
cf-cache-status: DYNAMIC
cf-ray: 8c0cd0e56ea9aab4-YYZ
content-encoding: br
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://explore.zscaler.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com;
content-type: text/html; charset=utf-8
date: Tue, 10 Sep 2024 04:53:44 GMT
netlify-vary: header=x-nextjs-data|x-next-debug-logging|Accept-Encoding,cookie=__prerender_bypass|__next_preview_data
server: cloudflare
strict-transport-security: max-age=31536000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN https://cms.zscaler.com
x-nextjs-date: Tue, 10 Sep 2024 04:44:52 GMT
x-nf-request-id: 01J7D4FJW6AZR1017F6BQJS2N8
x-powered-by: Next.js
x-xss-protection: 1; mode=block

GET
H2 200 1395e54b70b06b444656a2f40c135374.js Show response
ob.iseaskies.com/i/ 107 KB
40 KB 398ms
86ms Script
text/javascript 2600:9000:23cb:400:c:d449:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:400:c:d449:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: e9d919ef6729ce98242f654623573a610e20bbfb9ea469803683b521d082b2ed

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 17:59:53 GMT
content-encoding: gzip
via: 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: JFK50-P1
age: 39231
etag: "1ad97-jvz3Rt1opGTSjErygl/+ztzLThA"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 40209
x-amz-cf-id: Wt6Gj99bPanUWdD8-2vobF8WgsJrv7d2WJYaau729owxbjzlVeFCaA==
expires: Tue, 10 Sep 2024 05:59:53 GMT

GET
H2 200 117186981.js Show response
cdn.intellimize.co/snippet/ 451 KB
105 KB 397ms
137ms Script
application/javascript 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.intellimize.co/snippet/117186981.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5f4b375dd7597a331d5e31dd20830360cca4c80e4420bbafa89ac520b940a56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 10 Sep 2024 04:53:44 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 0
x-timer: S1725944025.578203,VS0,VE68
etag: "0a7f3b9675f0dcde1596b030c487cf3bc--gzip"
vary: Intellimize-Namespace, Intellimize-StatusModule, Accept-Encoding
x-cache: HIT
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, must-revalidate
accept-ranges: bytes
content-length: 106785
x-served-by: cache-yul1970039-YUL

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 170 KB
27 KB 340ms
86ms Script
application/x-javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/OtAutoBlock.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e7e36f3f88692d69244aa905916aabc0e00bcc987bbc4cef85324e8c3733266

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 10 Sep 2024 04:53:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 38319
content-md5: xD1AeAP0mkjc7DsdK25Fqg==
content-length: 27724
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 09:57:51 GMT
server: cloudflare
etag: 0x8DC95C670FC37F2
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 65f42ae6-f01e-00de-7caf-c7c323000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c0cd0e9dd75abb8-YYZ
expires: Wed, 11 Sep 2024 04:53:44 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 305ms
51ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 10 Sep 2024 04:53:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: UfYkxNZYUi8O8CsxmalgUg==
age: 49763
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6881
x-ms-lease-status: unlocked
last-modified: Mon, 09 Sep 2024 02:35:03 GMT
server: cloudflare
etag: 0x8DCD07802B5F966
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 77e1b83e-d01e-0063-05a9-02d5af000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c0cd0e9dd74abb8-YYZ

GET
H2 200 image
www.zscaler.com/_next/ 321 KB
321 KB 242ms
231ms Image
image/avif 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2FBBE.jpg&w=3840&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

454e2772877a83b2ec25b070ad073482a487b3b1af428961354b683e2f134bb6

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9ZZDYHZJGX00QY996R
date: Tue, 10 Sep 2024 04:53:44 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 652
cross-origin-resource-policy: cross-origin
content-length: 328309
last-modified: Tue, 10 Sep 2024 04:42:52 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=stale
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public,max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c0cd0e858d1aab4-YYZ

GET
H2 200 219e54771de95554-s.p.woff2
www.zscaler.com/_next/static/media/ 37 KB
37 KB 136ms
126ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/219e54771de95554-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9JKC0VG95YKKRE9479
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 14848
cache-status: "Netlify Edge"; hit
etag: "babaa13f5c4ebc035bab259b01678acd-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8c0cd0e81890aab4-YYZ
content-length: 37876

GET
H2 200 86085b213eb89904-s.p.woff2
www.zscaler.com/_next/static/media/ 39 KB
39 KB 123ms
113ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/86085b213eb89904-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK8ZJQMRFBFA7AE2J0NF
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 10917
cache-status: "Netlify Edge"; hit
etag: "894b88dea44b3eea86047b5a14f70bd6-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8c0cd0e81891aab4-YYZ
content-length: 40264

GET
H2 200 9cdafb0650413334-s.p.woff2
www.zscaler.com/_next/static/media/ 39 KB
40 KB 137ms
128ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/9cdafb0650413334-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9JVQSMAAR8NZ3CYP6N
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 14848
cache-status: "Netlify Edge"; hit
etag: "df72b7565a3dbb7f09aca50548800425-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8c0cd0e81892aab4-YYZ
content-length: 40336

GET
H2 200 4012cc4b67ad157d-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
9 KB 146ms
137ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/4012cc4b67ad157d-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9MYG1Z817DF4YC6XHM
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 14848
cache-status: "Netlify Edge"; hit
etag: "c6972ec112502e69799d66e6952e00da-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8c0cd0e81893aab4-YYZ
content-length: 9592

GET
H2 200 41998fdc1b8220a0-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
10 KB 140ms
131ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/41998fdc1b8220a0-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9M4A2ETQJ3ZKAHDD01
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 10917
cache-status: "Netlify Edge"; hit
etag: "9bd07d3df76f4f2bde51ff4f6856a884-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8c0cd0e81894aab4-YYZ
content-length: 9620

GET
H2 200 edb9f1eb1c1a7ead-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
9 KB 139ms
130ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/edb9f1eb1c1a7ead-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9MZF08SZKK3A0GHH49
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 14848
cache-status: "Netlify Edge"; hit
etag: "05b344f4b2133542bb04a3fa3940eb19-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8c0cd0e81896aab4-YYZ
content-length: 8780

GET
H2 200 ce9b84dce7581e2b-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
9 KB 137ms
129ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/ce9b84dce7581e2b-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9MECCW6RCXV9NTEDA7
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 14848
cache-status: "Netlify Edge"; hit
etag: "6f9138b6bf5773aec5477a54d805b48a-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8c0cd0e81897aab4-YYZ
content-length: 8764

GET
H2 200 f77e488ef3006853.css
www.zscaler.com/_next/static/css/ 111 KB
22 KB 95ms
88ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/f77e488ef3006853.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49423a0bf3f95433270da8616d8b5fd1c33c1a87312f0dd419fa68745f77d73f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK86QSGW1JAVRGT0RA8K
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"69694e1e331cd8f51b3e2f0943330975-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f86aaab4-YYZ

GET
H2 200 a4fc5e556b7ae865.css
www.zscaler.com/_next/static/css/ 93 KB
10 KB 113ms
105ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/a4fc5e556b7ae865.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7df1146c5c321131210e8251e38568f46755aa3b4118ebf5194ffe6c83282fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK8VCGCAQQKD1NH3WXS1
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29939
cache-status: "Netlify Edge"; hit
etag: W/"e51a3adb8cbe21d4cb922932b69fe897-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f86baab4-YYZ

GET
H2 200 d05e43edad140bdd.css
www.zscaler.com/_next/static/css/ 75 KB
10 KB 115ms
108ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d05e43edad140bdd.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff1babc9b98b9a6646d0ce248a7be2b355c8335c400f9b05e6cc28850d0b5b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK900RJFXD3F3V8XDW5H
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29828
cache-status: "Netlify Edge"; hit
etag: W/"4dbcbbe6277a11835140e99afeace45f-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f86caab4-YYZ

GET
H2 200 60ab7ffa9f7999ec.css
www.zscaler.com/_next/static/css/ 849 B
391 B 110ms
104ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/60ab7ffa9f7999ec.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK8VZMXFBCF4ANZ4J4RJ
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 20445
cache-status: "Netlify Edge"; hit
etag: W/"5c59d05d39e571427d40dd8d09b3cdb1-ssl"
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f86eaab4-YYZ

GET
H2 200 54b114f76a2643a4.css
www.zscaler.com/_next/static/css/ 14 KB
2 KB 107ms
101ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/54b114f76a2643a4.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK8K951MCK0K7PWXCQPD
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29245
cache-status: "Netlify Edge"; hit
etag: W/"b3b28bba19cd8cc9e623e240c2173191-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f871aab4-YYZ

GET
H2 200 f5464589614907bb.css
www.zscaler.com/_next/static/css/ 6 KB
1 KB 120ms
114ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/f5464589614907bb.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87565af07d1cabde211838c4025996136c7bb2db2507c920c0e36eb92924611a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK8YDEGPQWB5100G8P6J
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 20445
cache-status: "Netlify Edge"; hit
etag: W/"18314490c5b1ab3d98a7816fd0e87e72-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f872aab4-YYZ

GET
H2 200 455227249223c84c.css
www.zscaler.com/_next/static/css/ 7 KB
1 KB 111ms
106ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/455227249223c84c.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK8WQ8DMGQ70BD7BNW6T
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 20445
cache-status: "Netlify Edge"; hit
etag: W/"5e804ffd42b47c9b8cd3dd20a421e789-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f874aab4-YYZ

GET
H2 200 59cb0a1d87010ab3.css
www.zscaler.com/_next/static/css/ 19 KB
3 KB 123ms
118ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/59cb0a1d87010ab3.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c57780c294c4ac3bb4790f10f11ab4afe4e323819d2ae1278de9cc6b390fc7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK8Z4FGF2HW8VT4RS4BY
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"c8e0e82327506671fa47f63d154c5a53-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f875aab4-YYZ

GET
H2 200 d34fc117d4462dbb.css
www.zscaler.com/_next/static/css/ 7 KB
1 KB 130ms
125ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d34fc117d4462dbb.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK93B1WQBHVVSCVQVARX
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 20445
cache-status: "Netlify Edge"; hit
etag: W/"2a8acaa7178d13abe2617ddf64fd1a8d-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f876aab4-YYZ

GET
H2 200 656fd790af24ffd4.css
www.zscaler.com/_next/static/css/ 96 KB
13 KB 114ms
110ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/656fd790af24ffd4.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce4b9900352ba9e0a9209fb7bb9091885d4885c7949fc2bd90c79febb49a5a07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK8XHZA4MY2V6W4TFWQN
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"47a4b568e55d000c6fd4acb6145c235b-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e7f878aab4-YYZ

GET
H2 200 7566.5082386543b2a684.js Show response
www.zscaler.com/_next/static/chunks/ 10 KB
4 KB 131ms
120ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/7566.5082386543b2a684.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b89552a143cbaa413fd21099e186eb0aa1b232e55d6763fe0252c7b93fe5f36c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9Z6D7T65RHG89RYN3N
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 20445
cache-status: "Netlify Edge"; hit
etag: W/"f3f7e99a876517878986edbf374b8568-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858d3aab4-YYZ

GET
H2 200 6738.2a48bc2e3b3dbd9b.js Show response
www.zscaler.com/_next/static/chunks/ 11 KB
3 KB 91ms
80ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6738.2a48bc2e3b3dbd9b.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f6045896175e46df89c979d4fbea8e342c5ea68d31aca26b6d975c907a9100c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKA4P5RQP64RKY37DPYK
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 27643
cache-status: "Netlify Edge"; hit
etag: W/"eef992a033e60aa260b98285e7c62c82-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858d5aab4-YYZ

GET
H2 200 537.8ad21235b8edef2f.js Show response
www.zscaler.com/_next/static/chunks/ 604 B
429 B 97ms
86ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/537.8ad21235b8edef2f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKA2NVS2NBT06EP2FASD
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"d9f5c31ba3339a24433c535485fd1646-ssl"
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858d6aab4-YYZ

GET
H2 200 8338.059e5172eb1cf859.js Show response
www.zscaler.com/_next/static/chunks/ 115 KB
37 KB 92ms
83ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/8338.059e5172eb1cf859.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fbeee7b066c53e5cb023ba504ccb291d1db541e0965ec796fb049f28d8b4eb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9ZF5V3DT7XANBP9ZNK
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 20445
cache-status: "Netlify Edge"; hit
etag: W/"cb6ebfac0302c625c9d533cfb820e034-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858daaab4-YYZ

GET
H2 200 4194.f2b447ff90ef56b7.js Show response
www.zscaler.com/_next/static/chunks/ 3 KB
2 KB 113ms
104ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/4194.f2b447ff90ef56b7.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ba73726ee2fed9f8e07b9114a4c73a044ccbcf3acbc6981fa7bf5f74eb13ff3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKA10VHCD3QMY8G353CH
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 20445
cache-status: "Netlify Edge"; hit
etag: W/"b0c8e0e9093ef9ee7c44a0b590786174-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858dcaab4-YYZ

GET
H2 200 9775.864cadc11d0a4959.js Show response
www.zscaler.com/_next/static/chunks/ 3 KB
1 KB 83ms
74ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/9775.864cadc11d0a4959.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b677e677ced8c4a836aed76512f225e795edc1b19123c4cf94a765f8fe89d192

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9YVBFDR6DVD4WQ4AR9
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 20445
cache-status: "Netlify Edge"; hit
etag: W/"1414a1ddbdcc234df74fc96ee7eef337-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858ddaab4-YYZ

GET
H2 200 1306.ecbb5f5687e6ffba.js Show response
www.zscaler.com/_next/static/chunks/ 7 KB
3 KB 91ms
82ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/1306.ecbb5f5687e6ffba.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f33bdae41b92fde14421ec90ec53d25e6a4efc28bbbd699149218ceb1918108

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9ZKRJXACRZ8YNR30QK
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"3b492e4640662302a463522791639043-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858dfaab4-YYZ

GET
H2 200 2284.41cf9fa786d6f052.js Show response
www.zscaler.com/_next/static/chunks/ 3 KB
1 KB 89ms
81ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/2284.41cf9fa786d6f052.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24b183e48e7ae75614d4ff931e62ab4e0e829a5e2788dd075548792350e170b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FK9YJFN2YG1JTMXXBN8S
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 20445
cache-status: "Netlify Edge"; hit
etag: W/"e25f6a887cdadb0a11ddc443417a9d3a-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858e0aab4-YYZ

GET
H2 200 893.e792bfa65907ae7a.js Show response
www.zscaler.com/_next/static/chunks/ 43 KB
14 KB 124ms
117ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/893.e792bfa65907ae7a.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b89f86c8c22196539fac8466a5b9cc5ab40c6bc945747d6cd42fa3ff04671fed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKA64F1FVJ1JNPM2JJFM
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"eee04bfbf5f7e7ab13380e1289e9ae1a-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858e3aab4-YYZ

GET
H2 200 webpack-28335b8f92c11184.js Show response
www.zscaler.com/_next/static/chunks/ 11 KB
6 KB 110ms
103ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/webpack-28335b8f92c11184.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eafa393faa22070d8ea92da74bfd3e08dfda9e4da8d48181f07107821c4079e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKA61756MMPZ61YZYBKH
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14848
cache-status: "Netlify Edge"; hit
etag: W/"3fc94b57a02058fab7ef39f79a4a8c51-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e858e5aab4-YYZ

GET
H2 200 framework-0e8d27528ba61906.js Show response
www.zscaler.com/_next/static/chunks/ 138 KB
45 KB 123ms
116ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/framework-0e8d27528ba61906.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd06da99f01b4d5e3fc4c54e4e3cf4ae18803c08bc113e4cb923638d6e683278

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKAAXQ9DT2VT9T2NVVX7
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14848
cache-status: "Netlify Edge"; hit
etag: W/"6a439261d41a2394a03e0a4354d7bfdd-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e86908aab4-YYZ

GET
H2 200 main-7c8d262537cac334.js Show response
www.zscaler.com/_next/static/chunks/ 111 KB
33 KB 107ms
102ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c52c74d5f72fba35bbb92461ac20ea6d80b9e826d28369d5fa6010d9838508ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKA7AC9682YESN85X6C2
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 8127
cache-status: "Netlify Edge"; hit
etag: W/"16b7038049448ed0734707b3e7f45ff7-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e8690aaab4-YYZ

GET
H2 200 _app-fd58920d1c9e1220.js Show response
www.zscaler.com/_next/static/chunks/pages/ 377 KB
124 KB 119ms
114ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/pages/_app-fd58920d1c9e1220.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9217038d7100e4a5c7525b9c9e86e54ce57f05c8e04db649685d1526df8e8e3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKA9TTWEWX8QWPQ255YK
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14848
cache-status: "Netlify Edge"; hit
etag: W/"13b9b1d16f3b6cb3ca1afc61df95f726-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e8690caab4-YYZ

GET
H2 200 845-e390975b4393c6b2.js Show response
www.zscaler.com/_next/static/chunks/ 259 KB
71 KB 131ms
127ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/845-e390975b4393c6b2.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abb6af9a530087178eacff4876bb882d6e55e6be8e9d1255636a0faffc165a7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKADBKXXREXS1T9T0QTP
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 16125
cache-status: "Netlify Edge"; hit
etag: W/"9f72b367fa40839921f6b51a1d179451-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e8690eaab4-YYZ

GET
H2 200 5865-09ac5a68cb70c7f3.js Show response
www.zscaler.com/_next/static/chunks/ 135 KB
38 KB 203ms
199ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5865-09ac5a68cb70c7f3.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c3dfb68ff11fe295d20cdd98826c65161cf5d480d25f72b10d9a182f9e2a1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKAT579H0940VNPD3P2A
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"debacf30d01c6eb070be3313cc27cf8f-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e86911aab4-YYZ

GET
H2 200 544-ce2815528d4dfb14.js Show response
www.zscaler.com/_next/static/chunks/ 85 KB
21 KB 131ms
127ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/544-ce2815528d4dfb14.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1c06f4cfe28072e6ab4035f44de1913ca49583c1d2de8bc14c5ebbcaf306dab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKADQY01HYVB4VR7PPYV
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"66971f4f0ae836d285d437ea7e40d990-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e86912aab4-YYZ

GET
H2 200 152-900faac8f5205ffe.js Show response
www.zscaler.com/_next/static/chunks/ 139 KB
31 KB 149ms
145ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/152-900faac8f5205ffe.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b96b3dd25cf7cedbdac7a744149d2a1004b2d37b370d30380faf0f7b5fc987a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKAGCEZJZMNXYAZAV74P
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"54ed7f12d14047b06b3472afdffbf5f4-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e86914aab4-YYZ

GET
H2 200 %5B...slug%5D-467f3bff10ed8748.js Show response
www.zscaler.com/_next/static/chunks/pages/blogs/ 3 KB
2 KB 118ms
114ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/pages/blogs/%5B...slug%5D-467f3bff10ed8748.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ba4e920abca0a6261cf4309f8f15e10a18c7730e16d0723de0edce3d4416a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKAEMQHC3SGAKTPS79WF
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29245
cache-status: "Netlify Edge"; hit
etag: W/"518dc0736bd5eab1241757ad336fa667-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e86916aab4-YYZ

GET
H2 200 _buildManifest.js Show response
www.zscaler.com/_next/static/laUl4Tu0C-qfXO1lbpBNE/ 3 KB
1 KB 120ms
116ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/laUl4Tu0C-qfXO1lbpBNE/_buildManifest.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7716a1c9673bfdb902bb0eeddbb15a4a4b8d100cca7b03de4363ce2ae91e19fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKAAMSBY4YTTX09PR8P9
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29630
cache-status: "Netlify Edge"; hit
etag: W/"c18ba4c755908b7ab9a3fb3c6f981a93-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e86918aab4-YYZ

GET
H2 200 _ssgManifest.js Show response
www.zscaler.com/_next/static/laUl4Tu0C-qfXO1lbpBNE/ 449 B
295 B 119ms
115ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/laUl4Tu0C-qfXO1lbpBNE/_ssgManifest.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42717a207578018b81bd5bfb13fd41672e8081f2fa517e078b437c080885bb3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKAAMWEHA2GTTEXEYTA6
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29761
cache-status: "Netlify Edge"; hit
etag: W/"fcefbdba4fc8e29f2bdcfea13b4b78d5-ssl"
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0e8691aaab4-YYZ

GET
H2 200 email-decode.min.js Show response
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
829 B 66ms
62ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
last-modified: Wed, 04 Sep 2024 18:15:33 GMT
server: cloudflare
content-encoding: gzip
etag: W/"66d8a3c5-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 8c0cd0e87932aab4-YYZ
expires: Thu, 12 Sep 2024 04:53:44 GMT

GET
H2 200 image
www.zscaler.com/_next/ 4 KB
4 KB 121ms
104ms Image
image/avif 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=%2Fassets%2Fimages%2Fdefault-avatar.png&w=96&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09ffe1ebce8835c9b4d8232b59214200e95e6c2d2a3d67aba4d3f578051cd3a8

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKM5F0DQQZZVF4X2MCJT
date: Tue, 10 Sep 2024 04:53:44 GMT
content-security-policy
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 29930
cross-origin-resource-policy: cross-origin
content-length: 3824
last-modified: Mon, 09 Sep 2024 20:34:54 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=stale
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c0cd0ea6a4caab4-YYZ

GET
H2 200 fig1.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/ 38 KB
38 KB 733ms
717ms Image
image/webp 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/fig1.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52d3c4e38e360ac686b3af87234f883555d98708610d7a2c5ee8bfe3883a4e98

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:45 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
content-length: 38794
cf-resized: internal=ok/d q=0 n=563+237 c=0+0 v=2024.9.1 l=38794 f=false
last-modified: Wed, 04 Sep 2024 23:43:48 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf6oacctFRy4FBYSSVBwklK0431gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
content-type: image/webp
cache-control: max-age=300
accept-ranges: bytes
cf-ray: 8c0cd0ea6a4daab4-YYZ

GET
H2 200 3e894970-e3e9-4783-85e9-7c38eedbfbbf.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 5 KB
2 KB 238ms
59ms XHR
application/x-javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/3e894970-e3e9-4783-85e9-7c38eedbfbbf.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b0cd39d290a1403b6303c049dceebac871d07a5f776b53f4e425ec2235d16a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 10 Sep 2024 04:53:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 38318
content-md5: oj+Dp3bF+hHUZlalRDGEBg==
content-length: 1840
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 09:57:50 GMT
server: cloudflare
etag: 0x8DC95C6709730F1
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 609ffdb0-a01e-000a-38af-c78a03000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c0cd0ebbe42ac7c-YYZ
expires: Wed, 11 Sep 2024 04:53:44 GMT

GET
H2 200 7763.d758ee891eda7402.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
749 B 69ms
62ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/7763.d758ee891eda7402.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-28335b8f92c11184.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKQXEQVH0D02PEWMBRKW
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29628
cache-status: "Netlify Edge"; hit
etag: W/"17febf2951ad34c7eeeef4016c7b0b2f-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0eb2ab0aab4-YYZ

GET
H2 200 5551.c4fb596d5a66633e.js Show response
www.zscaler.com/_next/static/chunks/ 1000 B
725 B 67ms
61ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5551.c4fb596d5a66633e.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-28335b8f92c11184.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKQYBDVBWRFM6KCX6Y65
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29628
cache-status: "Netlify Edge"; hit
etag: W/"a6691d54597182ea40834fe228daf31e-ssl"
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0eb2ab4aab4-YYZ

GET
H2 200 6023.ccb3fff03c4fa91a.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
724 B 66ms
62ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6023.ccb3fff03c4fa91a.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-28335b8f92c11184.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKR17QJC033QGF3JV378
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29628
cache-status: "Netlify Edge"; hit
etag: W/"cdf67233aa350887f94d408f802c7482-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0eb2ab5aab4-YYZ

GET
H2 200 790.d7dc94c2ef6f512f.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
877 B 67ms
63ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/790.d7dc94c2ef6f512f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-28335b8f92c11184.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKR1K7326KFYRM76S36V
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29628
cache-status: "Netlify Edge"; hit
etag: W/"a1ea44e59828d3f7a982ea32905c6987-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0eb2ab6aab4-YYZ

GET
H2 200 6831.3072668993ea221f.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
721 B 92ms
88ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6831.3072668993ea221f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-28335b8f92c11184.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKR2XRSM4PN1PJCBY0XX
date: Tue, 10 Sep 2024 04:53:44 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29628
cache-status: "Netlify Edge"; hit
etag: W/"e6955a7112f40e9844da8900d4e701a7-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0eb2ab7aab4-YYZ

GET
H2 200 image
www.zscaler.com/_next/ 38 KB
38 KB 174ms
167ms Image
image/avif 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fkimsuky_cover_image_v2%2520copy_0.jpeg&w=600&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/5865-09ac5a68cb70c7f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e98ebd4041010e01df2e124d17e054116bd1f2e41def6e190fb18602b264db98

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FKYQG44VBSJVCAAYF6PZ
date: Tue, 10 Sep 2024 04:53:45 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 0
cross-origin-resource-policy: cross-origin
content-length: 38919
last-modified: Tue, 10 Sep 2024 04:53:45 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=stale
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public,max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c0cd0ec7b73aab4-YYZ

GET
H2 200 image
www.zscaler.com/_next/ 29 KB
29 KB 169ms
163ms Image
image/avif 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fvalley.jpeg&w=600&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/5865-09ac5a68cb70c7f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

685103d7ca1581c612943dd5ce76d0e74212716dbc6f75d1d01ac70c1eade3cb

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FM00RJJDY06WBQH4VT1H
date: Tue, 10 Sep 2024 04:53:45 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 1595
cross-origin-resource-policy: cross-origin
content-length: 29194
last-modified: Tue, 10 Sep 2024 04:27:10 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=stale
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public,max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c0cd0eccb9baab4-YYZ

GET
H2 200 image
www.zscaler.com/_next/ 51 KB
51 KB 167ms
164ms Image
image/avif 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fblog-tile-img-700x467-ransomware%2520copy.jpeg&w=600&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/5865-09ac5a68cb70c7f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac8c71f464bc80f20aa285359b0f9cf4f26ecdc5eb46b9c000f9b395af6cd966

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FM01GJEJA7SKXKXXJP9A
date: Tue, 10 Sep 2024 04:53:45 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 1
cross-origin-resource-policy: cross-origin
content-length: 51921
last-modified: Tue, 10 Sep 2024 04:53:44 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=stale
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public,max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c0cd0eccb9eaab4-YYZ

GET
H2 200 forms2.min.js Show response
info.zscaler.com/js/forms2/js/ 199 KB
67 KB 311ms
85ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/js/forms2.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 19 Jul 2024 20:11:11 GMT
server: cloudflare
etag: "264036e-31b30-61d9f4beb95c0"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 8c0cd0edecba36a9-YYZ
expires: Tue, 10 Sep 2024 08:53:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 386 KB
122 KB 380ms
111ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a7229d8668646d604d4f54850b206c06d1528f99e65660aa121fdac9ce75b1d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 124693
x-xss-protection: 0
last-modified: Tue, 10 Sep 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 10 Sep 2024 04:53:45 GMT

GET
H2 200 a4fc5e556b7ae865.css Show response
www.zscaler.com/_next/static/css/ 93 KB
115 B 67ms
66ms Fetch
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/a4fc5e556b7ae865.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7df1146c5c321131210e8251e38568f46755aa3b4118ebf5194ffe6c83282fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FM01NZ400344NHBMSRJJ
date: Tue, 10 Sep 2024 04:53:45 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29939
cache-status: "Netlify Edge"; hit
etag: W/"e51a3adb8cbe21d4cb922932b69fe897-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0eccb9faab4-YYZ

GET
H2 200 d05e43edad140bdd.css Show response
www.zscaler.com/_next/static/css/ 75 KB
92 B 93ms
92ms Fetch
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d05e43edad140bdd.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff1babc9b98b9a6646d0ce248a7be2b355c8335c400f9b05e6cc28850d0b5b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FM04G46FEKWPJA6T4KNR
date: Tue, 10 Sep 2024 04:53:45 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 29828
cache-status: "Netlify Edge"; hit
etag: W/"4dbcbbe6277a11835140e99afeace45f-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0eccba1aab4-YYZ

GET
H2 200 storage.html
117186981.intellimizeio.com/ Frame D2EB 0
0 468ms
118ms Document
text/html 35.168.235.217
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://117186981.intellimizeio.com/storage.html

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.168.235.217 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-168-235-217.compute-1.amazonaws.com

Software

/ Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 5628
content-type: text/html; charset=utf-8
date: Tue, 10 Sep 2024 04:53:45 GMT
etag: W/"15fc-Uk1A5QrccB7iUltcerqKsVx8Uo0"
strict-transport-security: max-age=15552000; includeSubDomains
x-powered-by: Express

POST
H2 200 117186981 Show response
api.intellimize.co/context-v2/ 552 B
640 B 504ms
102ms Fetch
application/json 44.221.229.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.intellimize.co/context-v2/117186981

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.221.229.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-221-229-42.compute-1.amazonaws.com

Software

Resource Hash

e86ca50439ba8b66761fd08fbf883fdfdf4429569a6bc02b1e8eb29c02c58e9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
306 B 485ms
106ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8c0cd0efef21a216-YYZ
access-control-allow-headers: Content-Type

POST
H2 200 clientlogger
log.intellimize.co/ 3 B
316 B 643ms
216ms Ping
application/json 52.13.225.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://log.intellimize.co/clientlogger

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.13.225.49 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-13-225-49.us-west-2.compute.amazonaws.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

GET
H2 200 image
www.zscaler.com/_next/ 160 KB
160 KB 126ms
124ms Image
image/avif 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2FBBE.jpg&w=1920&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d61c3c53175f69ee55bdf88e5391aff180547f47cf8bd42fe9c2a63ec87ff25

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FM73BSGPESB3ZHYWWE3H
date: Tue, 10 Sep 2024 04:53:45 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 1593
cross-origin-resource-policy: cross-origin
content-length: 163752
last-modified: Tue, 10 Sep 2024 04:27:12 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=stale
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public,max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c0cd0ee2c8eaab4-YYZ

GET
H2 200 ct Show response
obs.iseaskies.com/ 4 KB
2 KB 425ms
101ms Script
text/javascript 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/ct?id=60409&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1725944025491&hl=2&op=0&ag=1074146904&rand=2382122579722268856102002255000153015647801902839297011821080402925617900599602100970&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDE3MF0sWyJhYm5jaCIsMzRdLFstMjQsIltdIl0sWy0yNiwie1widGpoc1wiOjI0MjM1NTM1LFwidWpoc1wiOjE3NDU3ODY3LFwiamhzbFwiOjQyOTQ3MDUxNTJ9Il0sWy0zMCwiW1widlwiLDBdIl0sWy00MCwiMzMiXSxbLTQxLCItIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDQsIjAsMCwwLDUiXSxbLTUzLCIxMDAiXSxbLTYxLCJ7XCJ3Z3NsXCI6XCI0O3JlYWRvbmx5X2FuZF9yZWFkd3JpdGVfc3RvcmFnZV90ZXh0dXJlcztwYWNrZWRfNHg4X2ludGVnZXJfZG90X3Byb2R1Y3Q7dW5yZXN0cmljdGVkX3BvaW50ZXJfcGFyYW1ldGVycztwb2ludGVyX2NvbXBvc2l0ZV9hY2Nlc3M7XCIsXCJwY2ZcIjpcImJncmE4dW5vcm1cIn0iXSxbLTY0LCJbMCxcIlwiLFtdXSJdLFstNjgsIi0iXSxbLTksIisiXSxbLTI5LCItIl0sWy01MCwiLSJdLFstNjAsMjA4XSxbLTcwLCItIl0sWy0yMCwiLSJdLFstMzMsIi0iXSxbLTM0LCItIl0sWy0zOSwiW1wiMjAwMzAxMDdcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDUsdHJ1ZSx0cnVlLG51bGwsMCx0cnVlLHRydWVdIl0sWy00NSwiNjIwLDY3NywwLDAsMCw1NjIsMCwwLDY0OCwwLDAsMCwwLDAsMCwwLDAsMCwwLDY4NCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstNzEsImEwMTEwMDEwMTAwMTAwMTAxMDAwMTAxMDAxMTExMTAxMDAwMDEwIl0sWzM3LCJbMzMxNjIyNDA0OSxmdW5jdGlvbihuZXdWYWx1ZSkge1xuICAgICAgICAgICAgICBhZGRDb250ZW50V2luZG93UHJveHkodGhpcylcbiAgICAgICAgICAgICAgLy8gUmVzZXQgcHJvcGVydHksIHRoZSBob29rIGlzIG9ubHkgbmVlZGVkIG9uY2VcbiAgICAgICAgICAgICAgT2JqZWN0LmRlZmluZVByb3BlcnR5KGlmcmFtZSwgJ3NyY2RvYycsIHtcbiAgICAgICAgICAgICAgICBjb25maWd1cmFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHdyaXRhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB2YWx1ZTogX3NyY2RvY1xuICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICBfaWZyYW1lLnNyY2RvYyA9IG5ld1ZhbHVlXG4gICAgICAgICAgICB9XSJdLFstMTMsIi0iXSxbLTE0LCItIl0sWy0yNywiWzIwMCwxMCwwLFwiNGdcIixudWxsXSJdLFstNDgsIjAsMCJdLFstNTUsIjIiXSxbLTgsIi0iXSxbLTE2LCIwIl0sWy0xOCwiWzAsMCwwLDFdIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMzEsImZhbHNlIl0sWy02MiwiODAiXSxbLTY2LCJnZW9sb2NhdGlvbixzdG9yYWdlYWNjZXNzLGdhbWVwYWQsY2hlY3QsbWlkaSxkaXNwbGF5Y2FwdHVyZSx1c2IsbG9jYWxmb250cyxwaWN0dXJlaW5waWN0dXJlLGpvaW5hZGludGVyZXN0Z3JvdXAscHVibGlja2V5Y3JlZGVudGlhbHNnZXQsYnJvd3Npbmd0b3BpY3Msb3RwY3JlZGVudGlhbHMsZW5jcnlwdGVkbWVkaWEsY2hzYXZlZGF0YSxjaHVhZnVsbHZlcnNpb25saXN0LGNodWF3b3c2NCxzaGFyZWRzdG9yYWdlLGNoZG93bmxpbmssY2hwcmVmZXJzY29sb3JzY2hlbWUsc3luY3hocixjaHVhbW9kZWwsY2hwcmVmZXJzcmVkdWNlZHRyYW5zcGFyZW5jeSxzZXJpYWwsY2FtZXJhLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24scHJpdmF0ZXN0YXRldG9rZW5pc3N1YW5jZSxpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LGNodWFmdWxsdmVyc2lvbixmdWxsc2NyZWVuLGNoZHByLHVubG9hZCxrZXlib2FyZG1hcCxjaHVhcGxhdGZvcm0sc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxneXJvc2NvcGUsaW50ZXJlc3Rjb2hvcnQsY2h1YW1vYmlsZSx3aW5kb3dtYW5hZ2VtZW50LGNodWEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUscnVuYWRhdWN0aW9uLG1hZ25ldG9tZXRlcixhY2NlbGVyb21ldGVyLHByaXZhdGVzdGF0ZXRva2VucmVkZW1wdGlvbixjaHVhYXJjaCx4cnNwYXRpYWx0cmFja2luZyxjaHVhZm9ybWZhY3RvcnMsaWRsZWRldGVjdGlvbixjaHVhcGxhdGZvcm12ZXJzaW9uLGNod2lkdGgsY2xpcGJvYXJkcmVhZCxjaHZpZXdwb3J0d2lkdGgsY29tcHV0ZXByZXNzdXJlLHBheW1lbnQsY2h2aWV3cG9ydGhlaWdodCxjaHJ0dCxhdXRvcGxheSxjcm9zc29yaWdpbmlzb2xhdGVkLGhpZCxjaHVhYml0bmVzcyxzY3JlZW53YWtlbG9jayxwcml2YXRlYWdncmVnYXRpb24sY2xpcGJvYXJkd3JpdGUsYXR0cmlidXRpb25yZXBvcnRpbmcsY2hkZXZpY2VtZW1vcnksbWljcm9waG9uZSJdLFstMiwiMTIsZUFIV1gxL2YzcXpDdmJrdXltUXdnbElhRjNwSXNnSUlqU1ErOGlLZ3FJMG9zSUFpcEZFRVFSSWtVZ2RFUVFwVW9KU0F0Q0FxU0g5R3l5N1pXWitlci9kK2U5MmJ3c0NTRC8xZSJdLFstMTksIlsyNDAsMjQwLDI0MCwyNDAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyODUsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCIsMTYwMCwxMjAwXSJdLFstMjUsIi0iXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAxMTEwMTEwMDEwMTEwMTAwMDAwMTAiXSxbLTU0LCJ7XCJoXCI6W1wiXzNcIixcIjI4NzI4OTkzMjBcIixcIl8xXCIsXCI3NjY3NjMxOFwiLFwiMjAwODkwNTI3MFwiLFwiMTE3NDk4OTU1OVwiXSxcImRcIjpbXSxcImJcIjpbXCIxMTc2NzI4Nzg3XCIsXCI2NzIyNjAxOTFcIl0sXCJzXCI6MX0iXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImludGVsIGluYy5cIixcInJcIjpcImludGVsIGlyaXMgb3BlbmdsIGVuZ2luZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjo0OCxcIndnbFwiOjEsXCJncmVuXCI6XCJ3ZWJraXQgd2ViZ2xcIixcInNlZlwiOjE5MzA4MjAyNzksXCJzZWNcIjpcIlwifSJdLFstMSwiLSJdLFstNCwiLSJdLFstNywiLSJdLFstMTUsIi0iXSxbLTUxLCItIl0sWy01OSwiZGVmYXVsdCJdLFstNjcsIjI1MzIzMTI4ODg6NDQiXSxbLTUsIi0iXSxbLTM1LCJbMTcyNTk0NDAyNTQ1Nyw3XSJdLFstNjMsIjAiXSxbLTY5LCJMaW51eCB4ODZfNjR8R29vZ2xlIEluYy58OHwxNnx8MCJdLFstNiwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIixcInR3aXR0ZXI6dGl0bGVcIixcInR3aXR0ZXI6ZGVzY3JpcHRpb25cIl19Il0sWy0xMiwibnVsbCJdLFstMTcsIjE2Il0sWy0yOCwiZW4tVVMsZW4iXSxbLTQ3LCJBbWVyaWNhL1ZhbmNvdXZlcixlbi1HQixsYXRuLGdyZWdvcnkiXSxbLTIxLCItIl0sWy0zNiwiW1wiNC8zXCIsXCI0LzNcIl0iXSxbLTQ2LCIwIl0sWy00OSwiLSJdLFstNTcsIldFMFpWMXhPY1ZoWFhWVmNTeGNGV2xaVVNVeE5YRjBIR1dKWVNobFlTVWxWUUdRWkVWeFBXRlVaV0UwWkJWaFhWbGRBVkZaTVNnY1pFUU1PQXdnTUNRb0pBUkFWR1FWWVYxWlhRRlJXVEVvSEF3Z0JBd29KRUJWWVRSbDRTMHRZUUJkS1hCa1JVVTFOU1VvREZoWldXeGRRU2x4WVNsSlFYRW9YV2xaVUZsQVdDQW9BREZ3TURWc09DVnNKRDFzTkRRMFBEQTlZQzE4TkNWb0lDZ3dLRGcwWFUwb0RDQU1QQVFrSURSQVZXRTBaU3hrUlVVMU5TVW9ERmhaV1d4ZFFTbHhZU2xKUVhFb1hXbFpVRmxBV0NBb0FERndNRFZzT0NWc0pEMXNORFEwUERBOVlDMThOQ1ZvSUNnd0tEZzBYVTBvRENBTU9DdzhPRFJBPSJdLFstNTgsIi0iXSxbImJuY2giLDQxMF0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy0xMCwiLSJdLFstMjMsIisiXSxbLTMyLCItIl0sWy0zNywiLTE0NC02Ni0xODAtIl0sWy0zOCwiaSwtMSwtMSwwLDAsMiwwLDE5LDIyMiw0OTcsLTEsMCwxMDMzLjYsLDE4NDUsMTg0NSJdLFstNTIsIi0iXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNjUsIi0iXSxbImRkYiIsIjAsMTIsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMywwLDAsMCwwLDEsMCwwLDAsMCwwLDEsMSwwLDAsMCwwLDAsMCwwLDAsMSwyLDAsMCwwLDAsMCwxLDQsMjAsMCw0LDAsMSwwLDAsMSwwLDAsMCwwLDEsMSwwLDksMCwwLDAsMCwwLDAsNDQsMCwxLDIsMSJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDAsMCw1LDAsMSw1MywwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCw5LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMSwwLDAsMCw0LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMSwwLDE1LDAsMCwwLDAsMCwwLDAsNSwwLDAiXV0%3D&dep=0&pre=0&sdd=%7B%7D&cri=sLCakKLHrn&pto=1850&ver=62&gac=-&mei=&ap=&fe=1&duid=1.1725944025.L9PQsV33xEkmgkvs&suid=1.1725944025.OQxJH5wzHpMAhxq3&tuid=1.1725944025.wcoPFN9TOYuAhpDk&fbc=-&gtm=W10%3D&it=66%2C647%2C425&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 4b715e6b2ba1b2b10ae2507060717b85530d1a3c37bbcbcaa731f314e2a90887

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:45 GMT
content-encoding: gzip
content-type: text/javascript
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: https://www.zscaler.com
content-length: 1369
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/ 442 KB
107 KB 49ms
47ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d1137d21f3ba78b8a882dbf77f7c88712ad02a3f5efdce5ff996a67c15a6bf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 10 Sep 2024 04:53:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: kUodklFyKXDEOUEPkRF3YA==
age: 25626
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 109667
x-ms-lease-status: unlocked
last-modified: Tue, 16 Jul 2024 21:39:19 GMT
server: cloudflare
etag: 0x8DCA5DFBFFA9F82
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 0edf8d45-001e-008f-6dc9-d7ddd6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c0cd0f0a85aabb8-YYZ

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 323ms
125ms Script
application/x-javascript 23.204.6.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.6.193 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-204-6-193.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Tue, 10 Sep 2024 04:53:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 6934ae2b-4c76-4229-97d0-8f637b004b88.js Show response
j.6sc.co/j/ 4 KB
2 KB 409ms
166ms Script
application/javascript 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-200-88-81.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: uLuCr1hhLpJjZt0sFSB89FSJa4YqIrE7
content-encoding: gzip
date: Tue, 10 Sep 2024 04:53:46 GMT
x-amz-cf-pop: JFK50-P6
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 1178
last-modified: Tue, 02 May 2023 17:36:47 GMT
server: AmazonS3
etag: "afb8c61166e7f50fe6d7ab7b6377733c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=1800
accept-ranges: bytes
x-amz-cf-id: JNCpn1jRpJpq9E1woT885s8PCzcPVZO4fo-pv6gIl1rvj6REFgSP2g==
expires: Tue, 10 Sep 2024 05:23:46 GMT

POST
H2 200 117186981 Show response
api.intellimize.co/prediction/ 68 B
379 B 78ms
77ms Fetch
application/json 44.221.229.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.intellimize.co/prediction/117186981

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.221.229.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-221-229-42.compute-1.amazonaws.com

Software

Resource Hash

79f087e0232e7c09889e20d3eb04bf50125261fbd3e6816168e150340953479f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

GET
H2 200 getForm Show response
info.zscaler.com/index.php/form/ 6 KB
2 KB 149ms
148ms Script
application/javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=7971&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar&callback=jQuery37102388971631802581_1725944025563&_=1725944025564
Requested by: Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 617ff2f32676aefde200fb9bd183fa21616b59359b999d0b9b236b1680ce163d

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 8c0cd0f1eef036a9-YYZ
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 getForm Show response
info.zscaler.com/index.php/form/ 6 KB
2 KB 171ms
170ms Script
application/javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=1944&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar&callback=jQuery37102388971631802581_1725944025565&_=1725944025566
Requested by: Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 372bc9b299ee62b479fa9e1d9dc936e54e1de7179045eaba241b7b1b7119191e

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 8c0cd0f1eef136a9-YYZ
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/a0ff87cb-6171-4ad3-b4dc-f2ccbf362815/ 126 KB
28 KB 62ms
61ms Fetch
application/x-javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/a0ff87cb-6171-4ad3-b4dc-f2ccbf362815/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aced6f454a1b5a260caf5d0bfbf87c01d01df485096331aabc3d031ce6fc3870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 10 Sep 2024 04:53:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 28463
content-md5: ANtyofKYl/OlIqbXqrdIKQ==
content-length: 28551
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 09:57:45 GMT
server: cloudflare
etag: 0x8DC95C66DE59F5B
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 05a13790-101e-00f6-0daf-c7b49c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c0cd0f21a55ac7c-YYZ
expires: Wed, 11 Sep 2024 04:53:45 GMT

POST
H2 200 logger
log.intellimize.co/ 3 B
315 B 190ms
186ms Ping
application/json 52.13.225.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://log.intellimize.co/logger

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.13.225.49 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-13-225-49.us-west-2.compute.amazonaws.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

POST
H2 200 logger
log.intellimize.co/ 3 B
324 B 150ms
148ms Ping
application/json 52.13.225.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://log.intellimize.co/logger

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.13.225.49 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-13-225-49.us-west-2.compute.amazonaws.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

GET 748037d5-5b8f-4612-a8ba-110bf8546483
https://www.zscaler.com/ Frame 0
0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 340 KB
111 KB 94ms
92ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9

Requested by

Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8c9f317132f3b682f6d9e0e2db20d573b646996967b8d2741a01988817e1ae09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 113186
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 10 Sep 2024 04:53:46 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 337 KB
110 KB 99ms
98ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a38f1df178b068d2f2d4108b464579d7ff65317eba7e0599ae93127beeee46c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 112041
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 10 Sep 2024 04:53:46 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 406ms
78ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 10 Sep 2024 04:53:46 GMT
document-policy: force-load-at-top
x-fb-server-load: 29
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58953
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=53, rtx=0, c=23, mss=1232, tbw=5667, tp=12, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: e8pwns7ypZY9BUo5/26ddBTdg68T960TAR8lXUYRVY/3WK+OAsijqaVv1hs3BWDFvEM/IAbakjMieyhE5WmG9g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 432ms
80ms Script
application/javascript 2620:1ec:33:2::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 10 Sep 2024 04:53:46 GMT
last-modified: Fri, 06 Sep 2024 21:17:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5B1132C963524708AA6D4FE78BC105EF Ref B: BL2AA2010203025 Ref C: 2024-09-10T04:53:46Z
etag: "016326a20db1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14305

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 286 KB
95 KB 133ms
133ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6bb6649089f351454743ab3ccafedbe949c7e0aee24f687b71ddc0db7ec28861

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97445
x-xss-protection: 0
last-modified: Tue, 10 Sep 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 10 Sep 2024 04:53:46 GMT

GET
H2 200 tc_imp.gif
obs.iseaskies.com/tracker/ 43 B
102 B 61ms
60ms Image
image/gif 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.iseaskies.com/tracker/tc_imp.gif?e=37dfbd8ee84e001268ebce31ee4788989225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5811896d2e17071a10acf9f29f6748d3d6880f2d691cf9717e05d13d8c63c257610725c656045b330c5b92eb384f77be26bb25cb43e2913bf05365a80428721bdb57ee46f497d6da3fbb2807ff7ecaa8556d8e0e3143714493d60365f260b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf7268ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e82dbb06c94300bd9acc079181ea5353bfa984666bfdca97c8e50a942b0d51d934bd9d36d9a6d279c9b22da6198cefab6cdb3f11338ae6bf2fbb9234e2bfb94248efe01e0141a54954309da8dcec8cff18021853bd79fa29873f867342483692c978490446ad0e678a707e090489870e06b415b51cb20ae42ddcaa072b78733c410a884d0ca709e5a486cfa1105547f5f73d7e363ba48c2cd8d3fb68966ec933c87c6fcf97db2a4ec5873219ef949439bf9495c05b4b4b17ab678cfbb1fb0be3cb87fa33889418706ddba4fb6083bf6fc806c3e2372467b195616b6f3ce398457f5071b013bf2a65dc38a4b54ecb2cde9e43983e9a4bcd5eab3e3151e7aa210d7f20031dd516f09897141633ba708f32f4c9cafb837986ac53899b73e9bea7ec5225a7f647b280196d2f9c9206917c60a4ffed0dab2acc9510382b1bd7d96cf6f7ad8d2123f75f891d95626ab26855f9f12ff3e9b12d8c90ff9ba32e19994d3984767effc26608a75ba90b3ac1f807135150788754450b5bf4288ed10d6849dc855a09b95674b6e13ac37b904b454b5836c9f364721433f6303e83aefc25556ba27b5fca86282890e9e6861ec5425788de2c30b44ef76f78b19de0331024fa2444dcad5af6d8c1d46daf862f9979cfc925ec819107b41e07d375382910b5ebf35e3fac12f8acdab5d021cd414296c7ba65221bed99a43038c703393c1954ba2b9a6dd1b66e322b1077644981f672ea98f5710cf8fbc8880e744b865f87cdf24dd9d5691afea2134ec8f5cd0dee3e3d6f9d7d12602d1b36747913c9103814ca1b969bac5cdc963edc586a9e94c7a88f3b9bd1094169a5815611b74d8cf7a659e77e05dc9986ffb423ae86c42dc61f09c7571a2606c031cdf8d985fd9840d7920197bc2d58bebce6bc358&cri=sLCakKLHrn&ts=496&cb=1725944025987
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET 70b8ec67-0de7-4333-be24-1dd7d45c7253
https://www.zscaler.com/ Frame 0
0

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 13 KB
3 KB 72ms
72ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: gWbZdVb/GsEUTnv/p/InTg==
age: 28463
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3041
x-ms-lease-status: unlocked
last-modified: Tue, 16 Jul 2024 21:39:12 GMT
server: cloudflare
etag: 0x8DCA5DFBBC2C661
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0d4a3e98-301e-004b-155f-d8a210000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c0cd0f2fb3fac7c-YYZ

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 5 KB
2 KB 87ms
87ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: yb3U5LP1G8IlMRT4O3b4PA==
age: 28463
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1738
x-ms-lease-status: unlocked
last-modified: Tue, 16 Jul 2024 21:39:14 GMT
server: cloudflare
etag: 0x8DCA5DFBCCCC97D
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f080c35b-d01e-0041-1557-d8bb99000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c0cd0f2fb41ac7c-YYZ

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 24 KB
4 KB 73ms
73ms Fetch
text/css 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 10 Sep 2024 04:53:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: 4ErYmXXFNbMLrnc9DrDTsg==
age: 46017
x-ms-lease-status: unlocked
last-modified: Tue, 16 Jul 2024 21:39:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 631ed088-e01e-00a7-747e-d8aa69000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8c0cd0f2fb42ac7c-YYZ

GET
H2 200 forms2.css
info.zscaler.com/js/forms2/css/ 13 KB
3 KB 73ms
70ms Stylesheet
text/css 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/css/forms2.css

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 19 Jul 2024 20:11:11 GMT
server: cloudflare
etag: "2640366-3437-61d9f4beb95c0"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8c0cd0f31f9736a9-YYZ
content-length: 2623
expires: Tue, 10 Sep 2024 08:53:46 GMT

GET
H2 200 forms2-theme-round.css
info.zscaler.com/js/forms2/css/ 4 KB
1 KB 95ms
93ms Stylesheet
text/css 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/css/forms2-theme-round.css

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 19 Jul 2024 20:11:11 GMT
server: cloudflare
etag: "382724-e46-61d9f4beb95c0"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8c0cd0f31f9936a9-YYZ
content-length: 968
expires: Tue, 10 Sep 2024 08:53:46 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 199 KB
72 KB 88ms
87ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-6177009-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b80ce0143917f6b692e69c7743b20e8dac6a7af70ca8a1b38d6d2209d9fa6442

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73584
x-xss-protection: 0
last-modified: Tue, 10 Sep 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 10 Sep 2024 04:53:46 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 307ms
78ms Fetch
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4940v883639532za200zb71607006&_p=1725944025031&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1720633494.1725944026&ecid=589195442&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1725944026&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&dt=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&en=CQ&_fv=1&_nsi=1&_ss=1&_ee=1&up.cq_category=bots&tfd=2571
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 339ms
99ms Ping
text/plain 2607:f8b0:4004:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=1720633494.1725944026&gtm=45je4940v883639532za200zb71607006&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET rul
td.doubleclick.net/td/ga/ Frame 5A45 0
0

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 355ms
138ms Image
image/gif 2607:f8b0:4006:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-10SPJ4YJL9&cid=1720633494.1725944026&gtm=45je4940v883639532za200zb71607006&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=1154174722

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zscaler-variation-icon-white.png
cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a46-9e1b-7379-a98b-a518c6b49467/c2e8f6f2-f75e-4a29-b7b6-804090d49a81/ 1 KB
2 KB 60ms
59ms Image
image/png 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a46-9e1b-7379-a98b-a518c6b49467/c2e8f6f2-f75e-4a29-b7b6-804090d49a81/zscaler-variation-icon-white.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 10 Sep 2024 04:53:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: AjwaatmEihRgIitZTQhd5w==
age: 85876
content-length: 1448
x-ms-lease-status: unlocked
last-modified: Thu, 21 Mar 2024 07:21:48 GMT
server: cloudflare
etag: 0x8DC4977927EED9C
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: a4b18139-d01e-004e-7760-7b170b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8c0cd0f51a50abb8-YYZ

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 6 KB
2 KB 366ms
94ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1725944026428&cv=11&fst=1725944026428&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8be06f5686c25ee09d3401b9ab3535164847eecc5770c078e84391cc6949e96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2405
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET 812494211
td.doubleclick.net/td/rul/ Frame 8B44 0
0

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/812494211/ 5 KB
3 KB 278ms
80ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/812494211/?random=1725944026497&cv=11&fst=1725944026497&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

ac15d2a09bbf807ec3bf14951e70e13050a0e937406aca860597e7381bce7157

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2602
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET 812494211
td.doubleclick.net/td/rul/ Frame 4DA4 0
0

GET
H2 200 XDFrame Show response
info.zscaler.com/index.php/form/ Frame 85E7 2 KB
864 B 65ms
63ms Document
text/html 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/index.php/form/XDFrame

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 8c0cd0f6398936a9-YYZ
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 10 Sep 2024 04:53:46 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 56ms
55ms Script
application/javascript 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

aea136527ca962a15eea8eb338c7667b5a44d98bff65dc09a36f5493ddbacb99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Sep 2024 16:37:55 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "66d9de63-10fec"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, proxy-revalidate, max-age=10800
accept-ranges: bytes
content-length: 18709
expires: Tue, 10 Sep 2024 07:53:46 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 308ms
73ms Script
text/javascript 2607:f8b0:4006:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-6177009-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 10 Sep 2024 04:06:04 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2862
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 10 Sep 2024 06:06:04 GMT

GET
H2 200 295018432.js Show response
bat.bing.com/p/action/ 371 B
419 B 68ms
66ms Script
application/javascript 2620:1ec:33:2::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/295018432.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

6d5f403ec572602106ac0dba0dab6dfd38b4fbfddabb1ac41ff54f4d7c3e8d02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Tue, 10 Sep 2024 04:53:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 639684F3DA644FF4983E2F50AD52A509 Ref B: BL2AA2010203025 Ref C: 2024-09-10T04:53:46Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H3 200 1778897272132032 Show response
connect.facebook.net/signals/config/ 76 KB
15 KB 145ms
144ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1778897272132032?v=2.9.167&r=stable&domain=www.zscaler.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

81573a2a6a7df317e8208a685938c34b38ca0c38c2a2d7858e57672bdda8162c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 10 Sep 2024 04:53:46 GMT
document-policy: force-load-at-top
x-fb-server-load: 22
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=68, rtx=0, c=67, mss=1232, tbw=68307, tp=65, tpl=0, uplat=80, ullat=0
pragma: public
x-fb-debug: 2KdtjHbUOi6+p/nM9C78FoFTBm75lUn4jnxxpdeJhA79GhBdgdaT1xBg23fYcRMQIbnj/nOQbJ3w1knOCX6daw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 forms2.min.js Show response
info.zscaler.com/js/forms2/js/ Frame 85E7 199 KB
0 0ms
0ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/js/forms2.min.js

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://info.zscaler.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 19 Jul 2024 20:11:11 GMT
server: cloudflare
etag: "264036e-31b30-61d9f4beb95c0"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 8c0cd0edecba36a9-YYZ
expires: Tue, 10 Sep 2024 08:53:45 GMT

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
702 B 359ms
166ms XHR
application/json 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
an-x-request-uuid: 7f64027a-549c-4fcf-bebb-4830c74b3559
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zscaler.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 157.254.49.117; 157.254.49.117; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 65ms
54ms XHR
text/html 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-200-88-81.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:46 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 23 B
316 B 459ms
129ms XHR
text/html 2600:141b:1c00:2e::17d1:48d1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2e::17d1:48d1 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 2c506660527e3614d14c614e255435f5435fb5d84b21e5c8e1c958ed55a85212

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:47 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.zscaler.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:4958:1420:152::117
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1725944026910_399550033_2582421122_11_526_24_132_219";dur=1
content-length: 23
expires: Tue, 10 Sep 2024 04:53:47 GMT

GET
H3

200

/
www.google.ca/pagead/1p-conversion/812494211/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=576682375&cv=11&fst=1725944026497&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1...
https://www.google.com/pagead/1p-conversion/812494211/?random=576682375&cv=11&fst=1725944026497&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403...
https://www.google.ca/pagead/1p-conversion/812494211/?random=576682375&cv=11&fst=1725944026497&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=1014032...

42 B
64 B

101ms
100ms

Image
image/gif

2607:f8b0:4006:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-conversion/812494211/?random=576682375&cv=11&fst=1725944026497&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgijxbECCJzHsQIIm8exAkoVdHJpZ2dlciwgZXZlbnQtc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMIodv2xMq3iAMVEwpoCB2D6QW7MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwDpaXnfeZ02eSXEBQA1sqWlh5cr_XYrcrRNSQ&random=3242574418&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Server

2607:f8b0:4006:81c::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:47 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:47 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.ca/pagead/1p-conversion/812494211/?random=576682375&cv=11&fst=1725944026497&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgijxbECCJzHsQIIm8exAkoVdHJpZ2dlciwgZXZlbnQtc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMIodv2xMq3iAMVEwpoCB2D6QW7MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwDpaXnfeZ02eSXEBQA1sqWlh5cr_XYrcrRNSQ&random=3242574418&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 355ms
126ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1778897272132032&ev=CHEQ&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&rl=&if=false&ts=1725944026839&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1725944026837.721030382572038614&ler=empty&cdl=API_unavailable&it=1725944026671&coo=false&exp=f0&rqm=GET

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=10, mss=1392, tbw=2793, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 10 Sep 2024 04:53:47 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 409ms
181ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1778897272132032&ev=CHEQ&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&rl=&if=false&ts=1725944026839&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1725944026837.721030382572038614&ler=empty&cdl=API_unavailable&it=1725944026671&coo=false&exp=f0&rqm=FGET

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Tue, 10 Sep 2024 04:53:47 GMT
document-policy: force-load-at-top
x-fb-server-load: 17
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7412873152437123989", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=10, mss=1392, tbw=3111, tp=-1, tpl=-1, uplat=110, ullat=0
pragma: no-cache
x-fb-debug: BBa2HxRU8iiBku+prsF53W0hzwCRk1HVHNlsWVFhWbwqFrgGnPLjYVPX0pdf3auzHJ5qFfQWfJbJasKtGNgpSA==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7412873152437123989"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
64 B 354ms
74ms Image
image/gif 2607:f8b0:4006:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1725944026428&cv=11&fst=1725940800000&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfdg_7gioJsWBb7EbtqSowwGS628K0OA&random=1675831263&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:47 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/812494211/ 42 B
64 B 98ms
96ms Image
image/gif 2607:f8b0:4006:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/812494211/?random=1725944026428&cv=11&fst=1725940800000&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfdg_7gioJsWBb7EbtqSowwGS628K0OA&random=1675831263&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 298ms
88ms Preflight 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.zscaler.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Tue, 10 Sep 2024 04:53:47 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: us-east-1a
x-trace-id: 8567109765763218255

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 660 B
648 B 296ms
124ms XHR
application/json 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 42b4e36adf95d926db476cb6712b1e0fd67a93d277236aab75b2dc4bfd713f4f

Request headers

Referer: https://www.zscaler.com/
Authorization: Token 1dc729230d6b8d19bab5e6236d81f60c4dca0823
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
X-6s-CustomID: WebTag 6934ae2b-4c76-4229-97d0-8f637b004b88

Response headers

x-trace-id: 6546961227708056880
date: Tue, 10 Sep 2024 04:53:47 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: us-east-1a
access-control-allow-origin: https://www.zscaler.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 330

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 115ms
97ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=4328206c-4ec2-4d0e-8a59-716a817b8335&session=8b1279e0-baf4-4ecc-84a1-bf67e578c4d4&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A46%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22BlindEagle%20is%20targeting%20the%20Colombian%20insurance%20sector%20with%20BlotchyQuasar%20variant.%20Capabilities%20include%20keylogging%2C%20monitoring%20bank%20services%2C%20%26%20stealing%20information.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&pageViewId=179376c6-b6a0-49b2-8b52-164320daf600&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.24

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 04:53:46 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 83ms
66ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=4328206c-4ec2-4d0e-8a59-716a817b8335&session=8b1279e0-baf4-4ecc-84a1-bf67e578c4d4&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22ab9750bca4342498694e239e304dd3a9%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2004%3A53%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%221dc729230d6b8d19bab5e6236d81f60c4dca0823%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2004%3A53%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2004%3A53%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2004%3A53%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%226934ae2b-4c76-4229-97d0-8f637b004b88%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2004%3A53%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2004%3A53%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2004%3A53%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22BlindEagle%20is%20targeting%20the%20Colombian%20insurance%20sector%20with%20BlotchyQuasar%20variant.%20Capabilities%20include%20keylogging%2C%20monitoring%20bank%20services%2C%20%26%20stealing%20information.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&pageViewId=179376c6-b6a0-49b2-8b52-164320daf600&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.24

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:46 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 04:53:46 GMT

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
147 B 113ms
111ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 10 Sep 2024 04:53:47 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
206 B 73ms
72ms XHR
text/plain 2607:f8b0:4006:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=420893982&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&ul=en-ca&de=UTF-8&dt=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=512744289&gjid=978170235&cid=1720633494.1725944026&tid=UA-6177009-1&_gid=1036475623.1725944027&_r=1&gtm=457e4940z8883639532za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&jsscut=1&z=1454517611

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
16 B 132ms
130ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 10 Sep 2024 04:53:47 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 64ms
63ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=4328206c-4ec2-4d0e-8a59-716a817b8335&session=8b1279e0-baf4-4ecc-84a1-bf67e578c4d4&event=ipv6&q=%7B%22address%22%3A%222001%3A4958%3A1420%3A152%3A%3A117%22%7D&isIframe=false&m=%7B%22description%22%3A%22BlindEagle%20is%20targeting%20the%20Colombian%20insurance%20sector%20with%20BlotchyQuasar%20variant.%20Capabilities%20include%20keylogging%2C%20monitoring%20bank%20services%2C%20%26%20stealing%20information.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&pageViewId=179376c6-b6a0-49b2-8b52-164320daf600&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2001%3A4958%3A1420%3A152%3A%3A117&v=1.1.24

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:47 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 04:53:47 GMT

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 383ms
57ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:47 GMT
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 de0a592002999100a0085e087a370864.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
age: 82674
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
server: cloudflare
etag: W/"b2877da906a3216c4f3fc4030b205e54"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 8c0cd0fcee69ab22-YYZ
x-amz-cf-id: 5r0vgVBKEOA9sFu8Mf1iyRh8NnXzYJ3zItaa0z2fXtMh-sbgqr9J0A==

GET
H2 200 favicon-32x32.ico
www.zscaler.com/favicons/ 4 KB
1 KB 2017ms
2016ms Other
image/vnd.microsoft.icon 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/favicons/favicon-32x32.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J7D4FP7H4A2JM3W5YD7HW0R9
date: Tue, 10 Sep 2024 04:53:49 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 2
cache-status: "Netlify Edge"; fwd=miss
etag: W/"5d00c0de27c65c78efe08fbcbcd851cd-ssl"
content-type: image/vnd.microsoft.icon
cache-control: public,max-age=0,must-revalidate
cf-ray: 8c0cd0fb0c64aab4-YYZ

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 69ms
69ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=4328206c-4ec2-4d0e-8a59-716a817b8335&session=8b1279e0-baf4-4ecc-84a1-bf67e578c4d4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A46%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22BlindEagle%20is%20targeting%20the%20Colombian%20insurance%20sector%20with%20BlotchyQuasar%20variant.%20Capabilities%20include%20keylogging%2C%20monitoring%20bank%20services%2C%20%26%20stealing%20information.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&pageViewId=179376c6-b6a0-49b2-8b52-164320daf600&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2001%3A4958%3A1420%3A152%3A%3A117&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:47 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 04:53:47 GMT

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
580 B 119ms
119ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 03b4d7f05c92df52ffcc6c101f47d7f16ce96c8e7f42c4522d4e6ebec07b30ea

Request headers

Content-Type: application/json
Referer: https://www.zscaler.com/
Authorization: Bearer e6609b6e9a1669129391
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
visited_url: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

Response headers

date: Tue, 10 Sep 2024 04:53:48 GMT
via: 1.1 47373525d370c4b58e8b2be88c66f646.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: YUL62-C2
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: d32SbiShPHcESfA=
server: cloudflare
etag: W/"cb-L8aIUZpEPDtPP/m2TY7pwvCfv6I"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zscaler.com
cf-ray: 8c0cd0ff0ad8ab06-YYZ
x-amz-cf-id: 0ccKSq3wX-IweIlV-BgJUpmloDQMUmXrphkuf3_nyxUHEvg9BjqT3A==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 283ms
127ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://www.zscaler.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: d32SaitjPHcESYA=
cf-cache-status: DYNAMIC
cf-ray: 8c0cd0fe3a4fab06-YYZ
date: Tue, 10 Sep 2024 04:53:47 GMT
server: cloudflare
vary: Origin
via: 1.1 43334f58904cd7106ee523ee0361b402.cloudfront.net (CloudFront)
x-amz-cf-id: xMItZvH3QkVlEBgSiq4HMB-nt1F1YbDLXfhW2XGZgDt2gSlbwpHoqg==
x-amz-cf-pop: YUL62-C2
x-cache: Miss from cloudfront
x-powered-by: Express

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
16 B 99ms
98ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 10 Sep 2024 04:53:47 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 90 KB
27 KB 416ms
75ms Script
application/javascript 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:48 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 2360
x-guploader-uploadid: AD-8ljuM-ue_f3yGlI4Fa2IXFZXd7wJAdUDUbIJjAxikDU7_GWENLTHQ9ESfd_-zD29nNkqohgA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 8c0cd101fbb4ab64-YYZ
expires: Tue, 10 Sep 2024 05:14:28 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ 3 KB
2 KB 364ms
179ms Fetch
text/javascript 2606:4700::6810:752b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

b1a9ac7f674bfe58cd7d6959a60f59e765e270d1bec43dc4d5b7a0d307075743

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
Referer: https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true
_vtok: MTU3LjI1NC40OS4xMTc=
_zitok: 239dff7aa9fad20beadf1725944028
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

date: Tue, 10 Sep 2024 04:53:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 8c0cd103bfdaac26-YYZ

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ Frame 0
0 442ms
99ms Preflight
text/html 2606:4700::6810:752b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.zscaler.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8c0cd101ff2eac5e-YYZ
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 10 Sep 2024 04:53:48 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 321 B
654 B 149ms
101ms Fetch
application/json 2606:4700::6810:752b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
Authorization: bearer 370c892e688e1744cd312ed1426b3a
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 10 Sep 2024 04:53:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"141-mLq6O+j3ZcyvZxAx4AvrvpOh24w"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 8c0cd103bfdbac26-YYZ

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 64ms
62ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=4328206c-4ec2-4d0e-8a59-716a817b8335&session=8b1279e0-baf4-4ecc-84a1-bf67e578c4d4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A47%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22BlindEagle%20is%20targeting%20the%20Colombian%20insurance%20sector%20with%20BlotchyQuasar%20variant.%20Capabilities%20include%20keylogging%2C%20monitoring%20bank%20services%2C%20%26%20stealing%20information.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&pageViewId=179376c6-b6a0-49b2-8b52-164320daf600&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2001%3A4958%3A1420%3A152%3A%3A117&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:48 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 04:53:48 GMT

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 110ms
109ms Preflight
text/html 2606:4700::6810:752b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.zscaler.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8c0cd102dfd1ac5e-YYZ
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 10 Sep 2024 04:53:48 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET b0312032-9066-4bc3-ba2e-d2e1fd95e2ce
https://www.zscaler.com/ 0
0

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 89ms
87ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 10 Sep 2024 04:53:49 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 138ms
138ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=4328206c-4ec2-4d0e-8a59-716a817b8335&session=8b1279e0-baf4-4ecc-84a1-bf67e578c4d4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A48%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22BlindEagle%20is%20targeting%20the%20Colombian%20insurance%20sector%20with%20BlotchyQuasar%20variant.%20Capabilities%20include%20keylogging%2C%20monitoring%20bank%20services%2C%20%26%20stealing%20information.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&pageViewId=179376c6-b6a0-49b2-8b52-164320daf600&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2001%3A4958%3A1420%3A152%3A%3A117&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:49 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 04:53:49 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 63ms
62ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=4328206c-4ec2-4d0e-8a59-716a817b8335&session=8b1279e0-baf4-4ecc-84a1-bf67e578c4d4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A49%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22BlindEagle%20is%20targeting%20the%20Colombian%20insurance%20sector%20with%20BlotchyQuasar%20variant.%20Capabilities%20include%20keylogging%2C%20monitoring%20bank%20services%2C%20%26%20stealing%20information.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&pageViewId=179376c6-b6a0-49b2-8b52-164320daf600&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2001%3A4958%3A1420%3A152%3A%3A117&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:50 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 04:53:50 GMT

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 91ms
89ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 10 Sep 2024 04:53:51 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 64ms
63ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=4328206c-4ec2-4d0e-8a59-716a817b8335&session=8b1279e0-baf4-4ecc-84a1-bf67e578c4d4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A50%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22BlindEagle%20is%20targeting%20the%20Colombian%20insurance%20sector%20with%20BlotchyQuasar%20variant.%20Capabilities%20include%20keylogging%2C%20monitoring%20bank%20services%2C%20%26%20stealing%20information.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&pageViewId=179376c6-b6a0-49b2-8b52-164320daf600&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2001%3A4958%3A1420%3A152%3A%3A117&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:51 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 04:53:51 GMT

GET app.js
acsbapp.com/apps/app/dist/js/ 0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 62ms
62ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=4328206c-4ec2-4d0e-8a59-716a817b8335&session=8b1279e0-baf4-4ecc-84a1-bf67e578c4d4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2004%3A53%3A51%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226006%22%7D&isIframe=false&m=%7B%22description%22%3A%22BlindEagle%20is%20targeting%20the%20Colombian%20insurance%20sector%20with%20BlotchyQuasar%20variant.%20Capabilities%20include%20keylogging%2C%20monitoring%20bank%20services%2C%20%26%20stealing%20information.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&pageViewId=179376c6-b6a0-49b2-8b52-164320daf600&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2001%3A4958%3A1420%3A152%3A%3A117&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 04:53:52 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 04:53:52 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.zscaler.com
URL: blob:https://www.zscaler.com/748037d5-5b8f-4612-a8ba-110bf8546483

Domain: www.zscaler.com
URL: blob:https://www.zscaler.com/70b8ec67-0de7-4333-be24-1dd7d45c7253

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/ga/rul?tid=G-10SPJ4YJL9&gacid=1720633494.1725944026&gtm=45je4940v883639532za200zb71607006&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=721953433

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/rul/812494211?random=1725944026428&cv=11&fst=1725944026428&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/rul/812494211?random=1725944026497&cv=11&fst=1725944026497&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4940v882815967za200zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101403290&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=BlindEagle%20Leveraging%20BlotchyQuasar%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=46242516.1725944026&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&ct_cookie_present=0

Domain: www.zscaler.com
URL: blob:https://www.zscaler.com/b0312032-9066-4bc3-ba2e-d2e1fd95e2ce

Domain: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js

Verdicts & Comments Add Verdict or Comment

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.info.zscaler.com/	1970-01-20 23:25:45	Name: __cf_bm Value: 0JL21SF94A1DQyX8JOX3VyTkqtXm7u4_STMhSRfPKRc-1725944025-1.0.1.1-CwElVcPDULcgNSo_GXFQvm3GNgA4Oe1Zm0gmdV25iSrT0A5J5Kf_MUNAO8dGN1.8ZiIk57_S2xIrk3s_uPq8Vw
.zscaler.com/	1970-01-21 01:37:08	Name: _cq_duid Value: 1.1725944025.L9PQsV33xEkmgkvs
.zscaler.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1725944025.OQxJH5wzHpMAhxq3
obs.iseaskies.com/	1970-01-21 07:29:34	Name: cg_uuid Value: 1ae181f77991f6c15ca26e444684dec0
.zscaler.com/	1970-01-21 09:01:44	Name: _ga_10SPJ4YJL9 Value: GS1.1.1725944026.1.0.1725944026.60.0.589195442
.www.zscaler.com/	1970-01-21 08:11:20	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Sep+09+2024+21%3A53%3A46+GMT-0700+(Pacific+Daylight+Time)&version=202403.1.0&browserGpcFlag=0&isIABGlobal=false&consentId=3ef8744a-e85c-4731-aea4-794c281eacbf&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fblindeagle-targets-colombian-insurance-sector-blotchyquasar%3F%26web_view%3Dtrue&groups=C0004%3A0%2CC0001%3A1%2CC0005%3A0%2CC0002%3A0%2CC0003%3A0&hosts=H118%3A0%2CH36%3A1%2CH101%3A0%2CH150%3A0%2CH151%3A0%2CH129%3A0%2CH152%3A0%2CH52%3A0%2CH154%3A0%2CH133%3A0%2CH155%3A0%2CH156%3A0%2CH8%3A0%2CH157%3A0%2CH158%3A0%2CH159%3A0%2CH104%3A0%2CH160%3A0%2CH161%3A0%2CH162%3A0%2CH163%3A0%2CH164%3A0%2CH105%3A0%2CH14%3A0%2CH149%3A0%2CH146%3A0%2CH166%3A0%2CH40%3A0%2CH15%3A0%2CH168%3A0%2CH17%3A0%2CH170%3A0%2CH171%3A0%2CH172%3A0%2CH173%3A0%2CH63%3A0%2CH124%3A0%2CH174%3A0%2CH175%3A0%2CH176%3A0%2CH177%3A0%2CH178%3A0%2CH134%3A0%2CH135%3A0%2CH179%3A0%2CH147%3A0%2CH180%3A0%2CH136%3A0%2CH189%3A0%2CH181%3A0%2CH182%3A0%2CH108%3A0%2CH83%3A0%2CH183%3A0%2CH131%3A0%2CH184%3A0%2CH113%3A0%2CH186%3A0%2CH115%3A0%2CH33%3A0%2CH34%3A0%2CH187%3A0%2CH188%3A0%2CH120%3A1%2CH59%3A1%2CH88%3A1%2CH98%3A1%2CH141%3A1%2CH109%3A1%2CH45%3A1%2CH46%3A1%2CH100%3A1%2CH79%3A1%2CH132%3A1%2CH119%3A0%2CH12%3A0%2CH123%3A0%2CH4%3A0%2CH102%3A0%2CH76%3A0%2CH103%3A0%2CH82%3A0%2CH60%3A0%2CH96%3A0%2CH167%3A0%2CH20%3A0%2CH22%3A0%2CH97%3A0%2CH139%3A0%2CH121%3A0%2CH65%3A0%2CH110%3A0%2CH111%3A0%2CH112%3A0%2CH185%3A0%2CH114%3A0%2CH153%3A0%2CH144%3A0%2CH106%3A0%2CH140%3A0%2CH165%3A0%2CH169%3A0%2CH145%3A0%2CH130%3A0%2CH31%3A0%2CH116%3A0&genVendors=
.zscaler.com/	1970-01-21 01:35:20	Name: _gcl_au Value: 1.1.46242516.1725944026
info.zscaler.com/	1969-12-31 23:59:59	Name: BIGipServerabmweb-nginx-app_https Value: !V8PypaaxNI7lrtWwZJ6CmE6tjLF6/yB/cAuJDrs3azxazE4EXuqiXa+wHArJa9H7BYqmNn4dMwWm7g==
.zscaler.com/	1970-01-20 23:27:10	Name: _uetsid Value: a9b22d806f3011efae8ab39b6869ff53
.zscaler.com/	1970-01-21 08:47:20	Name: _uetvid Value: a9b235806f3011efb2eb9b907e11f086
.doubleclick.net/	1970-01-20 23:25:44	Name: test_cookie Value: CheckForPermission
.zscaler.com/	1970-01-21 01:35:20	Name: _fbp Value: fb.1.1725944026837.721030382572038614
www.zscaler.com/	1970-01-21 09:01:44	Name: _gd_visitor Value: 4328206c-4ec2-4d0e-8a59-716a817b8335
www.zscaler.com/	1970-01-20 23:25:58	Name: _gd_session Value: 8b1279e0-baf4-4ecc-84a1-bf67e578c4d4
.zscaler.com/	1970-01-21 09:01:44	Name: _ga Value: GA1.2.1720633494.1725944026
.zscaler.com/	1970-01-20 23:27:10	Name: _gid Value: GA1.2.1036475623.1725944027
.zscaler.com/	1970-01-20 23:25:44	Name: _gat_gtag_UA_6177009_1 Value: 1
.adnxs.com/	1970-01-21 09:01:44	Name: receive-cookie-deprecation Value: 1
www.zscaler.com/	1970-01-20 23:35:48	Name: _an_uid Value: 0
.www.zscaler.com/	1970-01-21 08:11:20	Name: _zitok Value: 239dff7aa9fad20beadf1725944028
.zoominfo.com/	1970-01-20 23:25:45	Name: __cf_bm Value: ruIbGxtwupKqUcYXydfi9cQLw2iGi.cLeF24wryLRAI-1725944028-1.0.1.1-v3pHoDEfisc8uGsg.FOjnOieXMEUMUU6Megy8WDq2krquQjGP.UPEsVezM2_z7mO6qNI_X50JnzXudx1AK.mPQ
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: qU0yDW0eJCQ4zimugzKbces1d2bjZzbwHDkKVjFy7eY-1725944028500-0.0.1.1-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
worker	verbose	URL: blob:https://www.zscaler.com/748037d5-5b8f-4612-a8ba-110bf8546483(Line 1) Message: Error
security	error	URL: https://js.zi-scripts.com/zi-tag.js Message: Refused to load the script 'blob:https://www.zscaler.com/b0312032-9066-4bc3-ba2e-d2e1fd95e2ce' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com .mountain.com https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://.pathfactory.com https://explore.zscaler.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: https://.pathfactory.com https://explore.zscaler.com; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com .mountain.com https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://.pathfactory.com https://explore.zscaler.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://.pathfactory.com https://explore.zscaler.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://.pathfactory.com https://explore.zscaler.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://.adroll.com/ https://explore.zscaler.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

117186981.intellimizeio.com
acsbapp.com
analytics.google.com
api.intellimize.co
b.6sc.co
bat.bing.com
c.6sc.co
cdn.cookielaw.org
cdn.intellimize.co
connect.facebook.net
epsilon.6sense.com
geolocation.onetrust.com
googleads.g.doubleclick.net
info.zscaler.com
ipv6.6sc.co
j.6sc.co
js.zi-scripts.com
log.intellimize.co
munchkin.marketo.net
ob.iseaskies.com
obs.iseaskies.com
secure.adnxs.com
stats.g.doubleclick.net
td.doubleclick.net
ws-assets.zoominfo.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.zscaler.com
acsbapp.com
td.doubleclick.net
www.zscaler.com
104.17.72.206
13.248.142.121
142.251.40.98
151.101.66.132
172.64.150.44
2001:4860:4802:36::181
23.200.88.81
23.204.6.193
2600:141b:1c00:2e::17d1:48d1
2600:1f18:e8a:cd04:9b88:a313:d24d:af44
2600:9000:23cb:400:c:d449:2a40:93a1
2606:4700:4400::ac40:9b77
2606:4700::6810:752b
2606:4700::6810:762b
2606:4700::6812:1c4a
2606:4700::6812:562a
2607:f8b0:4004:c06::9b
2607:f8b0:4006:80b::2002
2607:f8b0:4006:817::2004
2607:f8b0:4006:81c::2003
2607:f8b0:4006:821::2008
2607:f8b0:4006:821::200e
2620:1ec:33:2::10
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
35.168.235.217
44.221.229.42
52.13.225.49
68.67.179.153
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
03b4d7f05c92df52ffcc6c101f47d7f16ce96c8e7f42c4522d4e6ebec07b30ea
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
09ffe1ebce8835c9b4d8232b59214200e95e6c2d2a3d67aba4d3f578051cd3a8
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
0c57780c294c4ac3bb4790f10f11ab4afe4e323819d2ae1278de9cc6b390fc7a
13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5
1e7e36f3f88692d69244aa905916aabc0e00bcc987bbc4cef85324e8c3733266
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2b0cd39d290a1403b6303c049dceebac871d07a5f776b53f4e425ec2235d16a8
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2c506660527e3614d14c614e255435f5435fb5d84b21e5c8e1c958ed55a85212
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
372bc9b299ee62b479fa9e1d9dc936e54e1de7179045eaba241b7b1b7119191e
3ba73726ee2fed9f8e07b9114a4c73a044ccbcf3acbc6981fa7bf5f74eb13ff3
3f6045896175e46df89c979d4fbea8e342c5ea68d31aca26b6d975c907a9100c
3ff1babc9b98b9a6646d0ce248a7be2b355c8335c400f9b05e6cc28850d0b5b6
42717a207578018b81bd5bfb13fd41672e8081f2fa517e078b437c080885bb3c
42b4e36adf95d926db476cb6712b1e0fd67a93d277236aab75b2dc4bfd713f4f
42c3dfb68ff11fe295d20cdd98826c65161cf5d480d25f72b10d9a182f9e2a1d
454e2772877a83b2ec25b070ad073482a487b3b1af428961354b683e2f134bb6
49423a0bf3f95433270da8616d8b5fd1c33c1a87312f0dd419fa68745f77d73f
4b715e6b2ba1b2b10ae2507060717b85530d1a3c37bbcbcaa731f314e2a90887
4d61c3c53175f69ee55bdf88e5391aff180547f47cf8bd42fe9c2a63ec87ff25
4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
52d3c4e38e360ac686b3af87234f883555d98708610d7a2c5ee8bfe3883a4e98
54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3
5ace4b260d8cc098255c19ab9873277521e5084cba91c9a00bc89337d5a8f924
5f4b375dd7597a331d5e31dd20830360cca4c80e4420bbafa89ac520b940a56b
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
617ff2f32676aefde200fb9bd183fa21616b59359b999d0b9b236b1680ce163d
6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c
67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3
685103d7ca1581c612943dd5ce76d0e74212716dbc6f75d1d01ac70c1eade3cb
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bb6649089f351454743ab3ccafedbe949c7e0aee24f687b71ddc0db7ec28861
6d1137d21f3ba78b8a882dbf77f7c88712ad02a3f5efdce5ff996a67c15a6bf6
6d5f403ec572602106ac0dba0dab6dfd38b4fbfddabb1ac41ff54f4d7c3e8d02
6fbeee7b066c53e5cb023ba504ccb291d1db541e0965ec796fb049f28d8b4eb6
7716a1c9673bfdb902bb0eeddbb15a4a4b8d100cca7b03de4363ce2ae91e19fd
79f087e0232e7c09889e20d3eb04bf50125261fbd3e6816168e150340953479f
7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c
7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7
7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff
7df1146c5c321131210e8251e38568f46755aa3b4118ebf5194ffe6c83282fc8
7f33bdae41b92fde14421ec90ec53d25e6a4efc28bbbd699149218ceb1918108
81573a2a6a7df317e8208a685938c34b38ca0c38c2a2d7858e57672bdda8162c
87565af07d1cabde211838c4025996136c7bb2db2507c920c0e36eb92924611a
89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140
89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723
8c9f317132f3b682f6d9e0e2db20d573b646996967b8d2741a01988817e1ae09
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
9217038d7100e4a5c7525b9c9e86e54ce57f05c8e04db649685d1526df8e8e3b
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a38f1df178b068d2f2d4108b464579d7ff65317eba7e0599ae93127beeee46c
9ba4e920abca0a6261cf4309f8f15e10a18c7730e16d0723de0edce3d4416a24
9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd
9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc
a24b183e48e7ae75614d4ff931e62ab4e0e829a5e2788dd075548792350e170b
a7229d8668646d604d4f54850b206c06d1528f99e65660aa121fdac9ce75b1d7
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abb6af9a530087178eacff4876bb882d6e55e6be8e9d1255636a0faffc165a7f
ac15d2a09bbf807ec3bf14951e70e13050a0e937406aca860597e7381bce7157
ac8c71f464bc80f20aa285359b0f9cf4f26ecdc5eb46b9c000f9b395af6cd966
aced6f454a1b5a260caf5d0bfbf87c01d01df485096331aabc3d031ce6fc3870
ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10
aea136527ca962a15eea8eb338c7667b5a44d98bff65dc09a36f5493ddbacb99
b1a9ac7f674bfe58cd7d6959a60f59e765e270d1bec43dc4d5b7a0d307075743
b1c06f4cfe28072e6ab4035f44de1913ca49583c1d2de8bc14c5ebbcaf306dab
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
b677e677ced8c4a836aed76512f225e795edc1b19123c4cf94a765f8fe89d192
b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc
b80ce0143917f6b692e69c7743b20e8dac6a7af70ca8a1b38d6d2209d9fa6442
b89552a143cbaa413fd21099e186eb0aa1b232e55d6763fe0252c7b93fe5f36c
b89f86c8c22196539fac8466a5b9cc5ab40c6bc945747d6cd42fa3ff04671fed
b96b3dd25cf7cedbdac7a744149d2a1004b2d37b370d30380faf0f7b5fc987a4
beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac
c52c74d5f72fba35bbb92461ac20ea6d80b9e826d28369d5fa6010d9838508ee
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce4b9900352ba9e0a9209fb7bb9091885d4885c7949fc2bd90c79febb49a5a07
ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336
d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
e86ca50439ba8b66761fd08fbf883fdfdf4429569a6bc02b1e8eb29c02c58e9c
e8be06f5686c25ee09d3401b9ab3535164847eecc5770c078e84391cc6949e96
e98ebd4041010e01df2e124d17e054116bd1f2e41def6e190fb18602b264db98
e9d919ef6729ce98242f654623573a610e20bbfb9ea469803683b521d082b2ed
eafa393faa22070d8ea92da74bfd3e08dfda9e4da8d48181f07107821c4079e8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c
fd06da99f01b4d5e3fc4c54e4e3cf4ae18803c08bc113e4cb923638d6e683278
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.zscaler.com Open in urlscan Pro 2606:4700::6812:1c4a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

139 Requests

94 %HTTPS

62 %IPv6

22 Domains

33 Subdomains

30 IPs

2 Countries

2470 kBTransfer

7217 kBSize

22 Cookies

45 Outgoing links

Redirected requests

139 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.zscaler.com Open in urlscan Pro
2606:4700::6812:1c4a Public Scan

Screenshot
Live screenshot

Full Image

139
Requests

94 %
HTTPS

62 %
IPv6

22
Domains

33
Subdomains

30
IPs

2
Countries

2470 kB
Transfer

7217 kB
Size

22
Cookies

139 HTTP transactions
0 data transactions