www.zscaler.com Open in urlscan Pro
2606:4700::6812:1c4a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Submission: On July 26 via api (July 26th 2023, 2:07:48 pm UTC) from TR — Scanned from DE

Summary HTTP 132 Redirects Links 51 Behaviour Indicators

Summary

This website contacted 42 IPs in 5 countries across 31 domains to perform 132 HTTP transactions. The main IP is 2606:4700::6812:1c4a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com. The Cisco Umbrella rank of the primary domain is 54538.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 7th 2023. Valid for: a year.

This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	2606:4700::68... 2606:4700::6812:1c4a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700::68... 2606:4700::6812:aa72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	104.17.73.206 104.17.73.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1d26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
8	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
11	23.36.162.89 23.36.162.89	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 6	2600:9000:225... 2600:9000:225e:1200:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:310... 2a02:26f0:3100::1735:28a9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	44.209.137.118 44.209.137.118	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:223... 2600:9000:223f:ce00:9:14eb:6280:93a1	16509 (AMAZON-02) (AMAZON-02)
1	35.244.142.80 35.244.142.80	15169 (GOOGLE) (GOOGLE)
1	13.225.33.74 13.225.33.74	16509 (AMAZON-02) (AMAZON-02)
1	35.170.39.103 35.170.39.103	14618 (AMAZON-AES) (AMAZON-AES)
2	23.210.118.178 23.210.118.178	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2600:9000:20e... 2600:9000:20eb:ae00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a05:d018:cc3... 2a05:d018:cc3:fe04:218c:a1f:2d3:6c89	16509 (AMAZON-02) (AMAZON-02)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:710... 2a02:26f0:7100::210:172	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2001:4860:480... 2001:4860:4802:36::36	15169 (GOOGLE) (GOOGLE)
12	143.204.215.41 143.204.215.41	16509 (AMAZON-02) (AMAZON-02)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	3.127.67.224 3.127.67.224	16509 (AMAZON-02) (AMAZON-02)
1	54.187.49.68 54.187.49.68	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	52.42.124.195 52.42.124.195	16509 (AMAZON-02) (AMAZON-02)
1	34.212.4.35 34.212.4.35	16509 (AMAZON-02) (AMAZON-02)
132	42

23 2606:4700::6812:1c4a (United States)

ASN13335 (CLOUDFLARENET, US)

www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 2606:4700::6812:aa72 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

7 104.17.73.206 (None, )

ASN13335 (CLOUDFLARENET, US)

info.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700::6812:1d26 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

11 23.36.162.89 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-89.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

6 2600:9000:225e:1200:6:9280:1080:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a02:26f0:3100::1735:28a9 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 44.209.137.118 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-209-137-118.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:9000:223f:ce00:9:14eb:6280:93a1 (United States)

ASN16509 (AMAZON-02, US)

d2i34c80a0ftze.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 13.225.33.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-33-74.cdg3.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 35.170.39.103 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-170-39-103.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 23.210.118.178 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-118-178.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2600:9000:20eb:ae00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a05:d018:cc3:fe04:218c:a1f:2d3:6c89 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 162.247.241.14 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 37.252.173.215 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a02:26f0:7100::210:172 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)

us-central1-adaptive-growth.cloudfunctions.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

12 143.204.215.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-41.fra53.r.cloudfront.net

st.fullcircleinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

306-zej-256.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 3.127.67.224 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-67-224.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 54.187.49.68 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-187-49-68.us-west-2.compute.amazonaws.com

gw.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 52.42.124.195 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-124-195.us-west-2.compute.amazonaws.com

px.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.212.4.35 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-212-4-35.us-west-2.compute.amazonaws.com

gs.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
30	zscaler.com www.zscaler.com — Cisco Umbrella Rank: 54538 info.zscaler.com — Cisco Umbrella Rank: 737890	1 MB
12	fullcircleinsights.com st.fullcircleinsights.com — Cisco Umbrella Rank: 95499	13 KB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 5521 c.6sc.co — Cisco Umbrella Rank: 8719 ipv6.6sc.co — Cisco Umbrella Rank: 5704 b.6sc.co — Cisco Umbrella Rank: 3702	22 KB
8	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 488	42 KB
8	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 364	129 KB
7	adroll.com 2 redirects s.adroll.com — Cisco Umbrella Rank: 2720 d.adroll.com — Cisco Umbrella Rank: 1472	28 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 369 www.linkedin.com — Cisco Umbrella Rank: 565 px4.ads.linkedin.com — Cisco Umbrella Rank: 5888	5 KB
6	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2664 www.google.com — Cisco Umbrella Rank: 3	1 KB
5	google.de www.google.de — Cisco Umbrella Rank: 5650	885 B
5	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 stats.g.doubleclick.net — Cisco Umbrella Rank: 114	5 KB
4	mountain.com dx.mountain.com — Cisco Umbrella Rank: 6209 px.mountain.com — Cisco Umbrella Rank: 6288 gs.mountain.com — Cisco Umbrella Rank: 12574	10 KB
3	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 896 gw.linkedin.oribi.io — Cisco Umbrella Rank: 12958	24 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14111 ibc-flow.techtarget.com — Cisco Umbrella Rank: 15937	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 72	288 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	257 B
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9670	575 B
2	cloudfunctions.net us-central1-adaptive-growth.cloudfunctions.net — Cisco Umbrella Rank: 2752
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3636	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 161	156 KB
2	bing.com bat.bing.com — Cisco Umbrella Rank: 367	13 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 59	21 KB
1	mktoresp.com 306-zej-256.mktoresp.com	318 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 441	572 B
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 294	464 B
1	sf14g.com t.sf14g.com — Cisco Umbrella Rank: 58569
1	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1448 insight.adsrvr.org Failed	2 KB
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 2741	6 KB
1	cloudfront.net d2i34c80a0ftze.cloudfront.net	11 KB
1	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 6412	25 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 814	5 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 673	310 B
132	31

	Domain	Requested by
23	www.zscaler.com	www.zscaler.com
12	st.fullcircleinsights.com	cdn.bizible.com
8	b.6sc.co
8	js-agent.newrelic.com	www.zscaler.com
8	cdn.cookielaw.org	www.zscaler.com cdn.cookielaw.org
7	info.zscaler.com	www.zscaler.com info.zscaler.com
6	s.adroll.com	2 redirects www.googletagmanager.com s.adroll.com
5	www.google.de	www.zscaler.com
4	px.ads.linkedin.com	3 redirects
4	www.google.com	www.zscaler.com
3	googleads.g.doubleclick.net	www.googletagmanager.com
3	www.googletagmanager.com	www.zscaler.com www.googletagmanager.com
2	px.mountain.com	dx.mountain.com www.zscaler.com
2	www.facebook.com
2	epsilon.6sense.com	cdn.bizible.com
2	us-central1-adaptive-growth.cloudfunctions.net	cdn.pdst.fm
2	cdn.linkedin.oribi.io	snap.licdn.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	munchkin.marketo.net	www.zscaler.com munchkin.marketo.net
2	connect.facebook.net	www.zscaler.com connect.facebook.net
2	bat.bing.com	www.googletagmanager.com bat.bing.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	gs.mountain.com	www.zscaler.com
1	gw.linkedin.oribi.io	cdn.bizible.com
1	306-zej-256.mktoresp.com	munchkin.marketo.net
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	secure.adnxs.com	cdn.bizible.com
1	bam.nr-data.net	cdn.bizible.com
1	d.adroll.com	s.adroll.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	t.sf14g.com	www.zscaler.com
1	js.adsrvr.org	www.googletagmanager.com
1	cdn.pdst.fm	www.zscaler.com
1	d2i34c80a0ftze.cloudfront.net	www.googletagmanager.com
1	dx.mountain.com	www.zscaler.com
1	trk.techtarget.com	www.zscaler.com
1	cdn.bizible.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
0	insight.adsrvr.org Failed	js.adsrvr.org
132	45

This site contains links to these domains. Also see Links.

Domain
revolutionaries.zscaler.com
help.zscaler.com
admin.zscaler.net
admin.zscalerone.net
admin.zscalertwo.net
admin.zscalerthree.net
admin.zscalerbeta.net
admin.zscloud.net
admin.private.zscaler.com
reg.zenithlive.com
customer.zscaler.com
community.zscaler.com
ir.zscaler.com
threatlibrary.zscaler.com
attack.mitre.org
www.facebook.com
www.linkedin.com
twitter.com
www.zscaler.fr
www.zscaler.de
www.zscaler.it
www.zscaler.jp
www.zscaler.com.mx
www.zscaler.es
www.twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
www.zscaler.com DigiCert SHA2 Extended Validation Server CA	`2023-02-07` - `2024-03-09`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
info.zscaler.com Cloudflare Inc ECC CA-3	`2022-11-08` - `2023-11-07`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-01` - `2024-07-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-04` - `2023-08-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-06-25` - `2024-06-24`	a year	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2023-06-12` - `2024-06-23`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
cdn.pdst.fm GTS CA 1D4	`2023-07-25` - `2023-10-23`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
t.sf14g.com Amazon RSA 2048 M01	`2023-07-10` - `2024-08-07`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-05-30` - `2023-08-28`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2022-11-08` - `2023-12-07`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
misc.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
aws-st.fullcircleinsights.com Amazon RSA 2048 M01	`2023-05-30` - `2024-06-26`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-06-02` - `2023-12-02`	6 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Frame ID: 722FC65AC9A42EC209A975DD40568B2D
Requests: 120 HTTP requests in this frame

Frame: https://info.zscaler.com/index.php/form/XDFrame
Frame ID: C77388042E349EFA3688CCFEBE2BE144
Requests: 2 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&upid=27hmsyx&upv=1.1.0
Frame ID: F4E8A043F3B00335E69C95D42210B5C3
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D5F1638812139D715210A502A7D401CB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hibernating Qakbot: A Comprehensive Study and In-depth Campa

Detected technologies

AdRoll (Advertising) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

132
Requests

96 %
HTTPS

54 %
IPv6

31
Domains

45
Subdomains

42
IPs

5
Countries

1968 kB
Transfer

5725 kB
Size

37
Cookies

51 Outgoing links

These are links going to different origins than the main page.

URL: https://revolutionaries.zscaler.com/
Title: CXO REvolutionaries

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/phone-support
Title: Support

Search URL Search Domain Scan URL

URL: https://admin.zscaler.net/
Title: admin.zscaler.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerone.net/
Title: admin.zscalerone.net

Search URL Search Domain Scan URL

URL: https://admin.zscalertwo.net/
Title: admin.zscalertwo.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerthree.net/
Title: admin.zscalerthree.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerbeta.net/
Title: admin.zscalertbeta.net

Search URL Search Domain Scan URL

URL: https://admin.zscloud.net/
Title: admin.zscloud.net

Search URL Search Domain Scan URL

URL: https://admin.private.zscaler.com/
Title: Zscaler Private Access

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/client-connector/downloading-zscaler-client-connector
Title: Download Zscaler Client Connector

Search URL Search Domain Scan URL

URL: https://reg.zenithlive.com/flow/zscaler/zenithlive23/home/page/event
Title: Zenith Live

Search URL Search Domain Scan URL

URL: https://customer.zscaler.com/
Title: Customer Success Center

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/
Title: Zenith Community

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/
Title: Zscaler Help Portal

Search URL Search Domain Scan URL

URL: https://ir.zscaler.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/threats/40daeb53-8cce-4180-b6a1-f0b38c437fa0
Title: Win32.Banker.Qakbot

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1566/
Title: T1566

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1204/
Title: T1204

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/
Title: T1059

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1047
Title: T1047

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1053/005/
Title: T1053.005

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1547/001/
Title: T1547.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027
Title: T1027

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1070/004/
Title: T1070.004

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1112
Title: T1112

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1202
Title: T1202

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1574/002
Title: T1574.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1574/001
Title: T1574.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1564/001
Title: T1564.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1055
Title: T1055

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1218
Title: T1218

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1003/
Title: T1003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1555/003/
Title: T1555.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1016/
Title: T1016

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1071
Title: T1071

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1095
Title: T1095

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://tinyurl.com/2a79hsu5

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?title=Hibernating%20Qakbot:%20A%20Comprehensive%20Study%20and%20In-depth%20Campaign%20Analysis&url=https://tinyurl.com/2a79hsu5

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://tinyurl.com/2a79hsu5%20%E2%80%94%20Hibernating%20Qakbot:%20A%20Comprehensive%20Study%20and%20In-depth%20Campaign%20Analysis

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/megharaj-nandanwar/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/satyam-s-b77b87134

Search URL Search Domain Scan URL

URL: https://www.zscaler.fr/
Title: Français

Search URL Search Domain Scan URL

URL: https://www.zscaler.de/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.zscaler.it/
Title: Italiano

Search URL Search Domain Scan URL

URL: https://www.zscaler.jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://www.zscaler.com.mx/
Title: Castellano - Mexico

Search URL Search Domain Scan URL

URL: https://www.zscaler.es/
Title: Castellano - España

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Zscaler

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zscaler

Search URL Search Domain Scan URL

URL: https://www.twitter.com/zscaler

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ZscalerMarketing

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 73

https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 74

https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 80

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1690380470330%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cookiesTest=true&liSync=true&e_ipv6=AQLkyfuUDpmaRwAAAYmShwrMtuXiJLDHV0iqKCGVrEWDo8tC4b4quD1ndCYgDWTL-53GZPI

132 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis Show response
www.zscaler.com/blogs/security-research/ 597 KB
74 KB 387ms
283ms Document
text/html 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59102980b95f2774d16533aea05d5faac37bd1ad99289d8b716eae01bb8179a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zscaler.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .zscaler.com .google.com .google-analytics.com analytics.google.com .analytics.google.com www.googletagmanager.com cdn.cookielaw.org .cloudfront.net .newrelic.com fast.wistia.com fast.wistia.net www.youtube.com bugcrowd.com .bugcrowdusercontent.com bam.nr-data.net cdn.bizible.com .mountain.com trk.techtarget.com connect.facebook.net js.driftt.com visitor.reactful.com j.6sc.co snap.licdn.com .crazyegg.com .adroll.com bat.bing.com .doubleclick.net .clarity.ms .cloudflare.com .googleadservices.com .marketo.net www.gartner.com .ads-twitter.com .google.co.in d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net cdn.pdst.fm t.sf14g.com cdn.jsdelivr.net unpkg.com assets.adobedtm.com acsbapp.com .linkedin.oribi.io js.adsrvr.org https://.zscaler.com https://.zscaler.fr https://.zscaler.de https://.zscaler.jp https://.zscaler.es https://.zscaler.it https://.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; object-src 'self' .zscaler.com; style-src 'self' 'unsafe-inline' .zscaler.com www.gartner.com .googleapis.com .fontawesome.com .googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com app-abm.marketo.com; img-src 'self' https: data: blob: d2iiunr5ws5ch1.cloudfront.net fast.wistia.net; media-src 'self' blob: .zscaler.com js.driftt.com fast.wistia.com embedwistia-a.akamaihd.net embed-cloudfront.wistia.com .wistia.com; frame-src 'self' www.youtube.com bugcrowd.com www.visualize-roi.com .zscaler.com js.driftt.com www.facebook.com .doubleclick.net .cloudfront.net www.gartner.com zscaler-support.force.com accounts.skilljar.com zscalerext.okta.com insight.adsrvr.org match.adsrvr.org https://.zscaler.com https://.zscaler.fr https://.zscaler.de https://.zscaler.jp https://.zscaler.es https://.zscaler.it https://.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com; child-src 'self' blob: .zscaler.com .doubleclick.net; font-src 'self' data: www.gartner.com .gstatic.com .fontawesome.com fast.wistia.com fast.wistia.net; connect-src 'self' blob: .zscaler.com www.googletagmanager.com .google-analytics.com cdn.cookielaw.org analytics.google.com .analytics.google.com stats.g.doubleclick.net optanon.blob.core.windows.net geolocation.onetrust.com .wistia.com st.fullcircleinsights.com bam.nr-data.net .litix.io embedwistia-a.akamaihd.net .reactful.com www.facebook.com secure.adnxs.com .6sc.co .6sense.com .crazyegg.com .clarity.ms .mktoresp.com .cloudfunctions.net www.facebook.com cookies-data.onetrust.io api.zippopotam.us bat.bing.com cdn.linkedin.oribi.io cdn.acsbapp.com ibc-flow.techtarget.com google.com adservice.google.com .linkedin.oribi.io .hushly.com https://.zscaler.com https://.zscaler.fr https://.zscaler.de https://.zscaler.jp https://.zscaler.es https://.zscaler.it https://.zscaler.com.mx 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 fast.wistia.net
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM testmydefenses.com
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
cache-control: public, max-age=300
cf-cache-status: DYNAMIC
cf-ray: 7ecd3609594f2c2d-FRA
content-encoding: br
content-language: en
content-security-policy: default-src 'self' *.zscaler.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.zscaler.com *.google.com *.google-analytics.com analytics.google.com *.analytics.google.com www.googletagmanager.com cdn.cookielaw.org *.cloudfront.net *.newrelic.com fast.wistia.com fast.wistia.net www.youtube.com bugcrowd.com *.bugcrowdusercontent.com bam.nr-data.net cdn.bizible.com *.mountain.com trk.techtarget.com connect.facebook.net js.driftt.com visitor.reactful.com j.6sc.co snap.licdn.com *.crazyegg.com *.adroll.com bat.bing.com *.doubleclick.net *.clarity.ms *.cloudflare.com *.googleadservices.com *.marketo.net www.gartner.com *.ads-twitter.com *.google.co.in d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net cdn.pdst.fm t.sf14g.com cdn.jsdelivr.net unpkg.com assets.adobedtm.com acsbapp.com *.linkedin.oribi.io js.adsrvr.org https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; object-src 'self' *.zscaler.com; style-src 'self' 'unsafe-inline' *.zscaler.com www.gartner.com *.googleapis.com *.fontawesome.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com app-abm.marketo.com; img-src 'self' https: data: blob: d2iiunr5ws5ch1.cloudfront.net fast.wistia.net; media-src 'self' blob: *.zscaler.com js.driftt.com fast.wistia.com embedwistia-a.akamaihd.net embed-cloudfront.wistia.com *.wistia.com; frame-src 'self' www.youtube.com bugcrowd.com www.visualize-roi.com *.zscaler.com js.driftt.com www.facebook.com *.doubleclick.net *.cloudfront.net www.gartner.com zscaler-support.force.com accounts.skilljar.com zscalerext.okta.com insight.adsrvr.org match.adsrvr.org https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com; child-src 'self' blob: *.zscaler.com *.doubleclick.net; font-src 'self' data: www.gartner.com *.gstatic.com *.fontawesome.com fast.wistia.com fast.wistia.net; connect-src 'self' blob: *.zscaler.com www.googletagmanager.com *.google-analytics.com cdn.cookielaw.org analytics.google.com *.analytics.google.com stats.g.doubleclick.net optanon.blob.core.windows.net geolocation.onetrust.com *.wistia.com st.fullcircleinsights.com bam.nr-data.net *.litix.io embedwistia-a.akamaihd.net *.reactful.com www.facebook.com secure.adnxs.com *.6sc.co *.6sense.com *.crazyegg.com *.clarity.ms *.mktoresp.com *.cloudfunctions.net www.facebook.com cookies-data.onetrust.io api.zippopotam.us bat.bing.com cdn.linkedin.oribi.io cdn.acsbapp.com ibc-flow.techtarget.com google.com adservice.google.com *.linkedin.oribi.io *.hushly.com https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 fast.wistia.net
content-type: text/html; charset=UTF-8
date: Wed, 26 Jul 2023 14:07:48 GMT
expires: Wed, 26 Jul 2023 14:12:48 GMT
last-modified: Wed, 26 Jul 2023 14:02:12 GMT
server: cloudflare
strict-transport-security: max-age=31536000; preload
via: varnish
x-ah-environment: prod
x-cache: MISS
x-content-type-options: nosniff
x-frame-options: ALLOW-FROM testmydefenses.com
x-geo-country
x-nf-request-id: 01H698E0F8RZ9JF3N7CF055MF2
x-request-id: v-050286d0-2bbd-11ee-8cec-8fa9442a85a4
x-ua-compatible: IE=edge
x-xss-protection: 1

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 45 KB
7 KB 150ms
66ms Script
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/OtAutoBlock.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef401955627aaaedffd337dc3a7c4f9ad56f5dcd31f13833772760cda1aaa437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 70725
content-md5: 1BoBNuQl7UMMaO7E490CGQ==
content-length: 6406
x-ms-lease-status: unlocked
last-modified: Tue, 27 Dec 2022 13:11:15 GMT
server: cloudflare
etag: 0x8DAE80BD5AAEF51
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 78b21313-c01e-00c3-79e1-5a51a5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ecd360ba835915f-FRA
expires: Thu, 27 Jul 2023 14:07:49 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 136ms
52ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: DflSFdkyRucOaDW0H1U81w==
age: 79607
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6821
x-ms-lease-status: unlocked
last-modified: Thu, 20 Jul 2023 19:31:36 GMT
server: cloudflare
etag: 0x8DB8957EED518A9
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 7269ee70-201e-0068-4a43-bb86b7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ecd360ba837915f-FRA

GET
H2 200 google_tag.script.js Show response
www.zscaler.com/sites/default/files/google_tag/zscaler_marketing/ 347 B
362 B 68ms
68ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing/google_tag.script.js?ryaobr

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 1
x-nf-request-id: 01H698E0XRWYD9MR6JE3BK5G6B
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
age: 117
x-cache: HIT
x-ah-environment: prod
x-request-id: v-e02184d6-2b55-11ee-8e25-ef3ff900a206
last-modified: Mon, 24 Jul 2023 09:43:13 GMT
server: cloudflare
content-type: application/javascript
cache-control: public, max-age=300
cf-ray: 7ecd360c4d572c2d-FRA
expires: Wed, 26 Jul 2023 14:10:52 GMT

GET
H2 200 css_bgXcuoCuBgmTPgyTwNfOBgg92gN4Xeqm5AoQmhNKzbI.css
www.zscaler.com/sites/default/files/css/ 373 KB
32 KB 99ms
98ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/sites/default/files/css/css_bgXcuoCuBgmTPgyTwNfOBgg92gN4Xeqm5AoQmhNKzbI.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e05dcba80ae0609933e0c93c0d7ce06083dda03785deaa6e40a109a134acdb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 2
x-nf-request-id: 01H698E0RCB9X6JCE7BP2P4Z0V
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
age: 117
x-cache: HIT
x-ah-environment: prod
x-request-id: v-bc8f5da0-2b59-11ee-8f0d-7375f1a67c65
last-modified: Wed, 12 Jul 2023 06:29:42 GMT
server: cloudflare
content-type: text/css
cache-control: public, max-age=300
cf-ray: 7ecd360b2bd62c2d-FRA
expires: Wed, 26 Jul 2023 14:10:52 GMT

GET
H2 200 css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
www.zscaler.com/sites/default/files/css/ 503 KB
78 KB 55ms
55ms Stylesheet
text/css 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ba9704577e4ea3ea80f98e4984a6417420ddd2e410e970d004c53d27f4b5b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 1
x-nf-request-id: 01H698E0R5BA5GHFJT1V74BW6E
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
age: 116
x-cache: HIT
x-ah-environment: prod
x-request-id: v-05d1bc20-2bbd-11ee-9f33-cfc64ee469a3
last-modified: Wed, 12 Jul 2023 06:04:52 GMT
server: cloudflare
content-type: text/css
cache-control: public, max-age=300
cf-ray: 7ecd360b2bd92c2d-FRA
expires: Wed, 26 Jul 2023 14:10:52 GMT

GET
H2 200 email-decode.min.js Show response
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
830 B 66ms
65ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 16:11:45 GMT
server: cloudflare
content-encoding: gzip
etag: W/"64bea2c1-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7ecd360b6c212c2d-FRA
expires: Fri, 28 Jul 2023 14:07:49 GMT

GET
H2 200 js_gNZTZIkSbsSU4xGxTQt_hjD-nyOnfiY1yPAmRJLLw8c.js Show response
www.zscaler.com/sites/default/files/js/ 512 KB
159 KB 66ms
66ms Script
text/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/sites/default/files/js/js_gNZTZIkSbsSU4xGxTQt_hjD-nyOnfiY1yPAmRJLLw8c.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80d6536489126ec494e311b14d0b7f8630fe9f23a77e2635c8f0264492cbc3c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 1
x-nf-request-id: 01H698E0SCA6BXW3GW0RV21SCN
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
age: 237
x-cache: MISS
x-ah-environment: prod
x-request-id: v-3ca8278e-26a9-11ee-8d01-93d31146af7a
last-modified: Wed, 12 Jul 2023 06:04:52 GMT
server: cloudflare
content-type: text/javascript
cache-control: public, max-age=300
cf-ray: 7ecd360b6c222c2d-FRA
expires: Wed, 26 Jul 2023 14:08:52 GMT

GET
H2 200 forms2.min.js Show response
info.zscaler.com/js/forms2/js/ 208 KB
70 KB 279ms
62ms Script
application/x-javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://info.zscaler.com/js/forms2/js/forms2.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 7169
etag: "4a0d68-34099-60062cdee3780"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 7ecd360ccdec9be6-FRA
expires: Wed, 26 Jul 2023 18:07:49 GMT

GET
H2 200 js_RSyG1wH8d5iarwmvfWZ4hbyq6qiUPONW63fYPWOvzuY.js Show response
www.zscaler.com/sites/default/files/js/ 813 B
626 B 78ms
77ms Script
text/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/sites/default/files/js/js_RSyG1wH8d5iarwmvfWZ4hbyq6qiUPONW63fYPWOvzuY.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

452c86d701fc77989aaf09af7d667885bcaaeaa8943ce356eb77d83d63afcee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 1
x-nf-request-id: 01H698E0SM17JHWFKJ863ST3SB
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
age: 117
x-cache: HIT
x-ah-environment: prod
x-request-id: v-676acbb8-2a08-11ee-8408-a7e5f35ac20b
last-modified: Wed, 12 Jul 2023 06:02:28 GMT
server: cloudflare
content-type: text/javascript
cache-control: public, max-age=300
cf-ray: 7ecd360b6c242c2d-FRA
expires: Wed, 26 Jul 2023 14:10:52 GMT

GET
H2 200 3e894970-e3e9-4783-85e9-7c38eedbfbbf.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 5 KB
2 KB 140ms
59ms XHR
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/3e894970-e3e9-4783-85e9-7c38eedbfbbf.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7cfd5dc386d092ab9afb5af683856ed88121e55e6bf1024333c3151ccc46e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 70062
content-md5: StpE19/mctRp4PJx19Cb7Q==
content-length: 1739
x-ms-lease-status: unlocked
last-modified: Tue, 27 Dec 2022 13:11:16 GMT
server: cloudflare
etag: 0x8DAE80BD639ADC0
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b2a92248-f01e-00cb-47e1-5a4ad6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ecd360caf2c1e5a-FRA
expires: Thu, 27 Jul 2023 14:07:49 GMT

GET
H2 200 search.svg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/ 796 B
562 B 69ms
69ms Image
image/svg+xml 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/search.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd888ef4dda066839f9cb6d29aaf789463cccb55f245fd45d10983a618c77f72

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cf-resized: internal=ok/d q=0 n=213+0 c=0+0 v=2023.7.2 l=796
last-modified: Wed, 10 May 2023 05:33:09 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: W/"cfy7moBMyALipuzaOAMY2HLyJJ1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive"
content-type: image/svg+xml
cache-control: public, max-age=300
cf-ray: 7ecd360c7d9d2c2d-FRA

GET
H2 200 support.svg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/ 409 B
452 B 67ms
67ms Image
image/svg+xml 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/support.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3cafb353ffa959edb33bbc7b79625416ef1e7393f7784c6debef4c2f35a65e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cf-resized: internal=ok/d q=0 n=28+0 c=0+0 v=2023.7.3 l=409
last-modified: Wed, 19 Jul 2023 08:22:20 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: W/"cfP-dZjJk4NDGZQDqR0iQMhCUa1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive"
content-type: image/svg+xml
cache-control: public, max-age=300
cf-ray: 7ecd360c7d9e2c2d-FRA

GET
H2 200 chevron-down.svg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/ 258 B
519 B 65ms
65ms Image
image/svg+xml 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/chevron-down.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52272481e0caa74b259f2d54324a5b00e547cc8d35fea3174cc3702f9cc8d516

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cf-resized: internal=ok/d q=0 n=42+0 c=0+0 v=2023.7.3 l=258
last-modified: Wed, 19 Jul 2023 08:22:20 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: W/"cffNue2_WleoWt3sgAiUKLsXFi1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive"
content-type: image/svg+xml
cache-control: public, max-age=300
cf-ray: 7ecd360c7da02c2d-FRA

GET
H2 200 blog-subscription-form-background%401x.jpeg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/page/blog/ 14 KB
14 KB 82ms
82ms Image
image/webp 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/page/blog/blog-subscription-form-background%401x.jpeg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c311211146b7d1e26f7807e2131bd1c0787e54cc6dd90b9dd111fd2b4a1c7d77

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
content-length: 14066
cf-resized: internal=ok/d q=0 n=216+84 c=0+0 v=2023.7.3 l=14066
last-modified: Fri, 09 Dec 2022 14:12:58 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cftz37uaFigiYaqZiowwIKFZQi1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
content-type: image/webp
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 7ecd360cadcb2c2d-FRA

GET
H2 200 gt-haptik-zs-regular-webfont.woff2
www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/ 18 KB
19 KB 52ms
52ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/gt-haptik-zs-regular-webfont.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

736666a53a4a4805e200de224be9255704ff848fd84d60333b087d50d02490ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
Origin: https://www.zscaler.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 1
x-nf-request-id: 01H698E0ZFQRQQYMHT1934WWER
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
age: 117
x-cache: HIT
x-ah-environment: prod
content-length: 18848
x-request-id: v-1819ea62-2b57-11ee-b12a-e30b6d248da8
last-modified: Wed, 19 Jul 2023 08:22:20 GMT
server: cloudflare
content-type: font/woff2
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 7ecd360cadce2c2d-FRA
expires: Wed, 26 Jul 2023 14:10:53 GMT

GET
H2 200 gt-haptik-zs-medium-webfont.woff2
www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/ 19 KB
19 KB 54ms
54ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/gt-haptik-zs-medium-webfont.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd9535c4b369928aa5fe4ddebbe42a9f96bb590ba9a70176297599192b9cbab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
Origin: https://www.zscaler.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 3
x-nf-request-id: 01H698E0ZFB4EDCZYJGWB7B13R
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
age: 117
x-cache: HIT
x-ah-environment: prod
content-length: 19504
x-request-id: v-964eb07a-2b52-11ee-a40f-f734329587eb
last-modified: Wed, 19 Jul 2023 08:22:20 GMT
server: cloudflare
content-type: font/woff2
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 7ecd360cadda2c2d-FRA
expires: Wed, 26 Jul 2023 14:10:53 GMT

GET
H2 200 fa-solid-900.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/ 134 KB
135 KB 54ms
54ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-solid-900.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68eb827a2fa6f035eab41392f863522ae5dc0d4c0c31d5245362a7f1a5aed46a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
Origin: https://www.zscaler.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 1
x-nf-request-id: 01H698E0ZMJMF4PXEQ78YFNF6K
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
age: 237
x-cache: MISS
x-ah-environment: prod
content-length: 137704
x-request-id: v-ba0bb1e6-2a5a-11ee-90a8-cf705d3fcfe0
last-modified: Wed, 19 Jul 2023 08:22:20 GMT
server: cloudflare
content-type: font/woff2
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 7ecd360cade02c2d-FRA
expires: Wed, 26 Jul 2023 14:08:52 GMT

GET
H2 200 fa-brands-400.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/ 74 KB
74 KB 68ms
67ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-brands-400.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec2e22fd918a8ffef0f54f466fb7edd2c586f39dad794cd25a0a97ce36c404d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
Origin: https://www.zscaler.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 1
x-nf-request-id: 01H698E0ZPP40VVDDAC95H16RT
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
age: 117
x-cache: HIT
x-ah-environment: prod
content-length: 76008
x-request-id: v-5d287480-27b9-11ee-b462-8b5dbef77306
last-modified: Wed, 19 Jul 2023 08:22:20 GMT
server: cloudflare
content-type: font/woff2
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 7ecd360cade32c2d-FRA
expires: Wed, 26 Jul 2023 14:10:53 GMT

GET
H2 200 gt-haptik-zs-bold-webfont.woff2
www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/ 19 KB
19 KB 77ms
77ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/gt-haptik-zs-bold-webfont.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f641642f73b0d4a76b30723c0dec94325eafbc39620de7e3fc6283e1550829e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
Origin: https://www.zscaler.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 2
x-nf-request-id: 01H698E0ZYM5GV3PV1T6DHHPRF
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
age: 117
x-cache: HIT
x-ah-environment: prod
content-length: 19652
x-request-id: v-52286c3c-2b53-11ee-8d51-fb57d22b1541
last-modified: Wed, 19 Jul 2023 08:22:20 GMT
server: cloudflare
content-type: font/woff2
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 7ecd360cade42c2d-FRA
expires: Wed, 26 Jul 2023 14:10:53 GMT

HEAD
H2 200 fail-over.js Show response
www.zscaler.com/ 0
2 KB 54ms
54ms XHR
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/fail-over.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gNZTZIkSbsSU4xGxTQt_hjD-nyOnfiY1yPAmRJLLw8c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-nf-request-id: 01H698E11AF9SADT7SCDAPCRTQ
date: Wed, 26 Jul 2023 14:07:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 6485
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
etag: "51b043bac3337957be83d6187f5365eb-ssl"
vary: X-Bb-Conditions
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 7ecd360d0e7d2c2d-FRA

GET
H2 200 fail-over.js Show response
www.zscaler.com/ 0
95 B 54ms
54ms Script
application/javascript 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/fail-over.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gNZTZIkSbsSU4xGxTQt_hjD-nyOnfiY1yPAmRJLLw8c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net .mountain.com trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-nf-request-id: 01H698E130VQ5FG0RHQ8D2GRQY
date: Wed, 26 Jul 2023 14:07:49 GMT
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 6485
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
etag: "51b043bac3337957be83d6187f5365eb-ssl"
vary: X-Bb-Conditions
x-frame-options: SAMEORIGIN https://cms.zscaler.com
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 7ecd360d5eec2c2d-FRA

GET
H2 200 fa-light-300.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/ 181 KB
181 KB 57ms
57ms Font
font/woff2 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-light-300.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dc0e215dc2374fc5cdacf24707fabeabc2e4193e12ec9c0203ac9a52a5daf3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
Origin: https://www.zscaler.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 1
x-nf-request-id: 01H698E13PRRM6SQW6G19M1B07
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
age: 117
x-cache: MISS
x-ah-environment: prod
content-length: 185360
x-request-id: v-4b6371a8-28b0-11ee-8630-7b99416aafa6
last-modified: Wed, 19 Jul 2023 08:22:20 GMT
server: cloudflare
content-type: font/woff2
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 7ecd360d7f152c2d-FRA
expires: Wed, 26 Jul 2023 14:10:53 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 72 B
310 B 142ms
58ms XHR
application/json 2606:4700::6812:1d26
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d26 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bd5068ee3f41ad2ed4f003c13c4e939021c77f7a69ac82d25211c72868b520e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7ecd360e182e90dc-FRA
access-control-allow-headers: Content-Type

GET
H2 200 zscaler-logo.svg
www.zscaler.com/sites/default/files/images/page/m7header/ 2 KB
1 KB 54ms
53ms Image
image/svg+xml 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://www.zscaler.com/sites/default/files/images/page/m7header/zscaler-logo.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb71a91ef4937bdac04520d7e7b1852bb28635ae850934d440360ccc8142c1a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cache-hits: 2
x-nf-request-id: 01H698E14GDA4PCKZR5N2GT8VS
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
age: 198
x-cache: MISS
x-ah-environment: prod
x-request-id: v-f3c28bf4-2a68-11ee-b6be-870d3d1c21cc
last-modified: Wed, 29 Mar 2023 13:53:42 GMT
server: cloudflare
content-type: image/svg+xml
cache-control: public, max-age=300
cf-ray: 7ecd360daf632c2d-FRA
expires: Wed, 26 Jul 2023 14:10:53 GMT

GET
H2 200 zscaler-blog-botnets-1%402x.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blogs/----category-images/botnets/ 70 KB
71 KB 66ms
66ms Image
image/webp 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blogs/----category-images/botnets/zscaler-blog-botnets-1%402x.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4019dc0c85c3a21c0c97662c7c896476dd01ce39bd1aa7f4c6c91f62d6095ea

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
content-length: 71898
cf-resized: internal=ok/d q=0 n=34+431 c=0+0 v=2023.7.3 l=71898
last-modified: Fri, 04 Sep 2020 22:13:16 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfSOjTiMW30yyvwHWId6tlsLUb1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
content-type: image/webp
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 7ecd360daf642c2d-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 453 KB
120 KB 186ms
98ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing/google_tag.script.js?ryaobr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4cba84adcb7bd62657459e19218ca7466e83428bd33a22c10d81106dbd02381f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122291
x-xss-protection: 0
last-modified: Wed, 26 Jul 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 Jul 2023 14:07:49 GMT

GET
H2 200 zscaler-blog-category-hero-background-gradient-blue-2x.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/blog-hero/ 126 KB
126 KB 65ms
65ms Image
image/jpeg 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/blog-hero/zscaler-blog-category-hero-background-gradient-blue-2x.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2b66668bbb8fae36b12842672cbeeedc9e7c16562d3c592a6613b6f44aed1b1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
content-length: 128708
cf-resized: internal=ok/d q=0 n=876+468 c=0+0 v=2023.7.2 l=128708
last-modified: Tue, 09 May 2023 14:59:58 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfhbxO8X4tnrT2okRVhjqRLd_o1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF", cf-images 299 "original is 45589B smaller"
content-type: image/jpeg
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 7ecd360e384f2c2d-FRA
priority: u=1;i=?0,cf-chb=(257;u=4;i=?0 28205;u=5;i=?0 63104;u=6;i=?0)

GET
H2 200 getForm Show response
info.zscaler.com/index.php/form/ 6 KB
2 KB 226ms
225ms Script
application/javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=1944&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&callback=jQuery112409427603364959034_1690380469373&_=1690380469374
Requested by: Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52fdcd69acde3b5c0518f066621423b921c54dbba4cf425d31da7e69b8c6b1ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7ecd360e3fee9be6-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 getForm Show response
info.zscaler.com/index.php/form/ 6 KB
2 KB 270ms
270ms Script
application/javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=7140&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&callback=jQuery112409427603364959034_1690380469375&_=1690380469376
Requested by: Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b374f42cf8f1836e0d9f249581b0f81f51c3f51a38b166e873fa0050b89899dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7ecd360e3ff49be6-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.39.0/ 372 KB
89 KB 53ms
53ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Zp/CcrZmK7hQ2S6c/t9Tpw==
age: 35807
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 90454
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:31:04 GMT
server: cloudflare
etag: 0x8DA87805EB35DE2
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 526a626c-301e-007c-66e1-5a45d3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ecd360e7c61915f-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/57d0b2fd-5e95-4e1b-923d-cff7f0c71c9e/ 76 KB
15 KB 91ms
90ms Fetch
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/57d0b2fd-5e95-4e1b-923d-cff7f0c71c9e/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69fe3a3cb8e52c9522e1317a41bfda30f19e6c199fb84c66f083cd9e35e46442

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24371
content-md5: a+O//X2h08gSfqxZ78vXYQ==
content-length: 15164
x-ms-lease-status: unlocked
last-modified: Tue, 27 Dec 2022 13:11:17 GMT
server: cloudflare
etag: 0x8DAE80BD6BFBADE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2fb75736-001e-017b-7ce3-5af503000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ecd360f5c181e5a-FRA
expires: Thu, 27 Jul 2023 14:07:49 GMT

GET
H2 200 forms2.css
info.zscaler.com/js/forms2/css/ 13 KB
3 KB 57ms
56ms Stylesheet
text/css 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://info.zscaler.com/js/forms2/css/forms2.css

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 5693
etag: "460919-3437-60062cdee3780"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7ecd360faa239be6-FRA
content-length: 2623
expires: Wed, 26 Jul 2023 18:07:49 GMT

GET
H2 200 forms2-theme-round.css
info.zscaler.com/js/forms2/css/ 4 KB
1 KB 153ms
153ms Stylesheet
text/css 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://info.zscaler.com/js/forms2/css/forms2-theme-round.css

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
etag: "3a0896-e46-60062cdee3780"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7ecd360faa269be6-FRA
content-length: 968
expires: Wed, 26 Jul 2023 18:07:49 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 13 KB
3 KB 55ms
55ms Fetch
application/json 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Xx897lTVYGjMQiwuGCrzDA==
age: 23323
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3007
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:30:55 GMT
server: cloudflare
etag: 0x8DA87805972EF22
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 787e6ad9-401e-0138-04e1-5adfea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ecd360fdcee1e5a-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 5 KB
2 KB 54ms
54ms Fetch
application/json 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ssl6Phwu9+sah2W05EtyUQ==
age: 16143
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:30:57 GMT
server: cloudflare
etag: 0x8DA87805A8DD1F0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 95db905d-901e-0094-2de3-5ab828000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ecd360fdcf11e5a-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 22 KB
5 KB 62ms
62ms Fetch
text/css 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: B55i3ZY9miZIaUrwjufy0w==
age: 3975
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:31:09 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 7e19b9f3-801e-0003-59e1-5adbe1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7ecd360fdcf51e5a-FRA

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/ 3 KB
2 KB 172ms
82ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1690380469749&cv=11&fst=1690380469749&bg=ffffff&guid=ON&async=1&gtm=45He37o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&hn=www.googleadservices.com&frm=0&tiba=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&auid=792572458.1690380470&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a34ea2b456ad49f191e7e11196c5101b126f4aa1eba5370943e695e9a1e1d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1376
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 127ms
39ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 26 Jul 2023 13:04:39 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3790
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 26 Jul 2023 15:04:39 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 3 KB
2 KB 167ms
80ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1690380469755&cv=11&fst=1690380469755&bg=ffffff&guid=ON&async=1&gtm=45He37o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&hn=www.googleadservices.com&frm=0&tiba=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&auid=792572458.1690380470&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0542aebf576727cccfa1f6782cc69712412aa823133c4acf9e992a315e43c559

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1377
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 273 KB
90 KB 78ms
77ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0dbffa7e8707628f7105d2d66eb6514f15f51ce21a169b02ddc62b67f4882066

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91940
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 26 Jul 2023 14:07:49 GMT

GET
H2 200 XDFrame Show response
info.zscaler.com/index.php/form/ Frame C773 2 KB
865 B 162ms
162ms Document
text/html 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://info.zscaler.com/index.php/form/XDFrame

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 7ecd36105b3c9be6-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 26 Jul 2023 14:07:49 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 form-button-arrow.svg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/footer/ 704 B
486 B 63ms
63ms Image
image/svg+xml 2606:4700::6812:1c4a
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/footer/form-button-arrow.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d25984848cb59b62095fd6cb563ef08f012a501258c06fd7e64d263a785e1c88

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/sites/default/files/css/css_i6lwRXfk6j6oD5jkmEpkF0IN3S5BDpcNAExT0n9LWxk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
strict-transport-security: max-age=31536000; preload
via: varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cf-resized: internal=ok/d q=0 n=25+0 c=0+0 v=2023.7.3 l=704
last-modified: Wed, 19 Jul 2023 08:22:20 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: W/"cfDDzwzbiwy4uUZkpDyQAkTPSc1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive"
content-type: image/svg+xml
cache-control: public, max-age=300
cf-ray: 7ecd3610abb62c2d-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
245 B 154ms
49ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je37o0&_p=1175458261&_gaz=1&cid=1962683633.1690380470&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690380469&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&dt=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&en=page_view&_fv=1&_nsi=1&_ss=1&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 156ms
49ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=1962683633.1690380470&gtm=45je37o0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 155ms
64ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-10SPJ4YJL9&cid=1962683633.1690380470&gtm=45je37o0&aip=1&z=1236947190

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
208 B 55ms
55ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1175458261&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&ul=en-us&de=UTF-8&dt=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAACAAI~&jid=886541886&gjid=1540982721&cid=1962683633.1690380470&tid=UA-6177009-1&_gid=536737408.1690380470&_slc=1&gtm=45He37o0n715SLZFK&z=1811750693

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
349 B 126ms
48ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-6177009-1&cid=1962683633.1690380470&jid=886541886&gjid=1540982721&_gid=536737408.1690380470&_u=YCDAiEABBAAAAGAAI~&z=1271974985

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 26 Jul 2023 14:07:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
108 B 142ms
54ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1690380469755&cv=11&fst=1690380000000&bg=ffffff&guid=ON&async=1&gtm=45He37o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&frm=0&tiba=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&fmt=3&is_vtc=1&random=3415027870&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/812494211/ 42 B
108 B 128ms
52ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/812494211/?random=1690380469755&cv=11&fst=1690380000000&bg=ffffff&guid=ON&async=1&gtm=45He37o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&frm=0&tiba=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&fmt=3&is_vtc=1&random=3415027870&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/973777747/ 42 B
455 B 140ms
52ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973777747/?random=1690380469749&cv=11&fst=1690380000000&bg=ffffff&guid=ON&async=1&gtm=45He37o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&frm=0&tiba=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&fmt=3&is_vtc=1&random=4219135217&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/973777747/ 42 B
455 B 127ms
51ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/973777747/?random=1690380469749&cv=11&fst=1690380000000&bg=ffffff&guid=ON&async=1&gtm=45He37o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&frm=0&tiba=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&fmt=3&is_vtc=1&random=4219135217&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 forms2.min.js Show response
info.zscaler.com/js/forms2/js/ Frame C773 208 KB
69 KB 57ms
57ms Script
application/x-javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://info.zscaler.com/js/forms2/js/forms2.min.js

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://info.zscaler.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 7170
etag: "4a0d68-34099-60062cdee3780"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 7ecd36116cb29be6-FRA
expires: Wed, 26 Jul 2023 18:07:50 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 64ms
64ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-6177009-1&cid=1962683633.1690380470&jid=886541886&_u=YCDAiEABBAAAAGAAI~&z=1255811509

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 64ms
64ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-6177009-1&cid=1962683633.1690380470&jid=886541886&_u=YCDAiEABBAAAAGAAI~&z=1255811509

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 async-api.30bd804e-1.236.0.min.js Show response
js-agent.newrelic.com/ 3 KB
3 KB 125ms
42ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Download Go to

Full URL

https://js-agent.newrelic.com/async-api.30bd804e-1.236.0.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fa44ba5620fc182eb36d66b9dea560edeb23af9c3104647e39e2a4d3fabcf8cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: 366JrVMQzTPfkja9KvKWB.1FAlNj2g2u
date: Wed, 26 Jul 2023 14:07:50 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V160HEFG7EFECRX2
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2851
x-amz-id-2: 0eBKUdrxS14x6LgkTPCmMEB3l0LE6ZMWjtAG9L6qQRKf2HwTDauZumZ0lO0xzHb91rsrxkWwK2Y=
x-served-by: cache-fra-eddf8230094-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690380470.237506,VS0,VE0
etag: "ce1527db8799a0ba1913b5c7b7f666aa"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5828

GET
H2 200 860.03a8b7a5-1.236.0.min.js Show response
js-agent.newrelic.com/ 14 KB
6 KB 124ms
41ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Download Go to

Full URL

https://js-agent.newrelic.com/860.03a8b7a5-1.236.0.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

38068c6216d8cd0ebd227e767dea7b85b17c68ee40a2b32c20cb879ea225d274

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: iJSI6dlO2Ys6eX3e0ReqL6kXFai6YRCl
content-encoding: br
via: 1.1 varnish
date: Wed, 26 Jul 2023 14:07:50 GMT
strict-transport-security: max-age=300
x-amz-request-id: V16AM8ZN8PYP562E
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 5507
x-amz-id-2: p53eNBuSl8l54BX4vm/T8MRAZj4+7UF7Zj6Jk8Z1gEGZek7iztQ2HnDO9cdAyyhavWTTx/o/XdA=
x-served-by: cache-fra-eddf8230094-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690380470.237465,VS0,VE0
etag: "5c2d33afe15ef1ea0f7dfd3d77677165"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5331

GET
H2 200 session-manager.2a64278a-1.236.0.min.js Show response
js-agent.newrelic.com/ 1 KB
2 KB 125ms
42ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Download Go to

Full URL

https://js-agent.newrelic.com/session-manager.2a64278a-1.236.0.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c902ff18c7858648be03999d4022c40d66ad694ae218ea4b1558e74703b854a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: ur1tw3MWf2WErGuFKp0fYWjcNIfD4uOb
date: Wed, 26 Jul 2023 14:07:50 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V16A1FCNY83AK894
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1387
x-amz-id-2: upYMIkDsSKQm716sJRiAZiA1Gcm46rhBIW9aR4KcluiHUzwt5sYZ1qhtDXdlsCvnTJifqO5cU7qsZcXYYhk3cw==
x-served-by: cache-fra-eddf8230094-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690380470.237452,VS0,VE0
etag: "a097cb2068fb2d63e521cacf139c921d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5135

GET
H2 200 6934ae2b-4c76-4229-97d0-8f637b004b88.js Show response
j.6sc.co/j/ 4 KB
4 KB 187ms
54ms Script
application/javascript 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to

Full URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-162-89.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: uLuCr1hhLpJjZt0sFSB89FSJa4YqIrE7
date: Wed, 26 Jul 2023 14:07:50 GMT
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 3771
pragma: no-cache
last-modified: Tue, 02 May 2023 17:36:47 GMT
server: AmazonS3
etag: "afb8c61166e7f50fe6d7ab7b6377733c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: Bk-ezQ4Xej5u_1og_qw8nhd54lohkidIN67SEZbd4_HQEfFnxhgGlQ==
expires: Wed, 26 Jul 2023 14:07:50 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 75 KB
24 KB 124ms
41ms Script
text/javascript 2600:9000:225e:1200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5524df7fe4aa63c2fc3fc78df4ad8d85be1220d412932045aecedd7c6867f295

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

X-Amz-Version-Id: UeoU0Gz3_HzKLq6sV_ojkiQ4XS52d7FF
Content-Encoding: gzip
Via: 1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Date: Wed, 26 Jul 2023 13:29:23 GMT
Age: 2312
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 20 Jul 2023 13:55:48 GMT
Server: AmazonS3
Etag: W/"30b5a7abf188989358d0ea9afb930b88"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: P4ONgK50qUuRJvcXXZFsADJXAW3vXnATXIRAhLmxlViKCbrMtzA9aA==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 173ms
50ms Script
application/x-javascript 2a02:26f0:3100::1735:28a9
AKAMAI-ASN1

General

Check archive.org

Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28a9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=51180
accept-ranges: bytes
content-length: 4862

GET
H2 200 bat.js Show response
bat.bing.com/ 42 KB
13 KB 148ms
65ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

62ed4d49c5a79b0aff17f47c74efc7958d70987d9350e746c0342755587dd3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 26 Jul 2023 14:07:50 GMT
last-modified: Mon, 17 Jul 2023 22:20:48 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5E3C7C586EA24D3780365C4D6564E687 Ref B: FRA31EDGE0516 Ref C: 2023-07-26T14:07:50Z
etag: "060e2effcb8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12438

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 195ms
46ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (via/F333) /
Resource Hash: 0f6c70978f192c9dbb5a5e9e1389814afc95e65274c24b03de4a95ddb2d0e44b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
content-encoding: gzip
last-modified: Tue, 25 Jul 2023 16:47:21 GMT
server: ECS (via/F333)
age: 27665
etag: "1cdb7dae17bfd91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25470

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 121ms
40ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

308100ff6c64af6ac2edf80a069273cee122cb63d7a5025dcb501f5dbddbbd05

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 26 Jul 2023 14:07:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46993
x-xss-protection: 0
pragma: public
x-fb-debug: kBNdxH47iW6jbRsmb59+kp2vrJKBKKKOA1E3Zet/ZqquS0mlLWKuDpTL5FG1/X7U5FVZT/pFxbIr/3MH1DDGWw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 159ms
66ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 75445
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 7ecd361328163aa2-FRA
expires: Wed, 26 Jul 2023 14:27:50 GMT

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 20 KB
6 KB 484ms
121ms Script
application/javascript 44.209.137.118
AMAZON-AES

General

Check archive.org

Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cb=64405854370272376term=value
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.209.137.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-209-137-118.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 39b198ca66d1bdf5af2d753188788c1d738d977bd700135519f0168a46bf080e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
content-encoding: gzip
server: istio-envoy
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
x-envoy-upstream-service-time: 3
be: spx-burnin
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 fullcircle.js Show response
d2i34c80a0ftze.cloudfront.net/ 32 KB
11 KB 236ms
44ms Script
application/json 2600:9000:223f:ce00:9:14eb:6280:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=731c316a-c46e-4a94-81a9-7cfc0ea0d53e&domain=zscaler.com
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ce00:9:14eb:6280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 35fd6bc610a44338bf052da9ac46918d3dd7575a12c7ec732e7922ca2105502a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 04:08:33 GMT
via: 1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront), 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-C1, FRA56-P5
age: 35956
x-amzn-requestid: 2733dfdf-bdbe-48a3-9876-b463aa697fe1
x-amzn-trace-id: Root=1-64c09c41-415a3b9814604b65329b2bf1;Sampled=0;lineage=be50798f:0
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amz-apigw-id: Ip1aVE-mvHcFWgQ=
x-amz-cf-id: U-89-eJlhKVsBkB14tv_R8KDWvzjwwi5p1lIhKE-CyxywqyQzpRh4g==

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 26 KB
6 KB 231ms
42ms Script
application/javascript 35.244.142.80
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 13:37:45 GMT
content-encoding: gzip
age: 1805
x-guploader-uploadid: ADPycdt-KkKXJo21XEzxCqiiNxGmVYM6nGI8Tk8kjJLFkqMdzmmoP-tLujL_-eN1umvP23stem90hwEOvsmYXG1Fv5czHa39eobl
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5774
last-modified: Fri, 28 May 2021 20:34:03 GMT
server: UploadServer
etag: "d001d1c9f5a942fa5524eeacb047e819"
vary: Accept-Encoding
x-goog-generation: 1622234043862937
x-goog-hash: crc32c=oKoi/w==, md5=0AHRyfWpQvpVJO6ssEfoGQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 5774
accept-ranges: bytes
content-type: application/javascript;
expires: Wed, 26 Jul 2023 14:37:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 232 KB
78 KB 73ms
73ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-812494211

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6ef6b310be6928f07cf3db3db8ba9b899027b03fa1a65fed0c304b8a4270f74a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79740
x-xss-protection: 0
last-modified: Wed, 26 Jul 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 Jul 2023 14:07:50 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 224ms
51ms Script
application/x-javascript 13.225.33.74
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.33.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-33-74.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 213924f2d4c07c46604b981a03ea8d96f6dddf790d2702d132dc1de912e4d66b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Wed, 26 Jul 2023 01:57:47 GMT
Content-Encoding: gzip
Via: 1.1 ed56cfaa883e0c10b610c3cdd45acb40.cloudfront.net (CloudFront)
Last-Modified: Thu, 20 Jul 2023 21:17:34 GMT
Server: AmazonS3
X-Amz-Cf-Pop: CDG3-C2
Age: 43804
x-amz-server-side-encryption: AES256
ETag: W/"7ffd034e063c717aa14f454b893b9ec3"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: 0GaLz6syyVU_XIwawWmOZ21pFOwJQb0pEprJcmDz88ZO2TTQQIeEig==

GET
H2 403 sf14g.js
t.sf14g.com/ 0
0 379ms
118ms Script
text/html 35.170.39.103
AMAZON-AES

General

Check archive.org

Download Go to

Full URL: https://t.sf14g.com/sf14g.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.170.39.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-170-39-103.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 183ms
40ms Script
application/x-javascript 23.210.118.178
AKAMAI-AS

General

Check archive.org

Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.118.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-118-178.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Wed, 26 Jul 2023 14:07:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 lazy-feature-loader.2f55ce66-1.236.0.min.js Show response
js-agent.newrelic.com/ 1 KB
1 KB 42ms
42ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Download Go to

Full URL

https://js-agent.newrelic.com/lazy-feature-loader.2f55ce66-1.236.0.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d9bafbaa07911d0596a806a1177da26c107f735052d28603bc5eb8fa0dc63b55

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: SNNZ70_ndPBZM4f5drSRay_oJEEp97f5
date: Wed, 26 Jul 2023 14:07:50 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V16FNAZW59HEFJG0
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1085
x-amz-id-2: pkfKdXF0ec9M5wmr/XnuOdiy3sJ9l2J8W0+mV18C4Y/E7ElWkyPmB6Zv+aJ4N+mCS9iq7HMT8b2lg2w+e+nWnw==
x-served-by: cache-fra-eddf8230094-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690380470.326904,VS0,VE0
etag: "e43b565f398109176254b8a9394de5ba"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5411

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js
https://s.adroll.com/j/exp/index.js

28 B
785 B

84ms
42ms

Script
application/javascript

2600:9000:225e:1200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:1200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

X-Amz-Version-Id: KLTaAvzmAP.1_rS.URSLlTS3u46mZQHP
Date: Tue, 25 Jul 2023 17:31:11 GMT
Via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
Age: 74200
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Tue, 21 Mar 2023 16:39:30 GMT
Server: AmazonS3
Etag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: zV1UDNcJX9SdGrqV9KGpXkTxbU5zpxgyIKRw62zExYTgNhoLpcAZuw==

Redirect headers

Date: Tue, 25 Jul 2023 18:48:25 GMT
Via: 1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Age: 69564
X-Amz-Cf-Pop: FRA60-P4
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: EJEVwzMWF0CxtepiLmFcf_oE6AjE8L9t5nEG8FvR7Ofw9MwpsZMpZA==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

61ms
42ms

Script
application/javascript

2600:9000:225e:1200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:1200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date: Tue, 25 Jul 2023 20:04:04 GMT
Via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
Age: 65028
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: P4sdsEff-FfnY9FmGWfELupXvoNYHx6LCq3NOjBp12hS8pe9b8O-YQ==

Redirect headers

Date: Wed, 26 Jul 2023 01:45:26 GMT
Via: 1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Age: 44543
X-Amz-Cf-Pop: FRA60-P4
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: lLqGSXChewIC7-iclzS89UPzzSTjp-ounes6mek67AqhW6NY9iOnVA==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/ 0
808 B 105ms
42ms Script
text/javascript 2600:9000:225e:1200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

X-Amz-Version-Id: ghS5k2.k6_jaWGJlpLWOWc6TlmniVx_1
Date: Wed, 26 Jul 2023 13:56:21 GMT
Via: 1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Age: 896
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Fri, 21 Jul 2023 12:14:32 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 2WJZK3Zy6RRSZD-NYFFlr8qLa1Uba2PwX_aSWMzwdLt0fsvQlYi4JQ==

GET
H2 204 26354555.js Show response
bat.bing.com/p/action/ 0
118 B 158ms
158ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL

https://bat.bing.com/p/action/26354555.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 26 Jul 2023 14:07:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5E55D7C3D7F34883BF04666A2025949C Ref B: FRA31EDGE0516 Ref C: 2023-07-26T14:07:50Z
x-cache: CONFIG_NOCACHE

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 277ms
138ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1690380470320&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 26 Jul 2023 14:07:50 GMT
expires: Wed, 26 Jul 2023 14:07:50 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdv5Wyw9CdX1Rs_I-uKtlweP53GWchJdax65RSnerTQFJiTy-hsWYMIfwMcPVaZM2DO51Q99HrCRCVqDAM-wALTRoHllxYFT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
460 B 155ms
154ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1690380470320&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 2334982
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
via: 1.1 google
x-guploader-uploadid: ADPycduLsRRi4IwFs9p-CxRHW8BYWg0Rao54reKRbBockIFzb1WReSCXQcr2dAIS7tn9agKGfDmvtA4FEqFMoAEyN9WbwDFwJo0c
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Wed, 26 Jul 2023 15:07:50 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/33962/domain/zscaler.com/ 38 B
376 B 169ms
41ms XHR
application/json 2600:9000:20eb:ae00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/33962/domain/zscaler.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:ae00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 9581d252706f6236028acf67e89cd0c2f8ec64ff46a416bf384b2fd3876080d4

Request headers

Accept: *
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 13:37:32 GMT
content-encoding: gzip
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 1818
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: 5t4K4eG-JxBkYGLF5I6YOxUwdF-1watRGofvUyte_sYxFg9s0zqAXg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1690380470330%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblog...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaig...

0
266 B

246ms
148ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cookiesTest=true&liSync=true&e_ipv6=AQLkyfuUDpmaRwAAAYmShwrMtuXiJLDHV0iqKCGVrEWDo8tC4b4quD1ndCYgDWTL-53GZPI
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: ADE5396594A146BDAD1A2767A238E2AE Ref B: FRAEDGE1406 Ref C: 2023-07-26T14:07:51Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYBZF+FtNqy4l69xIcH+Q==

Redirect headers

date: Wed, 26 Jul 2023 14:07:50 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 85DB068B3A7F49AE90D7E75699A815F6 Ref B: DUS30EDGE0905 Ref C: 2023-07-26T14:07:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1690380470330&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cookiesTest=true&liSync=true&e_ipv6=AQLkyfuUDpmaRwAAAYmShwrMtuXiJLDHV0iqKCGVrEWDo8tC4b4quD1ndCYgDWTL-53GZPI
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYBZF+CDLrizXlud/DEVQ==

GET
H2 200 6si.min.js Show response
j.6sc.co/ 48 KB
14 KB 119ms
119ms Script
application/javascript 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jul 2023 16:27:10 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64b9605e-bf6f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14190
expires: Wed, 26 Jul 2023 14:07:50 GMT

GET
H2 200 148.1a20d5fe-1.236.0.min.js Show response
js-agent.newrelic.com/ 8 KB
8 KB 47ms
46ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Download Go to

Full URL

https://js-agent.newrelic.com/148.1a20d5fe-1.236.0.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3e89824dcd4a1d958c6972134bfc50e0c8e4a76d6b47569d14fd7cba455c1f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: ScUpW5z6XcbV4AsRwaGpjCwUtY9KtEdV
date: Wed, 26 Jul 2023 14:07:50 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V16DR883D7PM3805
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 7826
x-amz-id-2: V+aas5/YiB8hULXvDfZhIsWW+TevCOkgVGk/Fj6tlHSP/nHDKK7wQoHIzNE/dowYKiIKBmcwbTA=
x-served-by: cache-fra-eddf8230094-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690380470.373936,VS0,VE0
etag: "bed1f74897d091a7dfc2b06e8a1e29a3"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5418

GET
H2 200 page_view_event-aggregate.06482edd-1.236.0.min.js Show response
js-agent.newrelic.com/ 11 KB
5 KB 43ms
43ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Download Go to

Full URL

https://js-agent.newrelic.com/page_view_event-aggregate.06482edd-1.236.0.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f1249e3503b8a12598e09882e9ded38155ac212298143dec459ce6820c6d3f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: olBWVnN3KrZD.7AbCiVQ_LmF1ZBKIJEh
content-encoding: br
via: 1.1 varnish
date: Wed, 26 Jul 2023 14:07:50 GMT
strict-transport-security: max-age=300
x-amz-request-id: V16FEYSTFEDPYHC4
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 4296
x-amz-id-2: H97fZQNmKZjDmD9s6oOERCRPM+eQfEYaPaxM4am5otyv9pCh6VzqGQl9ZFts5wWPUkATcktLtmE=
x-served-by: cache-fra-eddf8230094-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690380470.373753,VS0,VE0
etag: "553d27144d4f9fbe7e31b802107a2071"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5434

GET
H2 200 page_view_timing-aggregate.bd6de33a-1.236.0.min.js Show response
js-agent.newrelic.com/ 15 KB
15 KB 51ms
50ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Download Go to

Full URL

https://js-agent.newrelic.com/page_view_timing-aggregate.bd6de33a-1.236.0.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6dc5a41a72f6c1b4148d0629284183a4db42a28fef188ff4d55d5872d0ea3561

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: 9W2va1QLSUaCTJ3OoHH2ZOYSIAKsuvOr
date: Wed, 26 Jul 2023 14:07:50 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V166MSHRXDKAVVGE
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 14879
x-amz-id-2: c6U0F1buvLoUbC7Go6OynO2vSuROf3WSt/D6YI1yr+0jsK94y9koc9qEWfBtaM47/YBf5Yf8NJA=
x-served-by: cache-fra-eddf8230094-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690380470.374197,VS0,VE1
etag: "01e96e9ff5c360298d13581ad38e60a8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5418

GET
H2 200 metrics-aggregate.3dc53903-1.236.0.min.js Show response
js-agent.newrelic.com/ 8 KB
3 KB 45ms
45ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Download Go to

Full URL

https://js-agent.newrelic.com/metrics-aggregate.3dc53903-1.236.0.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

11b4a5f186edf838f6e951559bef8aa85c686a83e0a226c5a82622da95e54307

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: Z8jxLQfOXuFmYqpMJ60TDp7HscNrmk8O
content-encoding: br
via: 1.1 varnish
date: Wed, 26 Jul 2023 14:07:50 GMT
strict-transport-security: max-age=300
x-amz-request-id: V160X7JZ0EG0626C
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2987
x-amz-id-2: 5+0z6v9iOJAmzGseP7niEmvz+uxWao1VALb8NoZbCquSjddcdg/5b+W1EwLWyPB/uQ66j8dwtBs=
x-served-by: cache-fra-eddf8230094-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690380470.374134,VS0,VE0
etag: "a912f1cb80b2d3cf15f10d9d022b6188"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5411

GET
H2 200 1778897272132032 Show response
connect.facebook.net/signals/config/ 381 KB
109 KB 218ms
217ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://connect.facebook.net/signals/config/1778897272132032?v=2.9.117&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7f3edad980de45514baad0ef54712e2f920a5a4c7d773be74ccca427b9d8da28

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 26 Jul 2023 14:07:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: FNVm/ueCBoGvqo/xyYgHcohnySH3fF0luYM8uBzA2nVmF7FqujLZLahIOdV6Bce6kezb4sLfy40/GVAbDSR5MQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ULSJHTPGTZGY3EPPZSKHKS Show response
d.adroll.com/consent/check/ 463 B
556 B 170ms
56ms Script
application/javascript 2a05:d018:cc3:fe04:218c:a1f:2d3:6c89
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS?pv=46442583561.62408&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&_s=e80c36237522441b13d0ca934b3ed54c&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:218c:a1f:2d3:6c89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 3f75ff2a61e8e6f67f33cb6b13b2c195ef84a10c72a52a6da80c1e81f5f96e28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
server: nginx/1.22.1
content-length: 463
content-type: application/javascript

POST
H/1.1 200
OK NRJS-686f86ac307898cabed Show response
bam.nr-data.net/1/ 40 B
464 B 426ms
299ms XHR
text/plain 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-686f86ac307898cabed?a=1353557264&v=1.236.0&to=YlxUMEJRWEFTVBALDlsWdwdEWVlcHXMWFxFUVWoKX1RTbnFYChYTWlVaAUJseF1WUjILBEJ6WQpEQlleXlIWT19DUFMT&rst=1900&ck=0&s=7b2e82a405a8dde2&ref=https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&qt=4&ap=1044&be=389&fe=1184&dc=506&at=ThtXRgpLS08%3D&perf=%7B%22timing%22:%7B%22of%22:1690380468565,%22n%22:0,%22f%22:0,%22dn%22:2,%22dne%22:20,%22c%22:20,%22s%22:59,%22ce%22:106,%22rq%22:106,%22rp%22:389,%22rpe%22:443,%22di%22:816,%22ds%22:817,%22de%22:895,%22dc%22:1570,%22l%22:1570,%22le%22:1573%7D,%22navigation%22:%7B%7D%7D&fp=724&fcp=724
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
content-type: text/plain

Response headers

Date: Wed, 26 Jul 2023 14:07:50 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.zscaler.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7ecd36154c2c8ffa-FRA
Content-Length: 40

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
572 B 127ms
40ms XHR
application/json 37.252.173.215
ASN-APPNEX

General

Check archive.org

Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
an-x-request-uuid: 81aab6c3-e9b7-4afd-871f-bfb3ea0bd678
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zscaler.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.106; 80.255.7.106; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 48ms
40ms XHR
text/html 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-162-89.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
303 B 178ms
42ms XHR
text/html 2a02:26f0:7100::210:172
AKAMAI-ASN1

General

Check archive.org

Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.zscaler.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::7
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469550_34603374_539283926_22_1036_38_0_219";dur=1
content-length: 19
expires: Wed, 26 Jul 2023 14:07:50 GMT

GET
H2 200 oribili.js Show response
cdn.linkedin.oribi.io/33962/ 72 KB
24 KB 129ms
47ms Script
application/javascript 2600:9000:20eb:ae00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.linkedin.oribi.io/33962/oribili.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:ae00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: dd8a322e792c9213ea14e836f39124ff8223fbdb1e41d3e69beeca67b83d88c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:04:38 GMT
content-encoding: gzip
via: 1.1 59d92388a3a66e5f245f384a437fa024.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 192
vary: accept-encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript;charset=UTF-8
cache-control: public, max-age=300
x-amz-cf-id: sC1Fkz8PrQvmNQhj9eXDkSc9viA4h9POs3UT2J2gjxLoXyVe-sRg-g==

POST
H2 204 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ 0
0 203ms
203ms Fetch
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by: Host: cdn.pdst.fm
URL: https://cdn.pdst.fm/ping.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: application/json
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
server: Google Frontend
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by: Express
access-control-allow-methods: GET, POST
content-type: text/html
access-control-allow-origin: *
x-cloud-trace-context: 8a010ed330bf0983caff4ed75e0f3bc4
function-execution-id: sx10gkjv3lnp
access-control-allow-headers: Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame 0
0 266ms
162ms Preflight
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 22
content-type: text/html; charset=utf-8
date: Wed, 26 Jul 2023 14:07:50 GMT
etag: W/"2-ROqGvmcGDXooyAXFZHZ+i4au1yQ"
function-execution-id: h0hjhhcdl4vb
server: Google Frontend
x-cloud-trace-context: 64bbca6accaac39eddf8913c254242ee
x-powered-by: Express

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 60ms
60ms Script
application/x-javascript 23.210.118.178
AKAMAI-AS

General

Check archive.org

Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.118.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-118-178.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Wed, 26 Jul 2023 14:07:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Fri, 03 Nov 2023 14:07:50 GMT

OPTIONS
H2 200 create
st.fullcircleinsights.com/v1/visitors/ Frame 0
0 619ms
483ms Preflight
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.zscaler.com
content-length: 1
content-type: application/json
date: Wed, 26 Jul 2023 14:07:51 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-apigw-id: IrNMpHlmPHcF7YQ=
x-amz-cf-id: DDHxGHwIJsPGBbAyv-zENFwcOvQ91Jf4jciSRZtBDm-faTwPcR2nAA==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 9cfe002d-7939-4f0f-a83f-f619a18e958b
x-cache: Miss from cloudfront

POST
H2 200 create Show response
st.fullcircleinsights.com/v1/visitors/ 1 KB
2 KB 673ms
673ms XHR
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash: 94367621b56cafee970e8b6c64fd3042ab705a400ee913a80f5fbe823bb5cda0

Request headers

origin-fci: https://www.zscaler.com
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
js-version: 1.0.58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
x-api-key: qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 Jul 2023 14:07:51 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-64c128b7-7c4517985e415aa2293d9880;Sampled=0;lineage=7c392b7c:0
x-amzn-requestid: 93cd5362-cc15-4a1d-826d-a9181b8c40d9
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
x-amz-apigw-id: IrNMvG8SPHcFvcw=
content-length: 1405
x-amz-cf-id: vdPFYHlDkrYJThWrWb_zG6IxMbmcXmvhiOtYNnLzm2iCf5WU65cSkA==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 3 KB
2 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1690380470526&cv=11&fst=1690380470526&bg=ffffff&guid=ON&async=1&gtm=45be37o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&hn=www.googleadservices.com&frm=0&tiba=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&auid=792572458.1690380470&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ffb89d34a5a429853d5282d49f7bb8a776721497952b16a881ab845dd9c2685

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1394
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 create Show response
st.fullcircleinsights.com/v1/visitors/ 1 KB
2 KB 523ms
522ms XHR
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash: ab7ecf74de4195912e256c80f6f790be58a4b1af34f0fd20c56be02fbc85dbcf

Request headers

origin-fci: https://www.zscaler.com
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
js-version: 1.0.58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
x-api-key: qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 Jul 2023 14:07:51 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-64c128b7-3fd1453a2f1d87063f3d2fb7;Sampled=0;lineage=7c392b7c:0
x-amzn-requestid: 35a65c30-3315-4b7f-a6b1-7a92f93bb493
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
x-amz-apigw-id: IrNMtFHePHcF6qw=
content-length: 1406
x-amz-cf-id: aETN2iYcid0g56HDL0Y0bRnQViRj2QXpOGN4t5cTWZvhhTQzGTsmjw==

OPTIONS
H2 200 create
st.fullcircleinsights.com/v1/visitors/ Frame 0
0 573ms
466ms Preflight
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.zscaler.com
content-length: 1
content-type: application/json
date: Wed, 26 Jul 2023 14:07:51 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-apigw-id: IrNMpFrTPHcF7iQ=
x-amz-cf-id: ynjObOn9o02RxhmTvn21z9dLreg5YPETDqxMkQqRij0XLFViAc6khQ==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 4634f1ce-be21-4842-9c75-50f940f46858
x-cache: Miss from cloudfront

POST
H2 200 create Show response
st.fullcircleinsights.com/v1/visitors/ 1 KB
2 KB 521ms
520ms XHR
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash: be07e774183e5ae1b23611dc0844d4e8cc1d08e319e649cdaa14f89c48c9fbe9

Request headers

origin-fci: https://www.zscaler.com
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
js-version: 1.0.58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
x-api-key: qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 Jul 2023 14:07:51 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-64c128b7-054d34b146e8ca583341e398;Sampled=0;lineage=7c392b7c:0
x-amzn-requestid: 9d9811ce-b4eb-4eec-a929-8974fd045a6c
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
x-amz-apigw-id: IrNMtGY_PHcF52g=
content-length: 1405
x-amz-cf-id: KbDMY7RezNewt8n8S7qU9OlTd9cWhbSOzH3vJL6K343H0kxXqIiCuw==

OPTIONS
H2 200 create
st.fullcircleinsights.com/v1/visitors/ Frame 0
0 569ms
464ms Preflight
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.zscaler.com
content-length: 1
content-type: application/json
date: Wed, 26 Jul 2023 14:07:51 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-apigw-id: IrNMpHWTPHcFSwA=
x-amz-cf-id: Op_Ym5zQ6S_oLAagt-bxQyIiZUKaokX9Isvwxrj6M2KMFJDVmMBd0A==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 4a929c0a-4949-4d21-939c-67aaa2a52d26
x-cache: Miss from cloudfront

GET up
insight.adsrvr.org/track/ Frame F4E8 0
0

POST
H/1.1 200
OK visitWebPage
306-zej-256.mktoresp.com/webevents/ 2 B
318 B 730ms
122ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Download Go to

Full URL: https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1690380470571&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-zscaler.com-1690380470570-54693&_mchHo=www.zscaler.com&_mchPo=&_mchRu=%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Wed, 26 Jul 2023 14:07:51 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 50d35fda-16e3-4c7e-a6d4-fa74e6b37152

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 278ms
271ms Image
image/gif 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=0bf2c64b-bef7-4161-8581-a3b892e7f331&session=6b873108-77ef-4e80-8fa4-9a2a4f6879eb&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2026%20Jul%202023%2014%3A07%3A50%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22ab9750bca4342498694e239e304dd3a9%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2026%20Jul%202023%2014%3A07%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%221dc729230d6b8d19bab5e6236d81f60c4dca0823%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2026%20Jul%202023%2014%3A07%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2026%20Jul%202023%2014%3A07%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2026%20Jul%202023%2014%3A07%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%226934ae2b-4c76-4229-97d0-8f637b004b88%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2026%20Jul%202023%2014%3A07%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2026%20Jul%202023%2014%3A07%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2026%20Jul%202023%2014%3A07%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Throughout%20this%20article%2C%20we%20delve%20into%20the%20intricacies%20of%20Qakbot%27s%20attack%20chains%2C%20encryption%20methods%2C%20and%20its%20wide%20geographical%20reach.%22%2C%22keywords%22%3A%22Onenote%2C%20steganography%2C%20malware%2C%20Phishing%2C%20threat%2C%20cybersecurity%2C%20infosec%2C%20security%2C%20threatintel%2C%20threathunt%2C%20campaign%2C%20DLL%20Hijacking%2C%20persistence%2C%20process%20injection%2C%20obfuscation%2C%20anti-sandbox%2C%20anti-antivirus%2C%20rc4%2C%20encryption%2C%20decryption%2C%20Qakbot%2C%20backdoor%2C%20banker%2C%20HTML%20smuggling%2C%20powershell%2C%20XMLHTTP%2C%20DLL%20Side-Loading%2C%20Pikabot%2C%20XOR%2C%20sandbox%20and%20command-and-control%22%2C%22title%22%3A%22Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&pageViewId=f843303b-8a28-4e71-8b5f-f4abe5e3aa20&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 726 B
575 B 128ms
44ms XHR
application/json 3.127.67.224
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.67.224 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-67-224.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: db5338a03b74d36398a3f49bf468a187aba9346ccf69705d9e070b069de97b3b

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
Authorization: Token 1dc729230d6b8d19bab5e6236d81f60c4dca0823
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
X-6s-CustomID: WebTag 6934ae2b-4c76-4229-97d0-8f637b004b88

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
content-length: 390

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 139ms
43ms Preflight 3.127.67.224
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.67.224 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-67-224.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.zscaler.com
access-control-max-age: 1800
date: Wed, 26 Jul 2023 14:07:50 GMT
server: nginx

GET
H2 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
108 B 55ms
54ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1690380470526&cv=11&fst=1690380000000&bg=ffffff&guid=ON&async=1&gtm=45be37o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&frm=0&tiba=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2415683420&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/812494211/ 42 B
108 B 54ms
54ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/812494211/?random=1690380470526&cv=11&fst=1690380000000&bg=ffffff&guid=ON&async=1&gtm=45be37o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&frm=0&tiba=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2415683420&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 202 event Show response
gw.linkedin.oribi.io/ 0
186 B 635ms
207ms XHR
text/plain 54.187.49.68
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://gw.linkedin.oribi.io/event
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.187.49.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-187-49-68.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Wed, 26 Jul 2023 14:07:51 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain

GET
H2 200 /
px.ads.linkedin.com/ws_collect/ 0
276 B 156ms
155ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to Show image

Full URL: https://px.ads.linkedin.com/ws_collect/?pid=33962&timestamp=1690380470644&raw_event_id=33962-d71ec8f7-0715-7d14-50c6-31b3c033fcef-1690380470643
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:49 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 2A501EF0B418449CB72058DEE818135A Ref B: DUS30EDGE0905 Ref C: 2023-07-26T14:07:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYBZF9+A+a4FYoo/wEl1w==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 235ms
235ms Image
image/gif 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=0bf2c64b-bef7-4161-8581-a3b892e7f331&session=6b873108-77ef-4e80-8fa4-9a2a4f6879eb&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A7%22%7D&isIframe=false&m=%7B%22description%22%3A%22Throughout%20this%20article%2C%20we%20delve%20into%20the%20intricacies%20of%20Qakbot%27s%20attack%20chains%2C%20encryption%20methods%2C%20and%20its%20wide%20geographical%20reach.%22%2C%22keywords%22%3A%22Onenote%2C%20steganography%2C%20malware%2C%20Phishing%2C%20threat%2C%20cybersecurity%2C%20infosec%2C%20security%2C%20threatintel%2C%20threathunt%2C%20campaign%2C%20DLL%20Hijacking%2C%20persistence%2C%20process%20injection%2C%20obfuscation%2C%20anti-sandbox%2C%20anti-antivirus%2C%20rc4%2C%20encryption%2C%20decryption%2C%20Qakbot%2C%20backdoor%2C%20banker%2C%20HTML%20smuggling%2C%20powershell%2C%20XMLHTTP%2C%20DLL%20Side-Loading%2C%20Pikabot%2C%20XOR%2C%20sandbox%20and%20command-and-control%22%2C%22title%22%3A%22Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&pageViewId=f843303b-8a28-4e71-8b5f-f4abe5e3aa20&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:50 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 122ms
40ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&rl=&if=false&ts=1690380470661&sw=1600&sh=1200&v=2.9.117&r=stable&ec=0&o=30&fbp=fb.1.1690380470659.1097337139&cs_est=true&it=1690380470373&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 26 Jul 2023 14:07:50 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
BLOB 200
OK 343307bf-cffa-4948-be84-6d297dc18a1f
https://www.zscaler.com/ 43 B
0 Image
image/gif

General

Check archive.org

Download Go to Show image

Full URL: blob:https://www.zscaler.com/343307bf-cffa-4948-be84-6d297dc18a1f
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

POST
H2 200 / Show response
www.facebook.com/tr/ Frame D5F1 0
72 B 42ms
41ms Document
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.zscaler.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 26 Jul 2023 14:07:51 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 228ms
228ms Image
image/gif 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:51 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 queue Show response
st.fullcircleinsights.com/v1/visits/ 2 KB
2 KB 506ms
506ms XHR
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash: 3851fd9b11d89fb18c868a53e97a1a23e0c6fd279f2e7f54735d89069e31750f

Request headers

origin-fci: https://www.zscaler.com
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
js-version: 1.0.58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
x-api-key: qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 Jul 2023 14:07:52 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-64c128b8-3e617adf241a27140d8b8751;Sampled=0;lineage=adebd93c:0
x-amzn-requestid: 10f4e29e-3ea7-4998-9ab1-b626cde2a230
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
x-amz-apigw-id: IrNM3ExnvHcFwuQ=
content-length: 2096
x-amz-cf-id: hCD_OA-fVmVYHjXQ5kBNa8e8FI5bg3pEjdYo5gewgVityvTNKq09bg==

POST
H2 200 queue Show response
st.fullcircleinsights.com/v1/visits/ 2 KB
2 KB 655ms
655ms XHR
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash: 77db0d676dada17aa496432c1b9810566b6654ed0b34a23584b3bb6ca204cd07

Request headers

origin-fci: https://www.zscaler.com
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
js-version: 1.0.58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
x-api-key: qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 Jul 2023 14:07:52 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-64c128b8-132fe8d218a894ab1fd3448f;Sampled=0;lineage=adebd93c:0
x-amzn-requestid: ede05c83-1628-4641-80eb-9ee90fdc89a2
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
x-amz-apigw-id: IrNM6E4YPHcF54A=
content-length: 2096
x-amz-cf-id: jnBD3pHLJAOINMwG8J-QyA2Zo2-f7ltq9cK5vun1HGiCuVGXsopt1g==

OPTIONS
H2 200 queue
st.fullcircleinsights.com/v1/visits/ Frame 0
0 460ms
460ms Preflight
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.zscaler.com
content-length: 1
content-type: application/json
date: Wed, 26 Jul 2023 14:07:52 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-apigw-id: IrNMyGilPHcF8hw=
x-amz-cf-id: 0XSsGcC8V1zC-1WScFEHZtMkpuc_CtxtZAtr4mTinEDHLaYA-XZsnw==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 49576339-b4f0-44a1-8653-39ca94f63ad4
x-cache: Miss from cloudfront

OPTIONS
H2 200 queue
st.fullcircleinsights.com/v1/visits/ Frame 0
0 608ms
608ms Preflight
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.zscaler.com
content-length: 1
content-type: application/json
date: Wed, 26 Jul 2023 14:07:52 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-apigw-id: IrNM0F2yvHcF5ZA=
x-amz-cf-id: uXho0C0Ko12HmF_qbIFGV6zZEWH1LIiGl8t4-GQKIUVYxegJTxggIA==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 12af571b-16e7-41e3-bfdc-48ce5483c3ff
x-cache: Miss from cloudfront

OPTIONS
H2 200 queue
st.fullcircleinsights.com/v1/visits/ Frame 0
0 609ms
609ms Preflight
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.zscaler.com
content-length: 1
content-type: application/json
date: Wed, 26 Jul 2023 14:07:52 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-apigw-id: IrNM2EjkvHcF5gw=
x-amz-cf-id: 1JcB__K9ye2yzLVykKDIzoPJVmdTde41ejNJloTupoVSWhqDcqY2Nw==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 51033e37-9581-4065-b81a-d18170bdf2c8
x-cache: Miss from cloudfront

POST
H2 200 queue Show response
st.fullcircleinsights.com/v1/visits/ 2 KB
2 KB 222ms
222ms XHR
application/json 143.204.215.41
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-41.fra53.r.cloudfront.net
Software: /
Resource Hash: f7b569b5283c7ccfa40001e12657a619993e830eccd75ffc6cf28aca78fd0db7

Request headers

origin-fci: https://www.zscaler.com
Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
js-version: 1.0.58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
x-api-key: qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 Jul 2023 14:07:52 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-64c128b8-4a3f225765f3557b1e9f2d51;Sampled=0;lineage=adebd93c:0
x-amzn-requestid: af3ad4fd-4ee0-4dff-b260-d164986c78f2
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
x-amz-apigw-id: IrNM4GmVPHcF4lg=
content-length: 2096
x-amz-cf-id: cqpO2SZCHxZrbyHdEKVSqVAHEIAbddfgT90VOTHNlYyigeW6-89vhA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 238ms
237ms Image
image/gif 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:52 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 235ms
235ms Image
image/gif 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK st Show response
px.mountain.com/ 2 KB
2 KB 830ms
204ms Script
application/javascript 52.42.124.195
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=UA-6177009-1%3BG-10SPJ4YJL9&ga_client_id=1962683633.1690380470&shpt=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&ga_info=%7B%22status%22%3A%22One%20or%20more%20failures%22%2C%22ga_tracking_id%22%3A%22UA-6177009-1%3BG-10SPJ4YJL9%22%2C%22ga_client_id%22%3A%221962683633.1690380470%22%2C%22shpt%22%3A%22Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa%22%2C%22dcm_cid%22%3A%221690380469.1%22%2C%22dcm_gid%22%3A%22536737408.1690380470%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A29%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1690380469.1&dcm_gid=536737408.1690380470&available_ga=%5B%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221690380469%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cb=64405854370272376term%3Dvalue&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Clanguage%3Den&shoid=%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cb=64405854370272376term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.42.124.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-124-195.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 610a2ee63689acb7361d2e96b0d34aa8038b76b57fcc94ccade600176683e8ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:54 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 0
connection: close

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 230ms
229ms Image
image/gif 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK gs Show response
gs.mountain.com/ 144 B
733 B 845ms
209ms Script
application/javascript 34.212.4.35
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://gs.mountain.com/gs
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.212.4.35 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-212-4-35.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: aa2775a7802829dba5fd3ec121f4305e99d64a0d9ec3b2e35923fd1ae129b8b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:55 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
cache-control: public, max-age=31536000
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 144
x-application-context: application:prod:8080

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 49ms
48ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je37o0&_p=1175458261&cid=1962683633.1690380470&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1690380469&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&dt=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 14:07:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK st Show response
px.mountain.com/ 6 KB
2 KB 631ms
225ms Script
application/javascript 52.42.124.195
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=UA-6177009-1%3BG-10SPJ4YJL9&ga_client_id=1962683633.1690380470&shpt=Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa&ga_info=%7B%22status%22%3A%22One%20or%20more%20failures%22%2C%22ga_tracking_id%22%3A%22UA-6177009-1%3BG-10SPJ4YJL9%22%2C%22ga_client_id%22%3A%221962683633.1690380470%22%2C%22shpt%22%3A%22Hibernating%20Qakbot%3A%20A%20Comprehensive%20Study%20and%20In-depth%20Campa%22%2C%22dcm_cid%22%3A%221690380469.1%22%2C%22dcm_gid%22%3A%22536737408.1690380470%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A29%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1690380469.1&dcm_gid=536737408.1690380470&available_ga=%5B%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221690380469%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Clanguage%3Den&shoid=%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cb=169038047449012&shguid=b9c7fca2-0701-3392-9b8d-36f62d9d0854&shgts=1690380475341
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.42.124.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-124-195.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 6cd44333f153f5de6a5021ee08ad030908d42f3e86a37a12d82d7ae0858ad01d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:55 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 20
connection: close

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 263ms
262ms Image
image/gif 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 344ms
344ms Image
image/gif 23.36.162.89
AKAMAI-ASN1

General

Check archive.org

Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.89 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 14:07:56 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: insight.adsrvr.org
URL: https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&upid=27hmsyx&upv=1.1.0

Verdicts & Comments Add Verdict or Comment

128 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.info.zscaler.com/	1970-01-20 13:33:02	Name: __cf_bm Value: B9yndKWspftLAkRJ4Bk1z1w4HRtsfv_6CVbaieZTdeg-1690380469-0-AXzspKsERSAE28x9rLhu2RdAG9f2sN4YhZ34LQ5xt/J0+kSoOXhXSG6UH2WyMLMSVzMbTHumuXp9rr27EIwwsNA=
.zscaler.com/	1970-01-20 15:42:36	Name: _gcl_au Value: 1.1.792572458.1690380470
.www.zscaler.com/	1970-01-20 22:18:36	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Jul+26+2023+14%3A07%3A49+GMT%2B0000+(GMT)&version=6.39.0&isIABGlobal=false&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0&hosts=H36%3A1%2CH59%3A1%2CH109%3A1%2CH45%3A1%2CH46%3A1%2CH100%3A1%2CH82%3A0%2CH106%3A0%2CH116%3A0%2CH4%3A0%2CH102%3A0%2CH76%3A0%2CH103%3A0%2CH60%3A0%2CH96%3A0%2CH20%3A0%2CH22%3A0%2CH97%3A0%2CH98%3A0%2CH108%3A0%2CH65%3A0%2CH83%3A0%2CH110%3A0%2CH111%3A0%2CH112%3A0%2CH114%3A0%2CH101%3A0%2CH52%3A0%2CH104%3A0%2CH105%3A0%2CH14%3A0%2CH15%3A0%2CH17%3A0%2CH113%3A0%2CH115%3A0&genVendors=
.zscaler.com/	1970-01-20 23:09:00	Name: _ga_10SPJ4YJL9 Value: GS1.1.1690380469.1.0.1690380469.60.0.0
.zscaler.com/	1970-01-20 23:09:00	Name: _ga Value: GA1.2.1962683633.1690380470
.zscaler.com/	1970-01-20 13:34:26	Name: _gid Value: GA1.2.536737408.1690380470
.zscaler.com/	1970-01-20 13:33:00	Name: _dc_gtm_UA-6177009-1 Value: 1
info.zscaler.com/	1969-12-31 23:59:59	Name: BIGipServerabmweb-nginx-app_https Value: !mnJf1QQGDT7bYRDnmP486D9N70PtAIXPOS1XM2OyQ5f5AL8b+X/jZOL6gs16bWw/w2QZL4GyBqpYQg==
.techtarget.com/	1970-01-20 13:33:02	Name: __cf_bm Value: Vx40S0hlZ0p1WfP6IWa1XRsFIWZ0HlYUH7IjeKj1Dwk-1690380470-0-AVgKu/qyytjwM57v88fxZzgetRFz/zU4Ld4IDcExeSScJHuJb22GyG7qCgjQi65llyrvMeyCthmTHEGKZkv8o2o=
.zscaler.com/	1970-01-20 13:34:26	Name: _uetsid Value: ce30b1c02bbd11eeafc7fdfe54b1604b
.zscaler.com/	1970-01-20 22:54:36	Name: _uetvid Value: ce30b5702bbd11eeb3c5c7cf295ac906
.zscaler.com/	1970-01-20 22:18:36	Name: _biz_uid Value: 4afa9c7d37574074ac729c8322849e8f
.zscaler.com/	1970-01-20 13:33:02	Name: _biz_sid Value: 7e4008
.zscaler.com/	1970-01-20 22:18:36	Name: _biz_nA Value: 1
.zscaler.com/	1970-01-20 22:18:36	Name: _biz_pendingA Value: %5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D4afa9c7d37574074ac729c8322849e8f%26_biz_s%3D7e4008%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis%26_biz_t%3D1690380470357%26_biz_i%3DHibernating%2520Qakbot%253A%2520A%2520Comprehensive%2520Study%2520and%2520In-depth%2520Campa%26_biz_n%3D0%26rnd%3D775194%22%5D
www.zscaler.com/	1970-01-20 22:18:36	Name: __pdst Value: ced138bf16a54fc2bf27902ea7b777b7
www.zscaler.com/	1970-01-20 13:34:26	Name: ln_or Value: eyIzMzk2MiI6IjMzOTYyIn0%3D
.zscaler.com/	1969-12-31 23:59:59	Name: _fcdscst Value: MTY5MDM4MDQ3MDUwNw==
.zscaler.com/	1970-01-20 23:09:00	Name: _mkto_trk Value: id:306-ZEJ-256&token:_mch-zscaler.com-1690380470570-54693
www.zscaler.com/	1970-01-20 13:43:05	Name: _an_uid Value: 0
www.zscaler.com/	1970-01-20 23:09:00	Name: _gd_visitor Value: 0bf2c64b-bef7-4161-8581-a3b892e7f331
www.zscaler.com/	1970-01-20 13:33:14	Name: _gd_session Value: 6b873108-77ef-4e80-8fa4-9a2a4f6879eb
.linkedin.com/	1970-01-20 15:42:36	Name: li_sugr Value: 64ef0e04-b27e-4626-866b-df0a0880c893
.linkedin.com/	1970-01-20 22:18:36	Name: bcookie Value: "v=2&deb33abb-89fe-47b4-82bf-2b37b08a4fff"
.linkedin.com/	1970-01-20 13:34:26	Name: lidc Value: "b=VGST05:s=V:r=V:a=V:p=V:g=2811:u=1:x=1:i=1690380470:t=1690466870:v=2:sig=AQGvqPH_dbr18vfwVMWLkoybmc3p096n"
.doubleclick.net/	1970-01-20 22:54:36	Name: IDE Value: AHWqTUlzZxOPltBTC5F6S6oXehBMdJo50JXYsZk9kbqw6-RbM9HpXYLIiIvk5akE
.zscaler.com/	1970-01-20 22:18:36	Name: oribili_user_guid Value: fc12665d-f37f-6148-641c-9c144c44fda3
.zscaler.com/	1970-01-20 15:42:36	Name: _fbp Value: fb.1.1690380470659.1097337139
.linkedin.com/	1970-01-20 14:16:12	Name: UserMatchHistory Value: AQJO3oAlHXg5CQAAAYmShwmeLYxXJVFq27OJzjtTxn205XY8FIiZ2jBBJGkwcKUxe5v2A_AEBIQCXQ
.linkedin.com/	1970-01-20 14:16:12	Name: AnalyticsSyncHistory Value: AQI5mVXAE_25lwAAAYmShwmeRV94M4wghmYqnKbyxq_g_suWHxKk5DUCO8asAUTc7fkV2XHitc9VQ7rUCaq5mQ
.linkedin.com/	1970-01-20 17:52:12	Name: li_gc Value: MTswOzE2OTAzODA0NzA7MjswMjEns6mCgFYNy5/1mg/cFsojWpU0T3Y+9bbDto0Lyd5usA==
.6sc.co/	1970-01-20 23:09:00	Name: 6suuid Value: 19a0241721820200b628c1645d0300004a5d2400
.www.linkedin.com/	1970-01-20 22:18:36	Name: bscookie Value: "v=1&202307261407509cb8993f-2ae2-4b63-898f-86fb7efc3cadAQEBZ_WVTZK5PCV7DPmq7WBFTcHt-1md"
.zscaler.com/	1970-01-20 23:09:00	Name: _fcdscv Value: eyJDdXN0b21lcklkIjoiNzMxYzMxNmEtYzQ2ZS00YTk0LTgxYTktN2NmYzBlYTBkNTNlIiwiVmlzaXRvciI6eyJFbWFpbCI6bnVsbCwiRXh0ZXJuYWxWaXNpdG9ySWQiOiIwNGZmMmI4My1jOTQyLTQ3ZTYtYjMyOS0yZjRkMjFiZTE0ZDEifSwiVmlzaXRzIjpbXSwiQWN0aXZpdGllcyI6W10sIkRpYWdub3N0aWNNZXNzYWdlIjpudWxsfQ==
.mountain.com/	1970-01-20 23:09:00	Name: guid Value: d0ad5e0f-2bbd-11ee-aa3d-afd192b5a2aa
.px.mountain.com/	1970-01-20 23:09:00	Name: tt Value: "H4sIAAAAAAAAAKtW8guKNzYyNrKMN7IwtlCyMtBBEjG3NAaLICswNLM0MLYwMDE3tTS10FEqU7IyqgUAzKl0LEYAAAA="
.mountain.com/	1970-01-20 23:09:00	Name: rt Value: "MzIzMjk6MTY5MDM4MDQ3NQ=="

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://t.sf14g.com/sf14g.js Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cb=64405854370272376term=value(Line 10) Message: Refused to connect to 'https://52.22.50.55/is' because it violates the following Content Security Policy directive: "connect-src 'self' blob: .zscaler.com www.googletagmanager.com .google-analytics.com cdn.cookielaw.org analytics.google.com .analytics.google.com stats.g.doubleclick.net optanon.blob.core.windows.net geolocation.onetrust.com .wistia.com st.fullcircleinsights.com bam.nr-data.net .litix.io embedwistia-a.akamaihd.net .reactful.com www.facebook.com secure.adnxs.com .6sc.co .6sense.com .crazyegg.com .clarity.ms .mktoresp.com .cloudfunctions.net www.facebook.com cookies-data.onetrust.io api.zippopotam.us bat.bing.com cdn.linkedin.oribi.io cdn.acsbapp.com ibc-flow.techtarget.com google.com adservice.google.com .linkedin.oribi.io .hushly.com https://.zscaler.com https://.zscaler.fr https://.zscaler.de https://.zscaler.jp https://.zscaler.es https://.zscaler.it https://*.zscaler.com.mx 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 fast.wistia.net".
javascript	error	URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fhibernating-qakbot-comprehensive-study-and-depth-campaign-analysis&cb=64405854370272376term=value(Line 10) Message: Refused to connect to 'https://52.22.50.55/is' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .zscaler.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .zscaler.com .google.com .google-analytics.com analytics.google.com .analytics.google.com www.googletagmanager.com cdn.cookielaw.org .cloudfront.net .newrelic.com fast.wistia.com fast.wistia.net www.youtube.com bugcrowd.com .bugcrowdusercontent.com bam.nr-data.net cdn.bizible.com .mountain.com trk.techtarget.com connect.facebook.net js.driftt.com visitor.reactful.com j.6sc.co snap.licdn.com .crazyegg.com .adroll.com bat.bing.com .doubleclick.net .clarity.ms .cloudflare.com .googleadservices.com .marketo.net www.gartner.com .ads-twitter.com .google.co.in d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net cdn.pdst.fm t.sf14g.com cdn.jsdelivr.net unpkg.com assets.adobedtm.com acsbapp.com .linkedin.oribi.io js.adsrvr.org https://.zscaler.com https://.zscaler.fr https://.zscaler.de https://.zscaler.jp https://.zscaler.es https://.zscaler.it https://.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; object-src 'self' .zscaler.com; style-src 'self' 'unsafe-inline' .zscaler.com www.gartner.com .googleapis.com .fontawesome.com .googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com app-abm.marketo.com; img-src 'self' https: data: blob: d2iiunr5ws5ch1.cloudfront.net fast.wistia.net; media-src 'self' blob: .zscaler.com js.driftt.com fast.wistia.com embedwistia-a.akamaihd.net embed-cloudfront.wistia.com .wistia.com; frame-src 'self' www.youtube.com bugcrowd.com www.visualize-roi.com .zscaler.com js.driftt.com www.facebook.com .doubleclick.net .cloudfront.net www.gartner.com zscaler-support.force.com accounts.skilljar.com zscalerext.okta.com insight.adsrvr.org match.adsrvr.org https://.zscaler.com https://.zscaler.fr https://.zscaler.de https://.zscaler.jp https://.zscaler.es https://.zscaler.it https://.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com; child-src 'self' blob: .zscaler.com .doubleclick.net; font-src 'self' data: www.gartner.com .gstatic.com .fontawesome.com fast.wistia.com fast.wistia.net; connect-src 'self' blob: .zscaler.com www.googletagmanager.com .google-analytics.com cdn.cookielaw.org analytics.google.com .analytics.google.com stats.g.doubleclick.net optanon.blob.core.windows.net geolocation.onetrust.com .wistia.com st.fullcircleinsights.com bam.nr-data.net .litix.io embedwistia-a.akamaihd.net .reactful.com www.facebook.com secure.adnxs.com .6sc.co .6sense.com .crazyegg.com .clarity.ms .mktoresp.com .cloudfunctions.net www.facebook.com cookies-data.onetrust.io api.zippopotam.us bat.bing.com cdn.linkedin.oribi.io cdn.acsbapp.com ibc-flow.techtarget.com google.com adservice.google.com .linkedin.oribi.io .hushly.com https://.zscaler.com https://.zscaler.fr https://.zscaler.de https://.zscaler.jp https://.zscaler.es https://.zscaler.it https://.zscaler.com.mx 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 fast.wistia.net
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM testmydefenses.com
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

306-zej-256.mktoresp.com
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
cdn.bizible.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
cdn.pdst.fm
connect.facebook.net
d.adroll.com
d2i34c80a0ftze.cloudfront.net
dx.mountain.com
epsilon.6sense.com
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
gw.linkedin.oribi.io
ibc-flow.techtarget.com
info.zscaler.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
js.adsrvr.org
munchkin.marketo.net
px.ads.linkedin.com
px.mountain.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
secure.adnxs.com
snap.licdn.com
st.fullcircleinsights.com
stats.g.doubleclick.net
t.sf14g.com
trk.techtarget.com
us-central1-adaptive-growth.cloudfunctions.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.zscaler.com
insight.adsrvr.org
104.17.73.206
13.107.42.14
13.225.33.74
143.204.215.41
151.101.194.137
152.195.15.58
162.247.241.14
192.28.144.124
2001:4860:4802:34::36
2001:4860:4802:36::36
23.210.118.178
23.36.162.89
2600:9000:20eb:ae00:2:53b2:240:93a1
2600:9000:223f:ce00:9:14eb:6280:93a1
2600:9000:225e:1200:6:9280:1080:93a1
2606:4700::6812:1c4a
2606:4700::6812:1d26
2606:4700::6812:aa72
2606:4700::6812:d9f
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:801::2004
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:830::200e
2a00:1450:400c:c00::9c
2a02:26f0:3100::1735:28a9
2a02:26f0:7100::210:172
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a05:d018:cc3:fe04:218c:a1f:2d3:6c89
3.127.67.224
34.111.208.231
34.212.4.35
35.170.39.103
35.244.142.80
37.252.173.215
44.209.137.118
52.42.124.195
54.187.49.68
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
0542aebf576727cccfa1f6782cc69712412aa823133c4acf9e992a315e43c559
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0dbffa7e8707628f7105d2d66eb6514f15f51ce21a169b02ddc62b67f4882066
0f6c70978f192c9dbb5a5e9e1389814afc95e65274c24b03de4a95ddb2d0e44b
11b4a5f186edf838f6e951559bef8aa85c686a83e0a226c5a82622da95e54307
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
213924f2d4c07c46604b981a03ea8d96f6dddf790d2702d132dc1de912e4d66b
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2dc0e215dc2374fc5cdacf24707fabeabc2e4193e12ec9c0203ac9a52a5daf3e
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
308100ff6c64af6ac2edf80a069273cee122cb63d7a5025dcb501f5dbddbbd05
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
35fd6bc610a44338bf052da9ac46918d3dd7575a12c7ec732e7922ca2105502a
38068c6216d8cd0ebd227e767dea7b85b17c68ee40a2b32c20cb879ea225d274
3851fd9b11d89fb18c868a53e97a1a23e0c6fd279f2e7f54735d89069e31750f
39b198ca66d1bdf5af2d753188788c1d738d977bd700135519f0168a46bf080e
3e89824dcd4a1d958c6972134bfc50e0c8e4a76d6b47569d14fd7cba455c1f7f
3f75ff2a61e8e6f67f33cb6b13b2c195ef84a10c72a52a6da80c1e81f5f96e28
452c86d701fc77989aaf09af7d667885bcaaeaa8943ce356eb77d83d63afcee6
4cba84adcb7bd62657459e19218ca7466e83428bd33a22c10d81106dbd02381f
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
52272481e0caa74b259f2d54324a5b00e547cc8d35fea3174cc3702f9cc8d516
52fdcd69acde3b5c0518f066621423b921c54dbba4cf425d31da7e69b8c6b1ab
5524df7fe4aa63c2fc3fc78df4ad8d85be1220d412932045aecedd7c6867f295
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
59102980b95f2774d16533aea05d5faac37bd1ad99289d8b716eae01bb8179a2
610a2ee63689acb7361d2e96b0d34aa8038b76b57fcc94ccade600176683e8ba
62ed4d49c5a79b0aff17f47c74efc7958d70987d9350e746c0342755587dd3df
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
68eb827a2fa6f035eab41392f863522ae5dc0d4c0c31d5245362a7f1a5aed46a
69fe3a3cb8e52c9522e1317a41bfda30f19e6c199fb84c66f083cd9e35e46442
6bd5068ee3f41ad2ed4f003c13c4e939021c77f7a69ac82d25211c72868b520e
6cd44333f153f5de6a5021ee08ad030908d42f3e86a37a12d82d7ae0858ad01d
6dc5a41a72f6c1b4148d0629284183a4db42a28fef188ff4d55d5872d0ea3561
6e05dcba80ae0609933e0c93c0d7ce06083dda03785deaa6e40a109a134acdb2
6ef6b310be6928f07cf3db3db8ba9b899027b03fa1a65fed0c304b8a4270f74a
736666a53a4a4805e200de224be9255704ff848fd84d60333b087d50d02490ef
77db0d676dada17aa496432c1b9810566b6654ed0b34a23584b3bb6ca204cd07
7f3edad980de45514baad0ef54712e2f920a5a4c7d773be74ccca427b9d8da28
7ffb89d34a5a429853d5282d49f7bb8a776721497952b16a881ab845dd9c2685
80d6536489126ec494e311b14d0b7f8630fe9f23a77e2635c8f0264492cbc3c7
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a34ea2b456ad49f191e7e11196c5101b126f4aa1eba5370943e695e9a1e1d55
8ba9704577e4ea3ea80f98e4984a6417420ddd2e410e970d004c53d27f4b5b19
94367621b56cafee970e8b6c64fd3042ab705a400ee913a80f5fbe823bb5cda0
9581d252706f6236028acf67e89cd0c2f8ec64ff46a416bf384b2fd3876080d4
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
aa2775a7802829dba5fd3ec121f4305e99d64a0d9ec3b2e35923fd1ae129b8b1
ab7ecf74de4195912e256c80f6f790be58a4b1af34f0fd20c56be02fbc85dbcf
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
b374f42cf8f1836e0d9f249581b0f81f51c3f51a38b166e873fa0050b89899dc
b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d
be07e774183e5ae1b23611dc0844d4e8cc1d08e319e649cdaa14f89c48c9fbe9
c2b66668bbb8fae36b12842672cbeeedc9e7c16562d3c592a6613b6f44aed1b1
c311211146b7d1e26f7807e2131bd1c0787e54cc6dd90b9dd111fd2b4a1c7d77
c3cafb353ffa959edb33bbc7b79625416ef1e7393f7784c6debef4c2f35a65e3
c7cfd5dc386d092ab9afb5af683856ed88121e55e6bf1024333c3151ccc46e36
c902ff18c7858648be03999d4022c40d66ad694ae218ea4b1558e74703b854a5
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342
d25984848cb59b62095fd6cb563ef08f012a501258c06fd7e64d263a785e1c88
d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f
d9bafbaa07911d0596a806a1177da26c107f735052d28603bc5eb8fa0dc63b55
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
db5338a03b74d36398a3f49bf468a187aba9346ccf69705d9e070b069de97b3b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd888ef4dda066839f9cb6d29aaf789463cccb55f245fd45d10983a618c77f72
dd8a322e792c9213ea14e836f39124ff8223fbdb1e41d3e69beeca67b83d88c9
dd9535c4b369928aa5fe4ddebbe42a9f96bb590ba9a70176297599192b9cbab4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec2e22fd918a8ffef0f54f466fb7edd2c586f39dad794cd25a0a97ce36c404d2
ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef401955627aaaedffd337dc3a7c4f9ad56f5dcd31f13833772760cda1aaa437
f1249e3503b8a12598e09882e9ded38155ac212298143dec459ce6820c6d3f37
f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424
f4019dc0c85c3a21c0c97662c7c896476dd01ce39bd1aa7f4c6c91f62d6095ea
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f641642f73b0d4a76b30723c0dec94325eafbc39620de7e3fc6283e1550829e5
f7b569b5283c7ccfa40001e12657a619993e830eccd75ffc6cf28aca78fd0db7
fa44ba5620fc182eb36d66b9dea560edeb23af9c3104647e39e2a4d3fabcf8cd
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
fb71a91ef4937bdac04520d7e7b1852bb28635ae850934d440360ccc8142c1a4
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.zscaler.com Open in urlscan Pro 2606:4700::6812:1c4a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

132 Requests

96 %HTTPS

54 %IPv6

31 Domains

45 Subdomains

42 IPs

5 Countries

1968 kBTransfer

5725 kBSize

37 Cookies

51 Outgoing links

Redirected requests

132 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zscaler.com Open in urlscan Pro
2606:4700::6812:1c4a Public Scan

Screenshot
Live screenshot

Full Image

132
Requests

96 %
HTTPS

54 %
IPv6

31
Domains

45
Subdomains

42
IPs

5
Countries

1968 kB
Transfer

5725 kB
Size

37
Cookies

132 HTTP transactions
1 data transactions