www.zscaler.com Open in urlscan Pro
2606:4700::6813:d53e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Submission: On June 29 via api (June 29th 2020, 7:03:49 pm UTC) from DE

Summary HTTP 113 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 42 IPs in 7 countries across 41 domains to perform 113 HTTP transactions. The main IP is 2606:4700::6813:d53e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 1st 2020. Valid for: a year.

This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
43	2606:4700::68... 2606:4700::6813:d53e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
4	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
8	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	3.85.187.26 3.85.187.26	14618 (AMAZON-AES) (AMAZON-AES)
2	88.221.60.75 88.221.60.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1	172.217.22.2 172.217.22.2	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:825::200e	15169 (GOOGLE) (GOOGLE)
1 6	184.51.8.183 184.51.8.183	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:10c... 2a02:26f0:10c:39e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
3	68.232.35.12 68.232.35.12	15133 (EDGECAST) (EDGECAST)
3	23.10.73.123 23.10.73.123	16625 (AKAMAI-AS) (AKAMAI-AS)
1	163.171.132.119 163.171.132.119	54994 (QUANTILNE...) (QUANTILNETWORKS)
1	2606:4700:10:... 2606:4700:10::6814:b844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	185.33.221.52 185.33.221.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:821::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE)
1	52.57.146.39 52.57.146.39	16509 (AMAZON-02) (AMAZON-02)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1 2	34.230.159.139 34.230.159.139	14618 (AMAZON-AES) (AMAZON-AES)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
15 18	52.16.213.78 52.16.213.78	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2 2	35.156.98.228 35.156.98.228	16509 (AMAZON-02) (AMAZON-02)
1	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 2	184.51.9.98 184.51.9.98	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	70.42.32.31 70.42.32.31	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
1	151.101.113.44 151.101.113.44	54113 (FASTLY) (FASTLY)
1 2	52.28.90.202 52.28.90.202	16509 (AMAZON-02) (AMAZON-02)
1 2	18.185.81.183 18.185.81.183	16509 (AMAZON-02) (AMAZON-02)
1 2	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.241.8.149 35.241.8.149	15169 (GOOGLE) (GOOGLE)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
2 2	172.217.22.66 172.217.22.66	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	151.101.14.110 151.101.14.110	54113 (FASTLY) (FASTLY)
2	162.247.242.19 162.247.242.19	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
113	42

43 2606:4700::6813:d53e (United States)

ASN13335 (CLOUDFLARENET, US)

www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.85.187.26 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-85-187-26.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.221.60.75 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-75.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s14-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:825::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 184.51.8.183 (United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-51-8-183.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:39e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.232.35.12 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.10.73.123 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-10-73-123.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.132.119 (Germany)

ASN54994 (QUANTILNETWORKS, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.52 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:821::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.57.146.39 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-146-39.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

306-zej-256.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.230.159.139 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-159-139.compute-1.amazonaws.com

tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 52.16.213.78 (Dublin, Ireland) 15 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-213-78.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.98.228 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-98-228.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.0.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.51.9.98 (United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-51-9-98.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.31 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::4000 (United Kingdom) 1 redirects

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.90.202 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-90-202.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.81.183 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-81-183.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.37 (Ascension Island) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.8.149 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 149.8.241.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.22.66 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s17-in-f66.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.242.19 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-7.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	zscaler.com www.zscaler.com	2 MB
23	adroll.com 15 redirects s.adroll.com d.adroll.com	28 KB
8	gstatic.com fonts.gstatic.com	109 KB
5	doubleclick.net 3 redirects stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	4 KB
4	cookielaw.org cdn.cookielaw.org	23 KB
3	google.de www.google.de	320 B
3	google.com 1 redirects www.google.com	420 B
3	adnxs.com 1 redirects secure.adnxs.com ib.adnxs.com	3 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	1 KB
3	6sc.co j.6sc.co c.6sc.co b.6sc.co	8 KB
3	bizible.com cdn.bizible.com	34 KB
3	google-analytics.com www.google-analytics.com	45 KB
2	nr-data.net bam.nr-data.net	457 B
2	openx.net 1 redirects us-u.openx.net	479 B
2	bidswitch.net 1 redirects x.bidswitch.net	1009 B
2	3lift.com 1 redirects eb2.3lift.com	738 B
2	outbrain.com 1 redirects sync.outbrain.com	832 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	yahoo.com 1 redirects ups.analytics.yahoo.com ads.yahoo.com	2 KB
2	advertising.com 2 redirects pixel.advertising.com	815 B
2	facebook.net connect.facebook.net	165 KB
2	leadlander.com 1 redirects tracking.leadlander.com	520 B
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	marketo.net munchkin.marketo.net	6 KB
1	newrelic.com js-agent.newrelic.com	10 KB
1	facebook.com www.facebook.com	259 B
1	rlcdn.com idsync.rlcdn.com	66 B
1	taboola.com trc.taboola.com	281 B
1	pubmatic.com simage2.pubmatic.com	887 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	137 B
1	mktoresp.com 306-zej-256.mktoresp.com	304 B
1	6sense.com epsilon.6sense.com	602 B
1	ytimg.com s.ytimg.com	30 KB
1	onetrust.com geolocation.onetrust.com	246 B
1	youtube.com www.youtube.com	920 B
1	licdn.com snap.licdn.com	2 KB
1	googleadservices.com www.googleadservices.com	11 KB
1	sf14g.com t.sf14g.com	37 KB
1	googletagmanager.com www.googletagmanager.com	52 KB
1	googleapis.com fonts.googleapis.com	1 KB
113	41

	Domain	Requested by
43	www.zscaler.com	www.zscaler.com
17	d.adroll.com	14 redirects www.zscaler.com
8	fonts.gstatic.com	www.zscaler.com
6	s.adroll.com	1 redirects www.googletagmanager.com www.zscaler.com s.adroll.com
4	cdn.cookielaw.org	www.zscaler.com cdn.cookielaw.org
3	www.google.de	www.zscaler.com
3	www.google.com	1 redirects www.zscaler.com
3	cdn.bizible.com	www.googletagmanager.com www.zscaler.com cdn.bizible.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.zscaler.com
2	bam.nr-data.net	js-agent.newrelic.com cdn.bizible.com
2	cm.g.doubleclick.net	2 redirects
2	us-u.openx.net	1 redirects www.zscaler.com
2	ib.adnxs.com	1 redirects www.zscaler.com
2	x.bidswitch.net	1 redirects www.zscaler.com
2	eb2.3lift.com	1 redirects www.zscaler.com
2	sync.outbrain.com	1 redirects www.zscaler.com
2	dsum-sec.casalemedia.com	1 redirects www.zscaler.com
2	pixel.advertising.com	2 redirects
2	connect.facebook.net	s.adroll.com connect.facebook.net
2	tracking.leadlander.com	1 redirects www.zscaler.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	px.ads.linkedin.com	1 redirects www.zscaler.com
2	munchkin.marketo.net	www.zscaler.com munchkin.marketo.net
1	js-agent.newrelic.com	www.zscaler.com
1	www.facebook.com	www.zscaler.com
1	idsync.rlcdn.com	www.zscaler.com
1	trc.taboola.com	www.zscaler.com
1	ads.yahoo.com	1 redirects
1	simage2.pubmatic.com	www.zscaler.com
1	pixel.rubiconproject.com	www.zscaler.com
1	ups.analytics.yahoo.com	www.zscaler.com
1	d.adroll.mgr.consensu.org	1 redirects
1	apt.techtarget.com	www.zscaler.com
1	306-zej-256.mktoresp.com	munchkin.marketo.net
1	epsilon.6sense.com	j.6sc.co
1	b.6sc.co	www.zscaler.com
1	stats.g.doubleclick.net	1 redirects
1	secure.adnxs.com	j.6sc.co
1	c.6sc.co	j.6sc.co
1	s.ytimg.com	www.youtube.com
1	www.linkedin.com	1 redirects
1	geolocation.onetrust.com	www.zscaler.com
1	trk.techtarget.com	www.zscaler.com
1	j.6sc.co	www.zscaler.com
1	www.youtube.com	www.zscaler.com
1	snap.licdn.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	t.sf14g.com	www.zscaler.com
1	www.googletagmanager.com	www.zscaler.com
1	fonts.googleapis.com	www.zscaler.com
113	50

This site contains links to these domains. Also see Links.

Domain
cookiepedia.co.uk
onetrust.com
admin.zscaler.net
admin.zscalerone.net
admin.zscalertwo.net
admin.zscalerthree.net
admin.zscalerbeta.net
admin.zscloud.net
admin.private.zscaler.com
help.zscaler.com
securitypreview.zscaler.com
community.zscaler.com
ir.zscaler.com
apex.zscaler.com
twitter.com
www.virustotal.com
threatlibrary.zscaler.com
www.facebook.com
www.linkedin.com
www.zscaler.fr
www.zscaler.de
www.zscaler.jp
www.youtube.com

Subject Issuer	Validity	Valid
zscaler.com DigiCert SHA2 Extended Validation Server CA	`2020-02-01` - `2021-06-30`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
sni9451gl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-05-07` - `2021-05-12`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2019-07-09` - `2020-09-07`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.google.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
io.bizible.com DigiCert SHA2 Secure Server CA	`2020-05-20` - `2022-02-18`	2 years	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2020-01-07` - `2021-04-07`	a year	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-17` - `2022-05-17`	2 years	crt.sh
*.onetrust.com DigiCert SHA2 Secure Server CA	`2020-05-21` - `2022-07-27`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-03-04` - `2020-09-04`	6 months	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
www.google.de GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.6sense.com Amazon	`2019-08-16` - `2020-09-16`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2020-04-28` - `2022-04-28`	2 years	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-05-14` - `2020-08-05`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-05-27` - `2020-11-23`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.taboola.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2020-09-10`	3 months	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-05-29` - `2021-05-07`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Frame ID: A8C17903A733CA076B02DB7CE55AD663
Requests: 113 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

113
Requests

100 %
HTTPS

40 %
IPv6

41
Domains

50
Subdomains

42
IPs

7
Countries

2251 kB
Transfer

4885 kB
Size

1
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More Information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://admin.zscaler.net/
Title: admin.zscaler.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerone.net/
Title: admin.zscalerone.net

Search URL Search Domain Scan URL

URL: https://admin.zscalertwo.net/
Title: admin.zscalertwo.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerthree.net/
Title: admin.zscalerthree.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerbeta.net/
Title: admin.zscalerbeta.net

Search URL Search Domain Scan URL

URL: https://admin.zscloud.net/
Title: admin.zscloud.net

Search URL Search Domain Scan URL

URL: https://admin.private.zscaler.com/
Title: Zscaler Private Access

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/zia?_ga=2.166933438.1473019286.1507094874-1668161512.1505066962
Title: Support

Search URL Search Domain Scan URL

URL: http://securitypreview.zscaler.com/
Title: Cyber Risk Assessment

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/c/cfa
Title: Engage with the Community

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/
Title: Zenith Community

Search URL Search Domain Scan URL

URL: https://ir.zscaler.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://apex.zscaler.com/
Title: Partner Inquiry

Search URL Search Domain Scan URL

URL: https://twitter.com/3xp0rtblog/status/1254079067810336768
Title: @3xp0rt

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/4a30ef818603b0a0f2b8153d9ba6e9494447373e86599bcc7c461135732e64b2/detection
Title: Taurus login panel

Search URL Search Domain Scan URL

URL: https://twitter.com/MalwareInt/status/1257838534993621002/photo/3
Title: ashboard

Search URL Search Domain Scan URL

URL: https://twitter.com/3xp0rtblog/status/1254079343581675525/photo/2
Title: dashboard

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/threats/3e4e094a-66e1-407a-8b42-7a683a54bfb1/
Title: https://threatlibrary.zscaler.com/threats/3e4e094a-66e1-407a-8b42-7a683a54bfb1/

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/threats/b26933a4-31f8-4618-a6cf-775f8a383116/
Title: https://threatlibrary.zscaler.com/threats/b26933a4-31f8-4618-a6cf-775f8a383116/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.zscaler.com/blogs/research/taurus-new-stealer-town&title=Taurus:%20The%20New%20Stealer%20in%20Town
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://bit.ly/2BBZxRf%20%E2%80%94%20Taurus:%20The%20New%20Stealer%20in%20Town
Title:

Search URL Search Domain Scan URL

URL: https://www.zscaler.fr/
Title: Français

Search URL Search Domain Scan URL

URL: https://www.zscaler.de/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.zscaler.jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://twitter.com/zscaler
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Zscaler
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zscaler
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ZscalerMarketing
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 64

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&time=1593457398303 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Ftaurus-new-stealer-town%26time%3D1593457398303%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&time=1593457398303&liSync=true

Request Chain 70

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-6177009-1&cid=719961776.1593457398&jid=1519223366&gjid=833491713&_gid=430557439.1593457398&_u=aGDAgEADQ~&z=1960561471 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=719961776.1593457398&jid=1519223366&_v=j83&z=1960561471 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=719961776.1593457398&jid=1519223366&_v=j83&z=1960561471&slf_rd=1&random=1185519625

Request Chain 81

https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&referer=&fp=51f928c7bf3815ea04df2172cdbf6261 HTTP 302
https://tracking.leadlander.com/tracking.png

Request Chain 85

https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 87

https://d.adroll.mgr.consensu.org/consent/iabcheck/ULSJHTPGTZGY3EPPZSKHKS?_s=5c3576dbe123cd6412c63d6ef077f780&_b=2 HTTP 302
https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=5c3576dbe123cd6412c63d6ef077f780&_b=2

Request Chain 88

https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&pv=42565301609.80858&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js

Request Chain 91

https://d.adroll.com/cm/aol/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP36ccced6-ba3b-11ea-a3a2-02b472f64ec0

Request Chain 92

https://d.adroll.com/cm/index/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expiration=1624993407 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expiration=1624993407&C=1

Request Chain 93

https://d.adroll.com/cm/n/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expires=365

Request Chain 94

https://d.adroll.com/cm/outbrain/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&rdrctExp=true

Request Chain 95

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 96

https://d.adroll.com/cm/r/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 97

https://d.adroll.com/cm/taboola/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY

Request Chain 98

https://d.adroll.com/cm/triplelift/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

Request Chain 99

https://d.adroll.com/cm/b/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY

Request Chain 100

https://d.adroll.com/cm/x/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DOGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY

Request Chain 101

https://d.adroll.com/cm/l/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=8f349328e4e3b1669850cb49f19861b6

Request Chain 102

https://d.adroll.com/cm/o/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=8f349328e4e3b1669850cb49f19861b6 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=8f349328e4e3b1669850cb49f19861b6

Request Chain 103

https://d.adroll.com/cm/g/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS&google_nid=adroll4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=jzSTKOTjsWaYUMtJ8Zhhtg HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=jzSTKOTjsWaYUMtJ8Zhhtg&google_tc= HTTP 302
https://d.adroll.com/cm/g/in

113 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request taurus-new-stealer-town Show response
www.zscaler.com/blogs/research/ 114 KB
22 KB 968ms
945ms Document
text/html 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

146fae12313e0da366dfa7c7a7ec99b8d9e8ff141c973ea891c15a0367ec1127

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.zscaler.com
:scheme: https
:path: /blogs/research/taurus-new-stealer-town
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 29 Jun 2020 19:03:17 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d2044f141a42883ccbeb15f77c4a5dc141593457396; expires=Wed, 29-Jul-20 19:03:16 GMT; path=/; domain=.www.zscaler.com; HttpOnly; SameSite=Lax
cache-control: max-age=31536000, public
x-drupal-dynamic-cache: MISS
link: <https://www.zscaler.com/blogs/research/taurus-new-stealer-town>; rel="canonical"; class="sl_norewrite"
x-ua-compatible: IE=edge
content-language: en
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Mon, 29 Jun 2020 17:29:08 GMT
vary: X-UA-Device,Accept-Encoding
x-request-id: v-0a01b5d8-ba2e-11ea-97ce-5be53b332128
x-ah-environment: prod
age: 5648
via: varnish
x-cache: HIT
x-cache-hits: 72
cf-cache-status: DYNAMIC
cf-request-id: 03a30f648000000614418cc200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
server: cloudflare
cf-ray: 5ab1e81a6e1b0614-FRA
content-encoding: br

GET
H2 200 css_zT08A3VvkeejjebO3s3YaML9OZljXL8Ai6IkCdYzSeg.css
www.zscaler.com/sites/default/files/css/ 9 KB
3 KB 15ms
14ms Stylesheet
text/css 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/css/css_zT08A3VvkeejjebO3s3YaML9OZljXL8Ai6IkCdYzSeg.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd3d3c03756f91e7a38de6cedecdd868c2fd3999635cbf008ba22409d63349e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 306210
x-cache: HIT
status: 200
x-cache-hits: 24
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 03a30f6839000006144192a200000001
x-request-id: v-e3abbb66-b6fb-11ea-929e-931523727522
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/css
cache-control: public, max-age=1814400
cf-ray: 5ab1e82059700614-FRA
expires: Mon, 20 Jul 2020 19:03:17 GMT

GET
H2 200 css_segeXiDpk88TX0W9BehQAvgeBk6FruodM2mvkp8Knlk.css
www.zscaler.com/sites/default/files/css/ 1 MB
123 KB 18ms
17ms Stylesheet
text/css 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/css/css_segeXiDpk88TX0W9BehQAvgeBk6FruodM2mvkp8Knlk.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1e81e5e20e993cf135f45bd05e85002f81e064e85aeea1d3369af929f0a9e59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58311
x-cache: HIT
status: 200
x-cache-hits: 11
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 03a30f683a000006144192b200000001
x-request-id: v-a0c29e64-b9b2-11ea-b7f0-53faf5232fe3
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/css
cache-control: public, max-age=1814400
cf-ray: 5ab1e82059720614-FRA
expires: Mon, 20 Jul 2020 19:03:17 GMT

GET
H2 200 css
fonts.googleapis.com/ 19 KB
1 KB 14ms
14ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

07e488fc7ca98a10872edeac01b7baffc4ee033ba9dda67d1de361df52af331b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Jun 2020 18:23:12 GMT
server: ESF
date: Mon, 29 Jun 2020 19:03:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Jun 2020 19:03:17 GMT

GET
H2 200 zscaler-hdr-logo.svg
www.zscaler.com/themes/custom/zscaler/images/shared/ 4 KB
2 KB 13ms
12ms Image
image/svg+xml 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/shared/zscaler-hdr-logo.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9889de61b49684c87111bcc4c726a73c3e6d799ca8eefa7f3dc109d533e92470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 333615
x-cache: HIT
status: 200
x-cache-hits: 30
x-ah-environment: prod
content-encoding: br
vary: Host, Accept-Encoding
cf-request-id: 03a30f683f000006144192c200000001
x-request-id: v-63d3dd04-331d-11ea-8684-1b8793240112
last-modified: Thu, 21 Nov 2019 05:31:29 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/svg+xml
expires: Mon, 20 Jul 2020 19:03:17 GMT
cache-control: public, max-age=1814400
cf-ray: 5ab1e820698b0614-FRA
cf-bgj: h2pri

GET
H2 200 zscaler-header-logo-white.png
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/ 2 KB
2 KB 62ms
61ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/zscaler-header-logo-white.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1e09aad7716ffaa184b9b945a599df7ced0d8a6f542160da654595050285eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 2070
cf-request-id: 03a30f6841000006144192d200000001
last-modified: Fri, 20 Sep 2019 09:57:46 GMT
server: cloudflare
etag: "cfGZ_grzr0eyE0NvbGAfMI8A"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.015 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82069910614-FRA
expires: Wed, 15 Jul 2020 19:16:44 GMT

GET
H2 200 avinash_kumar.jpeg
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/pictures/ 24 KB
24 KB 72ms
71ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/pictures/avinash_kumar.jpeg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fb8d1294f5ea610d42c69655504b0701879e21a3fe9d1545ecef6898bde2062

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 24694
cf-request-id: 03a30f6841000006144192e200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfzvUz4NUwQkXd5VePS8PM_w"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.090 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82069950614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 default-male-avatar.png
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/blog/ 762 B
947 B 63ms
62ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/blog/default-male-avatar.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ebe5f3828c912e78aa7a84ded542df0601f54e389f0a06d710720fcdbd86010

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 762
cf-request-id: 03a30f6841000006144192f200000001
last-modified: Fri, 20 Sep 2019 09:57:55 GMT
server: cloudflare
etag: "cf0ol14c_S-lxG_o9kU4-uWg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.029 v=2020.5.1
accept-ranges: bytes
cf-ray: 5ab1e82069960614-FRA
expires: Sat, 18 Jul 2020 13:22:37 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 185 KB
52 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e54b9f57a851dc06f2262ca622bdecf4eed7396783e8e474a2290147d975f60b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52760
x-xss-protection: 0
last-modified: Mon, 29 Jun 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Jun 2020 19:03:17 GMT

GET
H2 200 infection%20(1)_0.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 5 KB
5 KB 56ms
49ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/infection%20(1)_0.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f98c199ee5429659f65ef761ca159ce14a8058c8ce7e16d64522fbe43bad4333

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 5114
cf-request-id: 03a30f68470000061441933200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cf0mMOilK9RnlWsPmB1BJSTQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.038 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079bb0614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 doc%20file.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 73 KB
74 KB 44ms
36ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/doc%20file.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b3fe823a87a7decff361fd48c9f9a526b5f01c24510c9174714d5efaf710f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 74940
cf-request-id: 03a30f68480000061441934200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfUfi0k5uvlh8vKY4Vjy3KWg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.567 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079cb0614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 Obfuscated%20macro%20code.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 105 KB
105 KB 76ms
68ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/Obfuscated%20macro%20code.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52aa5dbb3f95bf8f18a161bff6881281d39f4af7b81557feac25d613142f46ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 107388
cf-request-id: 03a30f68490000061441935200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfK5K4Isu5sL_FSEdxuMRZmA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.582 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079d10614-FRA
expires: Mon, 20 Jul 2020 07:25:09 GMT

GET
H2 200 decryptd%20powershell.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 4 KB
5 KB 55ms
47ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/decryptd%20powershell.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c49d44b0fd8a2b341a963eb387b0abee4c8cdceefe955d7c78e5741e5c638f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 4496
cf-request-id: 03a30f68490000061441936200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfPHux71to3fXDqwicZvXXgQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.030 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079d30614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 taurus%20project%20message.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 212 KB
213 KB 56ms
48ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/taurus%20project%20message.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d54010c710f135b92fe1baf926a59d8e06e7548fa4d7d504a17c66ff7207fa6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 217226
cf-request-id: 03a30f68490000061441937200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfOoTIRa2EyjUNZPEWzmCjYA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.827 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079d50614-FRA
expires: Mon, 20 Jul 2020 07:25:09 GMT

GET
H2 200 panel.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 7 KB
7 KB 59ms
51ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/panel.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

114adc80b1d734d6b894f9cdfeaabf16667adec1e4b2045cedce04d3bd2ae362

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 7166
cf-request-id: 03a30f68490000061441938200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfjdUS2uQ8c-9F78Wog-PlWA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.055 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079d70614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 dashboard%20of%20Taurus.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 91 KB
91 KB 49ms
42ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/dashboard%20of%20Taurus.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

341e3fccc790c3883ca51c8dced99d5858e8dd4036c4eeb5ff4286eb323d7c2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 92816
cf-request-id: 03a30f68490000061441939200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfi9vJGyt9a-5Rvms2_BIOcw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.536 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079d90614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 dashboard%20to%20set%20config.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 80 KB
80 KB 49ms
42ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/dashboard%20to%20set%20config.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e73c84f5a195f04185329cd68e96f1ec8ac7c54a1746ad22979b8d2fb79b516

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 81506
cf-request-id: 03a30f6849000006144193a200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cf1Jld7XygGXQjBWu-miO5Rw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.502 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079dc0614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 Anti-sandbox%20patch%20with%20GetTickCount%20Api.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 5 KB
5 KB 45ms
38ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/Anti-sandbox%20patch%20with%20GetTickCount%20Api.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f51bcb0e76821a10e9879e73f7a38cdd5e33f85b269eaefb5aca48b9ad58d251

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 4834
cf-request-id: 03a30f6849000006144193b200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cflwlZsUdI_G1uNL3kPFY6nA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.039 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079e10614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 Multiple%20check%20for%20files%2C%20computer%20name%20%26%20internet%20connectivity.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 4 KB
4 KB 72ms
66ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/Multiple%20check%20for%20files%2C%20computer%20name%20%26%20internet%20connectivity.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

741134e172c642986b52b8450e9708794a32d405b5347c63d45e32f2ba41ae36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 3924
cf-request-id: 03a30f6849000006144193c200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cffVTH-wjMTUdMRWFVeGJE_A"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.030 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079e40614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 Autoit%20dllhost.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 3 KB
3 KB 47ms
41ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/Autoit%20dllhost.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bda7161895bb3e5ca5b7105762af758ea80d9d46da9c8f681d12defabc52f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 2784
cf-request-id: 03a30f6849000006144193d200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfE0bqXTVBJsV1pOxnn47z-Q"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.029 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079e60614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 Shellcode%20checking%20for%20executable%20to%20inject%20in%20dllhost.exe_.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 7 KB
7 KB 47ms
41ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/Shellcode%20checking%20for%20executable%20to%20inject%20in%20dllhost.exe_.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

624f7281842583cd5d40b69aac4d18c071a99a436ab1670ce61ab6c8a98ec850

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 7068
cf-request-id: 03a30f684b000006144193e200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cf8mIVumoYosKw8KNRMDGXRQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.106 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079ec0614-FRA
expires: Mon, 20 Jul 2020 07:25:09 GMT

GET
H2 200 Storing%20config%20into%20memory.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 82 KB
82 KB 63ms
57ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/Storing%20config%20into%20memory.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02367376ce78bdd48eeca91be377f3026b25bd4331272b756138d51f1e9ffecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 83482
cf-request-id: 03a30f684b000006144193f200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfEAXS31bFzhcgsLMwXOu5cw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.197 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079f10614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 System%20information.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 49 KB
49 KB 45ms
39ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/System%20information.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

162236f2de4433fe221779d91323b30abb7a447278f7954dcd28c279167c2a2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 49758
cf-request-id: 03a30f684b0000061441940200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfZ1rB_Sw_bXjIAUEP0vIVVg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.256 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079f30614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 zip%20file%20contains%20all%20stealed%20data.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 1 KB
1 KB 58ms
52ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/zip%20file%20contains%20all%20stealed%20data.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f343086e598577a8f9aba8a2b86ea9a4322edc6b39ac2fdb058de6b3fa6b8990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 1342
cf-request-id: 03a30f684b0000061441941200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfpnF4wS-dhmxwz3auP0EqNQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.027 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079f70614-FRA
expires: Mon, 20 Jul 2020 07:25:09 GMT

GET
H2 200 URI%20building2.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 1 KB
1 KB 52ms
46ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/URI%20building2.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76139437c69a084824015c2216b28492669658bb6e16dd530bfe987c4040896c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 1182
cf-request-id: 03a30f684b0000061441942200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfb0geIUIieQ7pzufJUFdjzw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.028 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079f80614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 sandbox%20activity.PNG
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/ 142 KB
142 KB 60ms
54ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/Taurus%20Project/sandbox%20activity.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c1d454d26ee1ed9a6939e0888c98fbaf5fa68c604cdc8eb90bcb2a1714d14f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 145502
cf-request-id: 03a30f684b0000061441943200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfQpftwp0GMDQab4bDs7tpGA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.430 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e82079f90614-FRA
expires: Sun, 19 Jul 2020 09:54:49 GMT

GET
H2 200 email-decode.min.js Show response
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
849 B 10ms
5ms Script
application/javascript 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Fri, 26 Jun 2020 09:13:11 GMT
server: cloudflare
etag: W/"5ef5bc27-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=31536000; preload
cf-ray: 5ab1e82079b40614-FRA
cf-request-id: 03a30f68460000061441931200000001
expires: Wed, 01 Jul 2020 19:03:17 GMT

GET
H2 200 mail-icon.svg
www.zscaler.com/themes/custom/zscaler/images/blog/ 1021 B
668 B 30ms
25ms Image
image/svg+xml 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/blog/mail-icon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac87ad7a2bef0649ec3f84eebacf1e02bd48647caa281c1da27cc26263abc75b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289921
x-cache: HIT
status: 200
x-cache-hits: 17
x-ah-environment: prod
content-encoding: br
vary: Host, Accept-Encoding
cf-request-id: 03a30f684b0000061441944200000001
x-request-id: v-aab75736-331e-11ea-a987-5fc997568479
last-modified: Fri, 20 Sep 2019 09:57:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/svg+xml
expires: Mon, 20 Jul 2020 19:03:17 GMT
cache-control: public, max-age=1814400
cf-ray: 5ab1e82079fb0614-FRA
cf-bgj: h2pri

GET
H2 200 facebook-icon.svg
www.zscaler.com/themes/custom/zscaler/images/blog/ 1 KB
805 B 32ms
27ms Image
image/svg+xml 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/blog/facebook-icon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7221be22d59bd95b5c1e47590a48d06d367a965213a39ca929241e4a6f9ee7ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1031867
x-cache: HIT
status: 200
x-cache-hits: 1
x-ah-environment: prod
content-encoding: br
vary: Host, Accept-Encoding
cf-request-id: 03a30f684b0000061441945200000001
x-request-id: v-f41559f0-b0c8-11ea-b934-db0120de5472
last-modified: Fri, 20 Sep 2019 09:57:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/svg+xml
cache-control: public, max-age=1814400
cf-ray: 5ab1e82079fc0614-FRA
expires: Mon, 20 Jul 2020 19:03:17 GMT

GET
H2 200 linkedin-icon.svg
www.zscaler.com/themes/custom/zscaler/images/blog/ 1 KB
834 B 29ms
24ms Image
image/svg+xml 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/blog/linkedin-icon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

391f4dc402b6ecb016765b0eae6e508d409b577b79e87dd1dbade260d4495581

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 290547
x-cache: MISS
status: 200
cf-bgj: h2pri
x-ah-environment: prod
content-encoding: br
vary: Host, Accept-Encoding
cf-request-id: 03a30f684b0000061441946200000001
x-request-id: v-2f57c09e-8611-11ea-ac20-33ab4b5736bb
last-modified: Fri, 20 Sep 2019 09:57:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/svg+xml
cache-control: public, max-age=1814400
cf-ray: 5ab1e82079fd0614-FRA
expires: Mon, 20 Jul 2020 19:03:17 GMT

GET
H2 200 twitter-icon.svg
www.zscaler.com/themes/custom/zscaler/images/blog/ 1 KB
949 B 33ms
28ms Image
image/svg+xml 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/blog/twitter-icon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8abaf8f630ae4af089de7c1b5d7d8f54cec867b3ecf76256db2f5a9fffe7c0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289009
x-cache: HIT
status: 200
x-cache-hits: 18
x-ah-environment: prod
content-encoding: br
vary: Host, Accept-Encoding
cf-request-id: 03a30f684b0000061441947200000001
x-request-id: v-dd4e1d26-331c-11ea-9951-4b07c20bc722
last-modified: Fri, 20 Sep 2019 09:57:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/svg+xml
expires: Mon, 20 Jul 2020 19:03:17 GMT
cache-control: public, max-age=1814400
cf-ray: 5ab1e82079ff0614-FRA
cf-bgj: h2pri

GET
H2 200 building%20with%20clouds.jpg
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/ 62 KB
62 KB 83ms
78ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/building%20with%20clouds.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29500e7d31e0f972b0820d71da8ab928cb645d8f3f41b5c02363072427d097cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 63454
cf-request-id: 03a30f684b0000061441948200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfbteu1e7a7DDVwv9Vff2Y-g"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.176 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e8207a020614-FRA
expires: Mon, 20 Jul 2020 16:56:56 GMT

GET
H2 200 zscaler-blog-security-tools-3.jpg
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/----category-images/security-tools/ 28 KB
29 KB 45ms
40ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/----category-images/security-tools/zscaler-blog-security-tools-3.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df4c29a54b10b8bb812afee1a551c012c94a19e661563d7358f7fa3f22697d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 28988
cf-request-id: 03a30f684b0000061441949200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfwBxNPz6G7jxJ_utotm4Zpg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.043 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e8207a050614-FRA
expires: Sun, 19 Jul 2020 05:16:18 GMT

GET
H2 200 js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js Show response
www.zscaler.com/sites/default/files/js/ 738 KB
195 KB 20ms
16ms Script
text/javascript 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/sites/default/files/js/js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816e86ef88dcb836e0a8b46035b762fe571134b65739bf6aba4ea8bd0ab601f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58311
x-cache: MISS
status: 200
x-ah-environment: prod
content-encoding: br
vary: Host,Accept-Encoding
cf-request-id: 03a30f68470000061441932200000001
x-request-id: v-6ca83098-b9b3-11ea-96ca-2bab7c14f2df
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: text/javascript
cache-control: public, max-age=1814400
cf-ray: 5ab1e82079b90614-FRA
expires: Mon, 20 Jul 2020 19:03:17 GMT

GET
H2 200 92ede4fc-c076-4245-8c3f-85e672763690.js Show response
cdn.cookielaw.org/langswitch/ 2 KB
1 KB 31ms
7ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FA5) /
Resource Hash: 3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 29 Jun 2020 19:03:17 GMT
content-encoding: gzip
content-md5: wNMyoZp2a7YtIJ5FlCf5Pg==
age: 9123
x-cache: HIT
status: 200
content-length: 737
x-ms-lease-status: unlocked
last-modified: Mon, 22 Apr 2019 21:38:32 GMT
server: ECAcc (frc/8FA5)
etag: 0x8D6C76ADDE64110
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 47b4aaa1-601e-00c5-4032-4ea6dd000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Mon, 29 Jun 2020 23:03:17 GMT

GET
H2 200 zscaler-blog-post-hero-security-threats-hacking.jpg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/blog/post-images/ 6 KB
6 KB 28ms
28ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/blog/post-images/zscaler-blog-post-hero-security-threats-hacking.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

902a0d329b0338e03d857c538abf710b41f8d050b2276e3a019131d4f8ab1aa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 6230
cf-request-id: 03a30f68a40000061441952200000001
last-modified: Fri, 20 Sep 2019 09:57:55 GMT
server: cloudflare
etag: "cfmk_pmu8uYEy-ATQRsKcUUQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/m t=1.006 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e8210baf0614-FRA
expires: Mon, 20 Jul 2020 08:29:53 GMT

GET
H2 200 data-breach-2@2x%20(1).jpg
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/----category-images/data-breach/ 94 KB
95 KB 20ms
19ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/----category-images/data-breach/data-breach-2@2x%20(1).jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da15f68a7a989412d972b23b7a37f1875836a2dbd3e504eb847bf1dfeb1fbeea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 96584
cf-request-id: 03a30f68a40000061441953200000001
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: cloudflare
etag: "cfyMLehJlGDuzsitFDz9K4Wg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.128 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e8210bb30614-FRA
expires: Fri, 17 Jul 2020 17:57:16 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Sat, 13 Jun 2020 02:26:07 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 1442230
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Sun, 13 Jun 2021 02:26:07 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Sat, 13 Jun 2020 02:31:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 1441929
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Sun, 13 Jun 2021 02:31:08 GMT

GET
H2 200 fa-solid-900.woff2
www.zscaler.com/themes/custom/zscaler/vendor/font-awesome/webfonts/ 115 KB
115 KB 29ms
29ms Font
text/plain 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/vendor/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5538a328926c9517ffb8670fccce94f6137d58c21ff4b10ecd772abfa16a012b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zscaler.com/sites/default/files/css/css_segeXiDpk88TX0W9BehQAvgeBk6FruodM2mvkp8Knlk.css
Origin: https://www.zscaler.com

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 307358
x-cache: HIT
status: 200
x-cache-hits: 52
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 117536
cf-request-id: 03a30f68a90000061441955200000001
x-request-id: v-63f71828-331d-11ea-9cbc-63c54b27e6b0
last-modified: Fri, 20 Sep 2019 09:57:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
access-control-allow-origin: *
expires: Mon, 20 Jul 2020 19:03:17 GMT
cache-control: public, max-age=1814400
accept-ranges: bytes
cf-ray: 5ab1e8210bcd0614-FRA
cf-bgj: h2pri

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Tue, 09 Jun 2020 00:43:54 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1793963
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 09 Jun 2021 00:43:54 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Fri, 12 Jun 2020 13:44:12 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 1487945
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Sat, 12 Jun 2021 13:44:12 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
fonts.gstatic.com/s/roboto/v20/ 12 KB
12 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3be0a916496d7936bb83ce60a4de9f10ef400f16c38e7dd7c65449c795e7739b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Fri, 26 Jun 2020 18:21:01 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
server: sffe
age: 261736
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12680
x-xss-protection: 0
expires: Sat, 26 Jun 2021 18:21:01 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic6CsTYl4BO.woff2
fonts.gstatic.com/s/roboto/v20/ 12 KB
13 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic6CsTYl4BO.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d630df8a89d2ec3c590c3b036b610c60fda3df53b3a4c81f3a9e5c94a0de5929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Wed, 10 Jun 2020 01:05:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:03 GMT
server: sffe
age: 1706256
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12688
x-xss-protection: 0
expires: Thu, 10 Jun 2021 01:05:41 GMT

GET
H2 200 fa-brands-400.woff2
www.zscaler.com/themes/custom/zscaler/vendor/font-awesome/webfonts/ 73 KB
73 KB 23ms
23ms Font
text/plain 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/themes/custom/zscaler/vendor/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03b742a6efdb17797c84c2b5db25f5cda6a3361fa5e62b98662e321b26f77331

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zscaler.com/sites/default/files/css/css_segeXiDpk88TX0W9BehQAvgeBk6FruodM2mvkp8Knlk.css
Origin: https://www.zscaler.com

Response headers

date: Mon, 29 Jun 2020 19:03:17 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1017553
x-cache: HIT
status: 200
x-cache-hits: 7
x-ah-environment: prod
vary: Host, Accept-Encoding
content-length: 74800
cf-request-id: 03a30f68ae0000061441956200000001
x-request-id: v-5ebbb4b6-b0e2-11ea-985e-dfd59d00d2c0
last-modified: Fri, 20 Sep 2019 09:57:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
access-control-allow-origin: *
cache-control: public, max-age=1814400
accept-ranges: bytes
cf-ray: 5ab1e8211bf20614-FRA
expires: Mon, 20 Jul 2020 19:03:17 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxP.ttf
fonts.gstatic.com/s/roboto/v20/ 35 KB
20 KB 6ms
6ms Font
font/ttf 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxP.ttf

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zscaler.com/sites/default/files/css/css_segeXiDpk88TX0W9BehQAvgeBk6FruodM2mvkp8Knlk.css
Origin: https://www.zscaler.com

Response headers

date: Wed, 10 Jun 2020 07:55:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1681659
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20742
x-xss-protection: 0
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Jun 2021 07:55:38 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc9.ttf
fonts.gstatic.com/s/roboto/v20/ 35 KB
20 KB 6ms
6ms Font
font/ttf 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc9.ttf

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a637d3ff767789f9b113bbfa208bdb6a76efed7c4c111da2a130f6a38a51d353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zscaler.com/sites/default/files/css/css_segeXiDpk88TX0W9BehQAvgeBk6FruodM2mvkp8Knlk.css
Origin: https://www.zscaler.com

Response headers

date: Thu, 11 Jun 2020 02:31:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1614697
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20796
x-xss-protection: 0
last-modified: Wed, 24 Jul 2019 01:18:59 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Jun 2021 02:31:40 GMT

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 37 KB
37 KB 602ms
104ms Script
application/javascript 3.85.187.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.85.187.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-85-187-26.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:18 GMT
last-modified: Tue, 16 Oct 2018 18:33:02 GMT
server: Kestrel
etag: "1d4657eab9c909b"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 37787
expires: -1

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 455ms
228ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 0900d27f58663d7de03a64c096080d61d42bda5fc98d881ef4fc32d1393fd7f7

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:18 GMT
Content-Encoding: gzip
Last-Modified: Fri, 26 Jun 2020 01:55:11 GMT
Server: AkamaiNetStorage
ETag: "f15c20df2ed3ead903a11e6d513eda63:1593136511.140086"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 764

GET
H2 200 75590e24-f605-4d9c-b92c-ca09a93d469f.js Show response
cdn.cookielaw.org/consent/ 107 KB
18 KB 7ms
6ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FED) /
Resource Hash: ac68bb7dc5704e99d44c73c67f609a3c8fb6105fae418687b80ec13d9b370114

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 29 Jun 2020 19:03:18 GMT
content-encoding: gzip
content-md5: u1OHPxwcyLXNxp1DCtacfg==
age: 9124
x-cache: HIT
status: 200
content-length: 17894
x-ms-lease-status: unlocked
last-modified: Mon, 22 Apr 2019 21:38:35 GMT
server: ECAcc (frc/8FED)
etag: 0x8D6C76ADF89B5D5
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 220fb40c-201e-0101-4932-4e9f4e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Mon, 29 Jun 2020 23:03:18 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
11 KB 18ms
18ms Script
text/javascript 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

6d7477548d212c307b2637c64c2e504e65f5ca9d3b77a8ac3616afff75a8b96e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11096
x-xss-protection: 0
server: cafe
etag: 10053623745966112319
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 29 Jun 2020 19:03:18 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:825::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 1420
date: Mon, 29 Jun 2020 18:39:38 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Mon, 29 Jun 2020 20:39:38 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 35 KB
12 KB 7353ms
7074ms Script
text/javascript 184.51.8.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.183 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-183.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 25172c7c6eff519a281b45a8e97d2d3e86944ddf7185be231ce4e3a0af53dde5

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: qRFW6M.nWsOA.yLfhV13zwXaRgQ.yvFq
Content-Encoding: gzip
ETag: "cc079f74be32659ae39bb0a399ae6f9c"
x-amz-request-id: 58F136859A41BD4A
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11133
x-amz-id-2: U9F222xpnVdnzAYfCxvdRUwkSW5t/ynH/kMkQ94ZvYaNO8IchybcKYFx3PUfmIn4a0jyf9xZRV0=
Last-Modified: Mon, 22 Jun 2020 15:40:15 GMT
Server: AmazonS3
Date: Mon, 29 Jun 2020 19:03:18 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 10ms
9ms Script
application/x-javascript 2a02:26f0:10c:39e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:18 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=67576
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
920 B 21ms
20ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

2764d9ef129a43e64912fc50e590cd6a62c7f9d3f9f2a472953b8f7b2cb2482b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 87 KB
33 KB 258ms
13ms Script
application/x-javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40B4) /
Resource Hash: 4e565f1d8d81e94cdd1ee567c3d757932dc7062e1fe64580ed81addaf51681bf

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
content-encoding: gzip
last-modified: Wed, 24 Jun 2020 07:08:23 GMT
server: ECS (fcn/40B4)
age: 246396
etag: "eb5cab3ff649d61:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
accept-ranges: bytes
content-length: 34012

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 14 KB
7 KB 139ms
46ms Script
application/javascript 23.10.73.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.10.73.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-10-73-123.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2ae84b4d583a8fe2bf9e656da3fba1ae4200dbd62a291cf656ebfc3c59d406b8

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 Jun 2020 17:33:15 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5eeba55b-3997"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 6032

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 4818ms
3257ms Script
text/javascript 163.171.132.119
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:19 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 44
X-Ws-Request-Id: 5efa3af7_PSdgflkfFRA2po7_24373-457
Content-Type: text/javascript
Via: 1.1 VMmgasbIAD1am50:2 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control: max-age=600
X-Cache-Spec: Yes
X-Px: ht PSdgflkfFRA2gb73FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Mon, 29 Jun 2020 19:12:35 GMT

GET
H2 200 zscaler-home-navigation-dropDown-products.jpg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/menu-backgrounds/ 13 KB
13 KB 26ms
25ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-products.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

429760f352eff0a9b97d49c7b8f9f9dc427e9286828542e5df771ba2c1517575

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 12928
cf-request-id: 03a30f69d80000061441974200000001
last-modified: Fri, 20 Sep 2019 09:57:57 GMT
server: cloudflare
etag: "cfMW76R1cVRD8NHqewFjj0pQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.051 v=2020.6.2
accept-ranges: bytes
cf-ray: 5ab1e822fa720614-FRA
expires: Thu, 09 Jul 2020 11:11:31 GMT

GET
H2 200 zscaler-home-navigation-dropDown-solutions.jpg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/menu-backgrounds/ 10 KB
10 KB 29ms
29ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-solutions.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6c93ca77ae18a172058a361c3269bbdc8c21153855c731550db0b4306d0c43d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 10320
cf-request-id: 03a30f69d80000061441975200000001
last-modified: Fri, 20 Sep 2019 09:57:46 GMT
server: cloudflare
etag: "cfq33i2rCbB76gcUiZLteXJA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.041 v=2020.6.4
accept-ranges: bytes
cf-ray: 5ab1e822fa7e0614-FRA
expires: Thu, 16 Jul 2020 05:02:04 GMT

GET
H2 200 zscaler-home-navigation-dropDown-resources.jpg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/menu-backgrounds/ 14 KB
14 KB 28ms
28ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-resources.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2a87a17d6f31133d7ac377f3608b91101b1a83dec5f1d001467f61443ddde2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 14226
cf-request-id: 03a30f69d90000061441976200000001
last-modified: Fri, 20 Sep 2019 09:57:57 GMT
server: cloudflare
etag: "cfZE-9HQ3fOVPB5AkRVOlVrA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.048 v=2020.5.1
accept-ranges: bytes
cf-ray: 5ab1e822fa810614-FRA
expires: Mon, 06 Jul 2020 07:30:25 GMT

GET
H2 200 zscaler-home-navigation-dropDown-company.jpg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/menu-backgrounds/ 14 KB
14 KB 19ms
19ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-company.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b518eb58505b9843b13a5e1f1c9dc3f084b7cfc62f2d4c8e7ea6d4adb494a221

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 14522
cf-request-id: 03a30f69da0000061441978200000001
last-modified: Fri, 20 Sep 2019 09:57:46 GMT
server: cloudflare
etag: "cfUzyhd10Pe_7v-AkSsCOkRA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.042 v=2020.6.2
accept-ranges: bytes
cf-ray: 5ab1e822fa860614-FRA
expires: Thu, 09 Jul 2020 05:04:12 GMT

GET
H2 200 icon-enlarge-btn.svg
www.zscaler.com/themes/custom/zscaler/images/resources/ransomware/ 3 KB
1 KB 15ms
15ms Image
image/svg+xml 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/themes/custom/zscaler/images/resources/ransomware/icon-enlarge-btn.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_segeXiDpk88TX0W9BehQAvgeBk6FruodM2mvkp8Knlk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 998390
x-cache: HIT
status: 200
x-cache-hits: 9
x-ah-environment: prod
content-encoding: br
vary: Host, Accept-Encoding
cf-request-id: 03a30f6a090000061441982200000001
x-request-id: v-228ff152-b0ef-11ea-be91-63ba95e1376c
last-modified: Fri, 20 Sep 2019 09:57:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/svg+xml
cache-control: public, max-age=1814400
cf-ray: 5ab1e8234b950614-FRA
expires: Mon, 20 Jul 2020 19:03:18 GMT

GET
H2 200 optanon.css
cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/css/ 20 KB
4 KB 7ms
6ms Stylesheet
text/css 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/css/optanon.css
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FDA) /
Resource Hash: bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 29 Jun 2020 19:03:18 GMT
content-encoding: gzip
content-md5: NYS8lY5d5dnS26QwLdV6bA==
age: 6926
x-cache: HIT
status: 200
content-length: 3587
x-ms-lease-status: unlocked
last-modified: Thu, 19 Sep 2019 20:24:15 GMT
server: ECAcc (frc/8FDA)
etag: 0x8D73D3F576177AF
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 721a0525-d01e-0098-1137-4e56d9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Mon, 29 Jun 2020 23:03:18 GMT

GET
H2 200 EU Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/ 32 B
246 B 44ms
44ms Script
text/javascript 2606:4700:10::6814:b844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery34105910536155298036_1593457398076&_=1593457398077

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5ab1e82369ce05c8-FRA
content-length: 32
cf-request-id: 03a30f6a1f000005c8d426f200000001

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&time=1593457398303
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Ftaur...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&time=1593457398303&liSync=true

0
41 B

113ms
113ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&time=1593457398303&liSync=true
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: jgRzvQ8ZHRYQaIiJaysAAA==

Redirect headers

strict-transport-security: max-age=2592000
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: 7oPnuA8ZHRZA3U9YBysAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: 29BB996B38D0466D9F26E8A250ADF3D4 Ref B: FRAEDGE0818 Ref C: 2020-06-29T19:03:18Z
date: Mon, 29 Jun 2020 19:03:17 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&time=1593457398303&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 67 KB
26 KB 38ms
38ms Script
application/javascript 2a00:1450:4001:825::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5KQJVPX&t=gtm1&cid=719961776.1593457398

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b2c9e310149ab4ef8170208668e1dd61682c0f8cb1b5347bcd4084c9df44eb15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:18 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26885
x-xss-protection: 0
last-modified: Mon, 29 Jun 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Jun 2020 19:03:18 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflgkj_Yq/ 84 KB
30 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflgkj_Yq/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

295038d9be60b787fa2b806dc84ffead21d047177e81234e9106b9246ce1cff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 17:46:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4590
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30930
x-xss-protection: 0
last-modified: Thu, 25 Jun 2020 14:15:29 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Tue, 07 Jul 2020 17:46:48 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
371 B 114ms
36ms XHR
text/plain 23.10.73.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.10.73.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-10-73-123.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6ff42cc531ad6d9648b1f817b73bda75a61fb19294a16a265f630181746b425a

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:18 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.zscaler.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
703 B 69ms
15ms XHR
application/json 185.33.221.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.52 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Jun 2020 19:03:20 GMT
X-Proxy-Origin: 185.220.70.68; 185.220.70.68; 725.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.141:80
AN-X-Request-Uuid: 5b1985c6-b59c-4eee-a8e3-6bf532941a36
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.zscaler.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
103 B 6ms
5ms Image
image/gif 2a00:1450:4001:825::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&a=190544752&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&ul=en-us&de=UTF-8&dt=Taurus%20The%20New%20Stealer%20in%20Town%20%7C%20Zscaler%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEADQ~&jid=1519223366&gjid=833491713&cid=719961776.1593457398&tid=UA-6177009-1&_gid=430557439.1593457398&gtm=2wg6h15SLZFK&z=1961747325

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jun 2020 14:41:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1657301
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-6177009-1&cid=719961776.1593457398&jid=1519223366&gjid=833491713&_gid=430557439.1593457398&_u=aGDAgEADQ~&z=1960561471
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=719961776.1593457398&jid=1519223366&_v=j83&z=1960561471
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=719961776.1593457398&jid=1519223366&_v=j83&z=1960561471&slf_rd=1&random=1185519625

42 B
106 B

30ms
29ms

Image
image/gif

2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=719961776.1593457398&jid=1519223366&_v=j83&z=1960561471&slf_rd=1&random=1185519625

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=719961776.1593457398&jid=1519223366&_v=j83&z=1960561471&slf_rd=1&random=1185519625
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 341ms
267ms Image
image/gif 23.10.73.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=&visitor=573fab80-018d-41d6-8a40-c0f6743dd836&session=416488a8-dbce-4173-8bee-8b364c51f842&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22Taurus%20is%20a%20new%20stealer%20being%20sold%20on%20dark%20forums%20by%20the%20Predator%20the%20Thief%20cybercrime%20group.%22%2C%22keywords%22%3A%22ThreatLabZ%2C%20Taurus%2C%20Taurus%20Stealer%2C%20Predator%20the%20Thief%2C%20infostealer%2C%20sandbox%22%2C%22title%22%3A%22Taurus%20The%20New%20Stealer%20in%20Town%20%7C%20Zscaler%20Blog%22%7D&cb=57398401&r=&thirdParty=%7B%7D

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.10.73.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-10-73-123.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:18 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 19:02:58 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502962-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1593457398424&cv=9&fst=1593457398424&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6h1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&tiba=Taurus%20The%20New%20Stealer%20in%20Town%20%7C%20Zscaler%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62b7609d4f9633d2aa88e3994d158dcc3f38e1881146657deeda494d7353243d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1036
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/ 2 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1593457398427&cv=9&fst=1593457398427&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6h1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&tiba=Taurus%20The%20New%20Stealer%20in%20Town%20%7C%20Zscaler%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0643edc65736054badb2f995db9bd0baf33013a4abbee6c008c4346d2557c5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1035
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v1/company/ 725 B
602 B 1753ms
17ms XHR
application/json 52.57.146.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v1/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.146.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-146-39.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 924e959ec4f38477f58d35820c23918df3489178713002152afc9978ae28b15b

Request headers

Authorization: Token d9a28eea7120bf0c47191c72d2fdf42c4de8fc4e
Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
EpsilonCookie: ef497b5c060e0000f63afa5e0c010000063f0100

Response headers

date: Mon, 29 Jun 2020 19:03:20 GMT
content-encoding: gzip
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
content-length: 413

GET
H2 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
119 B 22ms
21ms Image
image/gif 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1593457398424&cv=9&fst=1593457200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6h1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&tiba=Taurus%20The%20New%20Stealer%20in%20Town%20%7C%20Zscaler%20Blog&async=1&fmt=3&is_vtc=1&random=3372370102&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/812494211/ 42 B
107 B 24ms
24ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/812494211/?random=1593457398424&cv=9&fst=1593457200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6h1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&tiba=Taurus%20The%20New%20Stealer%20in%20Town%20%7C%20Zscaler%20Blog&async=1&fmt=3&is_vtc=1&random=3372370102&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/973777747/ 42 B
119 B 21ms
20ms Image
image/gif 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973777747/?random=1593457398427&cv=9&fst=1593457200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6h1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&tiba=Taurus%20The%20New%20Stealer%20in%20Town%20%7C%20Zscaler%20Blog&async=1&fmt=3&is_vtc=1&random=1823026156&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/973777747/ 42 B
107 B 27ms
27ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/973777747/?random=1593457398427&cv=9&fst=1593457200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6h1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&tiba=Taurus%20The%20New%20Stealer%20in%20Town%20%7C%20Zscaler%20Blog&async=1&fmt=3&is_vtc=1&random=1823026156&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/158/ 11 KB
5 KB 687ms
687ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/158/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5f967fd41346c0fc1b9b44fa69c52bf1e754420c59c8017cefb0a14a764cafa4

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:18 GMT
Content-Encoding: gzip
Last-Modified: Tue, 28 Jan 2020 03:01:21 GMT
Server: AkamaiNetStorage
ETag: "67df7eb9e9e68638308f14367dddec10:1580180481"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4686
Expires: Wed, 07 Oct 2020 19:03:18 GMT

GET
H/1.1 200
OK visitWebPage Show response
306-zej-256.mktoresp.com/webevents/ 2 B
304 B 1202ms
96ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1593457399212&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-zscaler.com-1593457399211-34122&_mchHo=www.zscaler.com&_mchPo=&_mchRu=%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&_mchPc=https%3A&_mchVr=158&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/158/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 29 Jun 2020 19:03:20 GMT
Content-Encoding: gzip
Server: akka-http/10.1.11
Transfer-Encoding: chunked
X-Request-Id: 8fb338af-ddab-4ffd-981f-92122c1bad77
Content-Type: text/plain; charset=UTF-8

GET
H2

200

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&referer=&fp=51f928c7bf3815ea04df2172cdbf6261
https://tracking.leadlander.com/tracking.png

68 B
296 B

99ms
99ms

Image
image/png

34.230.159.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.230.159.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-230-159-139.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:24 GMT
last-modified: Wed, 26 Sep 2018 16:48:51 GMT
server: Kestrel
etag: "1d455b8cd761bc4"
strict-transport-security: max-age=2592000
content-type: image/png
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
expires: -1

Redirect headers

status: 302
date: Mon, 29 Jun 2020 19:03:23 GMT
server: Kestrel
access-control-allow-origin: *
location: /tracking.png
content-length: 0
strict-transport-security: max-age=2592000

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
450 B 1957ms
103ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=2334982&version=2.0&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&r=1593457402980
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:24 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384029cff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=16
Content-Length: 43

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
326 B 217ms
216ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=8b36b2f179304f24d26f3b2429ac5b1e&_biz_s=8cdd9d&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&_biz_t=1593457405003&_biz_i=Taurus%20The%20New%20Stealer%20in%20Town%20%7C%20Zscaler%20Blog&_biz_n=0&rnd=794558&cdn_o=a&_biz_z=1593457405005
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41A2) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:25 GMT
last-modified: Sun, 28 Jun 2020 11:37:14 GMT
server: ECS (fcn/41A2)
age: 113171
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 BizibleAcct.js Show response
cdn.bizible.com/ 378 B
541 B 756ms
756ms Script
text/javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/BizibleAcct.js?_biz_u=8b36b2f179304f24d26f3b2429ac5b1e&_biz_h=-1906410348&cdn_o=a&jsVer=4.20.05.18
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41D7) /
Resource Hash: 649757e1f55aa89f8bdd95c16c31b32548ac2df6e0e0077669fa2c3339c8ae8e

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:24 GMT
content-encoding: gzip
server: ECS (fcn/41D7)
etag: 51A56E29
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 325

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

18ms
18ms

Script
application/javascript

184.51.8.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.183 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-183.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: Gq_Uupzq2k3J8S1dXTwhnfNaf5QBJsmG
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 1E8CDE18687D291F
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 8+VCH3RvputC9Qo7rGFnl5wdJA1nM0vRKAMwsYua3+sDRyrpBBrqzUBX8DCA2tD4Xclhnp4shRc=
Last-Modified: Mon, 22 Jun 2020 19:39:19 GMT
Server: AmazonS3
Date: Mon, 29 Jun 2020 19:03:25 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Mon, 29 Jun 2020 19:03:25 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/ 0
705 B 479ms
444ms Script
text/javascript 184.51.8.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.183 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-183.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: a5ReEnNWYUndsEEBGRlBT9yz1tTqWtVX
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: AW0V5S3GAGAPEHCR
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 0
x-amz-id-2: e6UjGDk2kENcmtixvduj/+VrC+fyO0G7rf9w7Fbxz5TC6R3hBG40eqVwulTwDsjjXAlA/eMmSy0=
Last-Modified: Mon, 29 Jun 2020 14:00:12 GMT
Server: AmazonS3
Date: Mon, 29 Jun 2020 19:03:25 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/ULSJHTPGTZGY3EPPZSKHKS?_s=5c3576dbe123cd6412c63d6ef077f780&_b=2
https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=5c3576dbe123cd6412c63d6ef077f780&_b=2

377 B
847 B

32ms
31ms

Script
application/javascript

52.16.213.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=5c3576dbe123cd6412c63d6ef077f780&_b=2
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.213.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-213-78.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: bb5071ed2b20e024e5588268ecb0a4866a0562afe9865098e0309dea127cdb2c

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:26 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: application/javascript
content-length: 377

Redirect headers

status: 302
date: Mon, 29 Jun 2020 19:03:26 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=5c3576dbe123cd6412c63d6ef077f780&_b=2

GET
H/1.1

200
OK

XYPZFM5QENHXRH7RBBI5PW.js Show response
s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/
Redirect Chain

https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-n...
https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js

6 KB
3 KB

239ms
239ms

Script
text/javascript

184.51.8.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.183 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-183.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9ddc524de287d27c0523c2b229f166e6c6f0e5d67f1ef37b71521ddb0de1fa52

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: Oa3i3f9jcf6iJvs8kwN9wpxTNfdovStJ
Content-Encoding: gzip
ETag: "c5cf93843e809f98649a85e359cceb72"
x-amz-request-id: 4D22A00C678CA18B
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1991
x-amz-id-2: 3/Bi/hJJjz3AKWbMouMcECttCADU6ZPF1gbxX5KxHMwEUxYgd1krALOceEDrLpE21jRAYWlmOew=
Last-Modified: Tue, 04 Feb 2020 02:12:02 GMT
Server: AmazonS3
Date: Mon, 29 Jun 2020 19:03:26 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

date: Mon, 29 Jun 2020 19:03:26 GMT
x-segment-display-name: Visitors to Unsegmented Pages
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
content-length: 0
pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.16.1
x-rule: *
x-segment-eid: XYPZFM5QENHXRH7RBBI5PW
location: https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: 22OEOVE2YNFA3EKSRERISY
x-segment-name: *
x-advertisable-eid: ULSJHTPGTZGY3EPPZSKHKS
x-conversion-currency

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 133 KB
33 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: s.adroll.com
URL: https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

73d764e56e8727bfd3de86dbe1c52f5105b4d6d0c41dbf91565e719e7cd74aed

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34036
x-xss-protection: 0
pragma: public
x-fb-debug: ja74Lh5zcRE7vvP5s6EeaSniOAXmCk2M50b0Eb1xgMAqIU+iUTbEYQo+Z6Kcqq1hwIo/XSRNL8vlRJNKvt8+Lg==
x-fb-trip-id: 1781455057
x-frame-options: DENY
date: Mon, 29 Jun 2020 19:03:27 GMT, Mon, 29 Jun 2020 19:03:27 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 510ms
510ms Script
text/javascript 184.51.8.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.183 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-183.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: NM.EHVfGEDu2TYFqb1osrv1zRII373EC
Content-Encoding: gzip
ETag: "15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id: E2F067B4E9F95C64
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2039
x-amz-id-2: zahNXUrZcHvPMHZ5OZzeA/pmU+ThIaY+/c27IjCJ/f8DH693VdK16PYXiwNkUgRleJPaNozozcA=
Last-Modified: Mon, 03 Feb 2020 20:32:06 GMT
Server: AmazonS3
Date: Mon, 29 Jun 2020 19:03:27 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULS...
https://pixel.advertising.com/ups/55980/sync?uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://pixel.advertising.com/ups/55980/sync?uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
https://ups.analytics.yahoo.com/ups/55980/sync?uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP36ccced6-ba3b-11ea-a3a2-02...

0
977 B

933ms
17ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55980/sync?uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP36ccced6-ba3b-11ea-a3a2-02b472f64ec0

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.113 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:29 GMT
Server: ATS/7.1.2.113
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Mon, 29 Jun 2020 19:03:27 GMT
location: https://ups.analytics.yahoo.com/ups/55980/sync?uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP36ccced6-ba3b-11ea-a3a2-02b472f64ec0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=U...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expiration=1624993407
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expiration=1624993407&C=1

43 B
1003 B

62ms
62ms

Image
image/gif

184.51.9.98
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expiration=1624993407&C=1
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.9.98 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-9-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Jun 2020 19:03:27 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 29 Jun 2020 19:03:27 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Jun 2020 19:03:27 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expiration=1624993407&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Mon, 29 Jun 2020 19:03:27 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJH...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expires=365

0
239 B

3505ms
12ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expires=365
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:27 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&expires=365
cache-control: no-store, no-cache, must-revalidate
content-length: 124

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisabl...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY
https://sync.outbrain.com/cookie-sync?p=adroll&uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&rdrctExp=true

0
477 B

95ms
95ms

Image
text/plain

70.42.32.31
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&rdrctExp=true
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 29 Jun 2020 19:03:27 GMT
Cache-Control: no-cache
X-TraceId: 1906d832ea9ee6db2347fea0be848994
Content-Length: 0

Redirect headers

Location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&rdrctExp=true
Date: Mon, 29 Jun 2020 19:03:27 GMT
X-TraceId: 478c7f371a4e3b805880895683563407
Content-Length: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisabl...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
887 B

970ms
16ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Mon, 29 Jun 2020 19:03:28 GMT
X-lat: Pug22048:0:1475
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:27 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
cache-control: no-store, no-cache, must-revalidate
content-length: 220

GET
H2

200

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJH...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
502 B

31ms
30ms

Image
image/gif

52.16.213.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.213.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-213-78.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:27 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42

Redirect headers

date: Mon, 29 Jun 2020 19:03:27 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 0
status: 302
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

204

/
trc.taboola.com/sg/adroll-network/1/rtb-h/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable...
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY

0
281 B

3274ms
17ms

Image
text/plain

151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 8
date: Mon, 29 Jun 2020 19:03:30 GMT
via: 1.1 varnish
server: nginx
x-timer: S1593457411.728715,VS0,VE8
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4074-HHN

Redirect headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:27 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY
cache-control: no-store, no-cache, must-revalidate
content-length: 111

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisa...
https://eb2.3lift.com/xuid?mid=4714&xuid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

10ms
10ms

Image
image/gif

52.28.90.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.90.202 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-90-202.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 29 Jun 2020 19:03:30 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

status: 302
date: Mon, 29 Jun 2020 19:03:30 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: /xuid?ld=1&mid=4714&xuid=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJH...
https://x.bidswitch.net/sync?dsp_id=44&user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY

43 B
412 B

14ms
13ms

Image
image/gif

18.185.81.183
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.81.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-81-183.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 29 Jun 2020 19:03:32 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status: 302
date: Mon, 29 Jun 2020 19:03:32 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJH...
https://ib.adnxs.com/setuid?entity=172&code=OGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DOGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY

43 B
1 KB

221ms
220ms

Image
image/gif

37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DOGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Jun 2020 19:03:30 GMT
X-Proxy-Origin: 185.220.70.68; 185.220.70.68; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.173:80
AN-X-Request-Uuid: f811a7a7-e5d5-49cc-aacd-6145f11f7ea0
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Jun 2020 19:03:30 GMT
X-Proxy-Origin: 185.220.70.68; 185.220.70.68; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.238:80
AN-X-Request-Uuid: b5151da8-7fe1-428d-b208-e69ece920198
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DOGYzNDkzMjhlNGUzYjE2Njk4NTBjYjQ5ZjE5ODYxYjY
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

451

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJH...
https://idsync.rlcdn.com/377928.gif?partner_uid=8f349328e4e3b1669850cb49f19861b6

0
66 B

345ms
118ms

Image
text/plain

35.241.8.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=8f349328e4e3b1669850cb49f19861b6
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.8.149 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 149.8.241.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 451
date: Mon, 29 Jun 2020 19:03:28 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:28 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://idsync.rlcdn.com/377928.gif?partner_uid=8f349328e4e3b1669850cb49f19861b6
cache-control: no-store, no-cache, must-revalidate
content-length: 86

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJH...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=8f349328e4e3b1669850cb49f19861b6
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=8f349328e4e3b1669850cb49f19861b6

43 B
180 B

17ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=8f349328e4e3b1669850cb49f19861b6
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.188.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:29 GMT
via: 1.1 google
server: OXGW/16.188.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Mon, 29 Jun 2020 19:03:29 GMT
via: 1.1 google
server: OXGW/16.188.0
status: 302
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=8f349328e4e3b1669850cb49f19861b6
alt-svc: clear
content-length: 0

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=2ccc0e1fd857d3cfbdb42092d1f9f611-1593457406334&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&xid_ch=f&advertisable=ULSJH...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=jzSTKOTjsWaYUMtJ8Zhhtg
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=jzSTKOTjsWaYUMtJ8Zhhtg&google_tc=
https://d.adroll.com/cm/g/in

42 B
538 B

31ms
30ms

Image
image/gif

52.16.213.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.213.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-213-78.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:29 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Mon, 29 Jun 2020 19:03:29 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 476377582537549 Show response
connect.facebook.net/signals/config/ 521 KB
131 KB 82ms
82ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/476377582537549?v=2.9.21&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

16146fa2c11b6e284946ce2580d9711c6d807c38de6d6e6f1d5ecf562657c518

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: SrTejqPNjBDL+Ftjd3Gf2klsuTnugwIIJRWkjGbh96+uRqa6ZuTpwgDprWYmSD994poFHAlmX3s4sUeX/pEFOw==
x-fb-trip-id: 1781455057
x-frame-options: DENY
date: Mon, 29 Jun 2020 19:03:27 GMT, Mon, 29 Jun 2020 19:03:27 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
259 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=476377582537549&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Ftaurus-new-stealer-town&rl=&if=false&ts=1593457407182&cd[segment_eid]=XYPZFM5QENHXRH7RBBI5PW&sw=1600&sh=1200&v=2.9.21&r=stable&ec=0&o=29&fbp=fb.1.1593457407182.536132128&it=1593457407058&coo=false&rqm=GET

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:27 GMT, Mon, 29 Jun 2020 19:03:27 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 29 Jun 2020 19:03:27 GMT

GET
H2 200 nr-1169.min.js Show response
js-agent.newrelic.com/ 27 KB
10 KB 13ms
13ms Script
application/javascript 151.101.14.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1169.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cddee6bb37cab7b576ddf080fd6ba00fa8420d0afc0531f413633175e9e5f9c8

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:32 GMT
content-encoding: gzip
x-amz-request-id: 34323E3DCD0235EE
x-cache: HIT
status: 200
content-length: 10276
x-amz-id-2: 9jY3iPL7VUwIJzTyN+h7Ca5OmyTHJnV5bajpkoOIyWsew9TsPn8KKSFSp2suxVMh6C06C6O/roM=
x-served-by: cache-fra19136-FRA
last-modified: Wed, 20 May 2020 21:16:15 GMT
server: AmazonS3
x-timer: S1593457412.493111,VS0,VE0
etag: "7e312620a90879b595db1bff9c42ed57"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1390

GET
H2 200 zscaler-cookie-icon-close.png
www.zscaler.com/cdn-cgi/image/format=auto//themes/custom/zscaler/images/shared/OneTrust/ 162 B
458 B 27ms
26ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto//themes/custom/zscaler/images/shared/OneTrust/zscaler-cookie-icon-close.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad3a070356997e229cf81d5bbcf3760a49b5cbf216dd74abe3254d6b890d99fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_segeXiDpk88TX0W9BehQAvgeBk6FruodM2mvkp8Knlk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:32 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 162
cf-request-id: 03a30fa19c0000061441bf4200000001
last-modified: Fri, 20 Sep 2019 09:57:57 GMT
server: cloudflare
etag: "cfIY7UmQV8D2lEE3vfE0bGMQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.039 v=2020.6.2
accept-ranges: bytes
cf-ray: 5ab1e87c2b590614-FRA
expires: Thu, 09 Jul 2020 03:57:01 GMT

GET
H2 200 zscaler-cookie-icon-asterik.png
www.zscaler.com/cdn-cgi/image/format=auto//themes/custom/zscaler/images/shared/OneTrust/ 226 B
391 B 37ms
36ms Image
image/webp 2606:4700::6813:d53e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto//themes/custom/zscaler/images/shared/OneTrust/zscaler-cookie-icon-asterik.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80428526d24e4ff69d4aa60edc9fcf5efa5af0d835743cadbdc9a06d1b8b4221

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://www.zscaler.com/sites/default/files/css/css_segeXiDpk88TX0W9BehQAvgeBk6FruodM2mvkp8Knlk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 19:03:32 GMT
via: varnish
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
status: 200
vary: cf-int-resize, x-forwarded-proto, Accept-Encoding
content-length: 226
cf-request-id: 03a30fa19c0000061441bf5200000001
last-modified: Fri, 20 Sep 2019 09:57:46 GMT
server: cloudflare
etag: "cfyqkdyVHbk-iP3rTYiRvVXw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; preload
content-type: image/webp
cache-control: public, max-age=1814400
cf-resized: internal=ok/h t=0.016 v=2020.6.2
accept-ranges: bytes
cf-ray: 5ab1e87c2b620614-FRA
expires: Wed, 08 Jul 2020 19:22:11 GMT

GET
H2 200 cookie-collective-black-overlay.png
cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/images/ 84 B
286 B 8ms
7ms Image
image/png 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/images/cookie-collective-black-overlay.png
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_gW6G74jcuDbgqLRgNbdi_lcRNLZXOb9quk6ovQq2AfQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F86) /
Resource Hash: b5b72b34704b3be1098742f3ed587bdd0d89a423a375a3ad3d067eba623047b5

Request headers

Referer: https://cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/css/optanon.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 29 Jun 2020 19:03:32 GMT
content-md5: eOozn7qowjgmAKNqoTzdJA==
age: 11009
x-cache: HIT
status: 200
content-length: 84
x-ms-lease-status: unlocked
last-modified: Thu, 19 Sep 2019 20:27:25 GMT
server: ECAcc (frc/8F86)
etag: 0x8D73D3FC8D6E3F6
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 7573ec58-001e-017b-5f2e-4ef503000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Mon, 29 Jun 2020 23:03:32 GMT

GET
H/1.1 200
OK 2148692b96 Show response
bam.nr-data.net/1/ 57 B
275 B 1122ms
108ms Script
text/javascript 162.247.242.19
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/2148692b96?a=542666155&v=1169.7b094c0&to=Ml1VMkNXDEBTWxZaWAsXdgVFXw1dHXwQRkcEVGsIXlIHb3FXDEdFClRbA0NqLFxWXTRaUhJ7WAhFRA1fXl0QHgkTUVIR&rst=15898&ck=1&ref=https://www.zscaler.com/blogs/research/taurus-new-stealer-town&ap=581&be=982&fe=15649&dc=1255&perf=%7B%22timing%22:%7B%22of%22:1593457396838,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:2,%22c%22:2,%22s%22:7,%22ce%22:24,%22rq%22:24,%22rp%22:969,%22rpe%22:970,%22dl%22:973,%22di%22:1255,%22ds%22:1255,%22de%22:1256,%22dc%22:15648,%22l%22:15649,%22le%22:15677%7D,%22navigation%22:%7B%7D%7D&fp=1201&fcp=1201&at=HhpWRAtNH04%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1169.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.19 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-7.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

POST
H/1.1 200
OK 2148692b96 Show response
bam.nr-data.net/events/1/ 24 B
182 B 107ms
107ms XHR
image/gif 162.247.242.19
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/2148692b96?a=542666155&v=1169.7b094c0&to=Ml1VMkNXDEBTWxZaWAsXdgVFXw1dHXwQRkcEVGsIXlIHb3FXDEdFClRbA0NqLFxWXTRaUhJ7WAhFRA1fXl0QHgkTUVIR&rst=25898&ck=1&ref=https://www.zscaler.com/blogs/research/taurus-new-stealer-town
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.19 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-7.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.zscaler.com/blogs/research/taurus-new-stealer-town
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.zscaler.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.www.zscaler.com/	1970-01-19 19:23:13	Name: OptanonConsent Value: groups=101%3A1%2C1%3A1%2C0_138025%3A1%2C122%3A1%2C2%3A1%2C0_137957%3A1%2C116%3A1%2C0_138118%3A1%2C119%3A1%2C3%3A1%2C0_138119%3A1%2C4%3A1%2C121%3A1%2C0_138125%3A1%2C0_138122%3A1%2C0_192188%3A1%2C0_192175%3A1%2C0_192171%3A1%2C0_138160%3A1%2C0_138127%3A1%2C0_138123%3A1%2C0_192189%3A1%2C0_192172%3A1%2C0_138128%3A1%2C0_192190%3A1%2C0_138129%3A1%2C0_192170%3A1%2C102%3A1%2C103%3A1%2C104%3A1%2C105%3A1%2C106%3A1%2C107%3A1%2C108%3A1%2C109%3A1%2C110%3A1%2C111%3A1%2C112%3A1%2C113%3A1%2C114%3A1%2C115%3A1%2C117%3A1%2C118%3A1%2C120%3A1%2C123%3A1%2C124%3A1%2C125%3A1%2C126%3A1%2C127%3A1%2C128%3A1%2C129%3A1%2C130%3A1&datestamp=Mon+Jun+29+2020+21%3A03%3A32+GMT%2B0200+(Central+European+Summer+Time)&version=4.7.0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	(Line 1) Message: [object Object]
console-api	log	(Line 2) Message: [object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

306-zej-256.mktoresp.com
ads.yahoo.com
apt.techtarget.com
b.6sc.co
bam.nr-data.net
c.6sc.co
cdn.bizible.com
cdn.cookielaw.org
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
dsum-sec.casalemedia.com
eb2.3lift.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
j.6sc.co
js-agent.newrelic.com
munchkin.marketo.net
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
s.adroll.com
s.ytimg.com
secure.adnxs.com
simage2.pubmatic.com
snap.licdn.com
stats.g.doubleclick.net
sync.outbrain.com
t.sf14g.com
tracking.leadlander.com
trc.taboola.com
trk.techtarget.com
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.youtube.com
www.zscaler.com
x.bidswitch.net
151.101.113.44
151.101.14.110
162.247.242.19
163.171.132.119
172.217.22.2
172.217.22.66
18.156.0.31
18.185.81.183
184.51.8.183
184.51.9.98
185.33.221.52
185.64.189.110
192.28.144.124
206.19.49.24
23.10.73.123
2606:2800:233:1cb7:261b:1f9c:2074:3c
2606:4700:10::6814:b844
2606:4700::6813:d53e
2620:1ec:21::14
2a00:1288:f03d:1fa::4000
2a00:1450:4001:801::200a
2a00:1450:4001:801::200e
2a00:1450:4001:802::2003
2a00:1450:4001:802::200e
2a00:1450:4001:808::2003
2a00:1450:4001:819::2002
2a00:1450:4001:821::2004
2a00:1450:4001:824::2008
2a00:1450:4001:825::200e
2a00:1450:400c:c07::9d
2a02:26f0:10c:39e::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
3.85.187.26
34.230.159.139
34.98.64.218
35.156.98.228
35.241.8.149
37.252.172.37
52.16.213.78
52.28.90.202
52.57.146.39
68.232.35.12
69.173.144.138
70.42.32.31
88.221.60.75
02367376ce78bdd48eeca91be377f3026b25bd4331272b756138d51f1e9ffecd
03b742a6efdb17797c84c2b5db25f5cda6a3361fa5e62b98662e321b26f77331
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
07e488fc7ca98a10872edeac01b7baffc4ee033ba9dda67d1de361df52af331b
0900d27f58663d7de03a64c096080d61d42bda5fc98d881ef4fc32d1393fd7f7
0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
114adc80b1d734d6b894f9cdfeaabf16667adec1e4b2045cedce04d3bd2ae362
146fae12313e0da366dfa7c7a7ec99b8d9e8ff141c973ea891c15a0367ec1127
16146fa2c11b6e284946ce2580d9711c6d807c38de6d6e6f1d5ecf562657c518
162236f2de4433fe221779d91323b30abb7a447278f7954dcd28c279167c2a2c
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
25172c7c6eff519a281b45a8e97d2d3e86944ddf7185be231ce4e3a0af53dde5
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2764d9ef129a43e64912fc50e590cd6a62c7f9d3f9f2a472953b8f7b2cb2482b
29500e7d31e0f972b0820d71da8ab928cb645d8f3f41b5c02363072427d097cb
295038d9be60b787fa2b806dc84ffead21d047177e81234e9106b9246ce1cff4
2ae84b4d583a8fe2bf9e656da3fba1ae4200dbd62a291cf656ebfc3c59d406b8
2bda7161895bb3e5ca5b7105762af758ea80d9d46da9c8f681d12defabc52f5e
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
341e3fccc790c3883ca51c8dced99d5858e8dd4036c4eeb5ff4286eb323d7c2f
391f4dc402b6ecb016765b0eae6e508d409b577b79e87dd1dbade260d4495581
3be0a916496d7936bb83ce60a4de9f10ef400f16c38e7dd7c65449c795e7739b
3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671
3e73c84f5a195f04185329cd68e96f1ec8ac7c54a1746ad22979b8d2fb79b516
3ebe5f3828c912e78aa7a84ded542df0601f54e389f0a06d710720fcdbd86010
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
429760f352eff0a9b97d49c7b8f9f9dc427e9286828542e5df771ba2c1517575
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e565f1d8d81e94cdd1ee567c3d757932dc7062e1fe64580ed81addaf51681bf
52aa5dbb3f95bf8f18a161bff6881281d39f4af7b81557feac25d613142f46ee
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5538a328926c9517ffb8670fccce94f6137d58c21ff4b10ecd772abfa16a012b
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5f967fd41346c0fc1b9b44fa69c52bf1e754420c59c8017cefb0a14a764cafa4
624f7281842583cd5d40b69aac4d18c071a99a436ab1670ce61ab6c8a98ec850
62b7609d4f9633d2aa88e3994d158dcc3f38e1881146657deeda494d7353243d
649757e1f55aa89f8bdd95c16c31b32548ac2df6e0e0077669fa2c3339c8ae8e
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6b3fe823a87a7decff361fd48c9f9a526b5f01c24510c9174714d5efaf710f7f
6c49d44b0fd8a2b341a963eb387b0abee4c8cdceefe955d7c78e5741e5c638f0
6d7477548d212c307b2637c64c2e504e65f5ca9d3b77a8ac3616afff75a8b96e
6ff42cc531ad6d9648b1f817b73bda75a61fb19294a16a265f630181746b425a
7221be22d59bd95b5c1e47590a48d06d367a965213a39ca929241e4a6f9ee7ee
73d764e56e8727bfd3de86dbe1c52f5105b4d6d0c41dbf91565e719e7cd74aed
741134e172c642986b52b8450e9708794a32d405b5347c63d45e32f2ba41ae36
76139437c69a084824015c2216b28492669658bb6e16dd530bfe987c4040896c
80428526d24e4ff69d4aa60edc9fcf5efa5af0d835743cadbdc9a06d1b8b4221
816e86ef88dcb836e0a8b46035b762fe571134b65739bf6aba4ea8bd0ab601f4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8c1d454d26ee1ed9a6939e0888c98fbaf5fa68c604cdc8eb90bcb2a1714d14f7
8fb8d1294f5ea610d42c69655504b0701879e21a3fe9d1545ecef6898bde2062
902a0d329b0338e03d857c538abf710b41f8d050b2276e3a019131d4f8ab1aa3
924e959ec4f38477f58d35820c23918df3489178713002152afc9978ae28b15b
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9889de61b49684c87111bcc4c726a73c3e6d799ca8eefa7f3dc109d533e92470
9ddc524de287d27c0523c2b229f166e6c6f0e5d67f1ef37b71521ddb0de1fa52
a637d3ff767789f9b113bbfa208bdb6a76efed7c4c111da2a130f6a38a51d353
ac68bb7dc5704e99d44c73c67f609a3c8fb6105fae418687b80ec13d9b370114
ac87ad7a2bef0649ec3f84eebacf1e02bd48647caa281c1da27cc26263abc75b
ad3a070356997e229cf81d5bbcf3760a49b5cbf216dd74abe3254d6b890d99fa
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1e81e5e20e993cf135f45bd05e85002f81e064e85aeea1d3369af929f0a9e59
b2c9e310149ab4ef8170208668e1dd61682c0f8cb1b5347bcd4084c9df44eb15
b518eb58505b9843b13a5e1f1c9dc3f084b7cfc62f2d4c8e7ea6d4adb494a221
b5b72b34704b3be1098742f3ed587bdd0d89a423a375a3ad3d067eba623047b5
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb5071ed2b20e024e5588268ecb0a4866a0562afe9865098e0309dea127cdb2c
bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23
c2a87a17d6f31133d7ac377f3608b91101b1a83dec5f1d001467f61443ddde2e
c8abaf8f630ae4af089de7c1b5d7d8f54cec867b3ecf76256db2f5a9fffe7c0c
cd3d3c03756f91e7a38de6cedecdd868c2fd3999635cbf008ba22409d63349e8
cddee6bb37cab7b576ddf080fd6ba00fa8420d0afc0531f413633175e9e5f9c8
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
d54010c710f135b92fe1baf926a59d8e06e7548fa4d7d504a17c66ff7207fa6e
d630df8a89d2ec3c590c3b036b610c60fda3df53b3a4c81f3a9e5c94a0de5929
da15f68a7a989412d972b23b7a37f1875836a2dbd3e504eb847bf1dfeb1fbeea
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
df4c29a54b10b8bb812afee1a551c012c94a19e661563d7358f7fa3f22697d9f
e0643edc65736054badb2f995db9bd0baf33013a4abbee6c008c4346d2557c5f
e1e09aad7716ffaa184b9b945a599df7ced0d8a6f542160da654595050285eb7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e54b9f57a851dc06f2262ca622bdecf4eed7396783e8e474a2290147d975f60b
e6c93ca77ae18a172058a361c3269bbdc8c21153855c731550db0b4306d0c43d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f343086e598577a8f9aba8a2b86ea9a4322edc6b39ac2fdb058de6b3fa6b8990
f51bcb0e76821a10e9879e73f7a38cdd5e33f85b269eaefb5aca48b9ad58d251
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f98c199ee5429659f65ef761ca159ce14a8058c8ce7e16d64522fbe43bad4333
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

www.zscaler.com Open in urlscan Pro 2606:4700::6813:d53e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

113 Requests

100 %HTTPS

40 %IPv6

41 Domains

50 Subdomains

42 IPs

7 Countries

2251 kBTransfer

4885 kBSize

1 Cookies

31 Outgoing links

Redirected requests

113 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.zscaler.com Open in urlscan Pro
2606:4700::6813:d53e Public Scan

Screenshot
Live screenshot

Full Image

113
Requests

100 %
HTTPS

40 %
IPv6

41
Domains

50
Subdomains

42
IPs

7
Countries

2251 kB
Transfer

4885 kB
Size

1
Cookies

113 HTTP transactions
0 data transactions