www.zscaler.com Open in urlscan Pro
2606:4700::6812:1d4a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Submission: On July 09 via api (July 9th 2024, 12:17:32 pm UTC) from SK — Scanned from DE

Summary HTTP 173 Redirects Links 33 Behaviour Indicators

Summary

This website contacted 45 IPs in 5 countries across 30 domains to perform 173 HTTP transactions. The main IP is 2606:4700::6812:1d4a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com. The Cisco Umbrella rank of the primary domain is 70404.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 28th 2024. Valid for: a year.

This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
53	2606:4700::68... 2606:4700::6812:1d4a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:209... 2600:9000:2090:4a00:c:d449:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	151.101.66.132 151.101.66.132	54113 (FASTLY) (FASTLY)
9	2606:4700::68... 2606:4700::6813:b134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2600:1f18:e8a... 2600:1f18:e8a:cd04:9b88:a313:d24d:af44	14618 (AMAZON-AES) (AMAZON-AES)
1	34.248.150.175 34.248.150.175	16509 (AMAZON-02) (AMAZON-02)
2	52.50.202.118 52.50.202.118	16509 (AMAZON-02) (AMAZON-02)
7	104.17.70.206 104.17.70.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	44.238.160.115 44.238.160.115	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
6	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	88.221.60.75 88.221.60.75	16625 (AKAMAI-AS) (AKAMAI-AS)
11	2.17.100.193 2.17.100.193	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	2600:9000:264... 2600:9000:2644:8200:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.244.142.80 35.244.142.80	15169 (GOOGLE) (GOOGLE)
1	18.172.103.101 18.172.103.101	16509 (AMAZON-02) (AMAZON-02)
1	44.209.137.118 44.209.137.118	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:275... 2600:9000:275d:3200:16:a497:9700:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1	142.250.185.99 142.250.185.99	15169 (GOOGLE) (GOOGLE)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
1	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
1	2a05:d018:cc3... 2a05:d018:cc3:fe05:ea3:4257:5c6d:709c	16509 (AMAZON-02) (AMAZON-02)
1	185.89.210.90 185.89.210.90	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:ab0... 2a02:26f0:ab00::214:8e41	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	13.248.142.121 13.248.142.121	16509 (AMAZON-02) (AMAZON-02)
1	54.246.153.93 54.246.153.93	16509 (AMAZON-02) (AMAZON-02)
1	13.35.58.128 13.35.58.128	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.45 18.66.122.45	16509 (AMAZON-02) (AMAZON-02)
1	54.156.2.105 54.156.2.105	14618 (AMAZON-AES) (AMAZON-AES)
5	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.42.124.195 52.42.124.195	16509 (AMAZON-02) (AMAZON-02)
1	35.81.162.201 35.81.162.201	16509 (AMAZON-02) (AMAZON-02)
173	45

53 2606:4700::6812:1d4a (United States)

ASN13335 (CLOUDFLARENET, US)

www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2090:4a00:c:d449:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

ob.iseaskies.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.132 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.intellimize.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.iseaskies.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.150.175 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-150-175.eu-west-1.compute.amazonaws.com

117186981.intellimizeio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.202.118 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-202-118.eu-west-1.compute.amazonaws.com

api.intellimize.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.17.70.206 (None, )

ASN13335 (CLOUDFLARENET, US)

info.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.238.160.115 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-238-160-115.us-west-2.compute.amazonaws.com

log.intellimize.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.221.60.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-75.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2644:8200:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.103.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-103-101.fra60.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.209.137.118 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-209-137-118.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:275d:3200:16:a497:9700:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.rudderlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.166 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

8541430.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe05:ea3:4257:5c6d:709c (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.90 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00::214:8e41 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.153.93 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-153-93.eu-west-1.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.58.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-128.fra60.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-45.fra60.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.2.105 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-2-105.compute-1.amazonaws.com

54.156.2.105	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.42.124.195 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-124-195.us-west-2.compute.amazonaws.com

px.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.81.162.201 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-162-201.us-west-2.compute.amazonaws.com

gs.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	zscaler.com www.zscaler.com — Cisco Umbrella Rank: 70404 info.zscaler.com	870 KB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 13026 c.6sc.co — Cisco Umbrella Rank: 16914 ipv6.6sc.co — Cisco Umbrella Rank: 13532 b.6sc.co — Cisco Umbrella Rank: 7572	22 KB
9	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 4474 tracking.crazyegg.com — Cisco Umbrella Rank: 7990 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 9637 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 9249	87 KB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 545	183 KB
8	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3576
8	iseaskies.com ob.iseaskies.com obs.iseaskies.com	40 KB
7	intellimize.co cdn.intellimize.co — Cisco Umbrella Rank: 106620 api.intellimize.co — Cisco Umbrella Rank: 85674 log.intellimize.co — Cisco Umbrella Rank: 74771	97 KB
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 36085 ws.zoominfo.com — Cisco Umbrella Rank: 11223	30 KB
5	bing.com bat.bing.com — Cisco Umbrella Rank: 530	31 KB
5	adroll.com 1 redirects s.adroll.com — Cisco Umbrella Rank: 5082 d.adroll.com — Cisco Umbrella Rank: 2630	30 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 671 px4.ads.linkedin.com — Cisco Umbrella Rank: 7218	3 KB
4	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 208 8541430.fls.doubleclick.net ad.doubleclick.net — Cisco Umbrella Rank: 215	1 KB
4	mountain.com dx.mountain.com — Cisco Umbrella Rank: 8843 px.mountain.com — Cisco Umbrella Rank: 9022 gs.mountain.com — Cisco Umbrella Rank: 15388	11 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 110	396 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 16379	4 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 72191 ibc-flow.techtarget.com — Cisco Umbrella Rank: 66358	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 19986	708 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	4 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 232	74 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 774	701 B
1	google.de www.google.de — Cisco Umbrella Rank: 6500	63 B
1	rudderlabs.com cdn.rudderlabs.com — Cisco Umbrella Rank: 14779	38 KB
1	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 2564 insight.adsrvr.org Failed	5 KB
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 5307	22 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1900	14 KB
1	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 8630	1 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1007	304 B
1	intellimizeio.com 117186981.intellimizeio.com
0	acsbapp.com Failed acsbapp.com Failed
0	rudderstack.com Failed api.rudderstack.com Failed
173	30

	Domain	Requested by
53	www.zscaler.com	www.zscaler.com js.zi-scripts.com
9	cdn.cookielaw.org	www.zscaler.com cdn.cookielaw.org
8	b.6sc.co
8	region1.analytics.google.com	www.googletagmanager.com
7	info.zscaler.com	www.zscaler.com info.zscaler.com
7	obs.iseaskies.com	ob.iseaskies.com www.zscaler.com
6	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
5	bat.bing.com	www.googletagmanager.com bat.bing.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	s.adroll.com	1 redirects www.googletagmanager.com s.adroll.com
4	www.googletagmanager.com	www.zscaler.com www.googletagmanager.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	js.zi-scripts.com	www.zscaler.com js.zi-scripts.com
3	log.intellimize.co	cdn.intellimize.co
2	px.mountain.com	dx.mountain.com px.mountain.com
2	epsilon.6sense.com	j.6sc.co
2	www.facebook.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	8541430.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	connect.facebook.net	www.zscaler.com connect.facebook.net
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	api.intellimize.co	cdn.intellimize.co
2	cdn.intellimize.co	www.zscaler.com
1	gs.mountain.com	px.mountain.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	tracking.crazyegg.com	script.crazyegg.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	d.adroll.com	s.adroll.com
1	ad.doubleclick.net
1	px4.ads.linkedin.com
1	www.google.de
1	stats.g.doubleclick.net	www.googletagmanager.com
1	cdn.rudderlabs.com	www.zscaler.com
1	dx.mountain.com	www.zscaler.com
1	js.adsrvr.org	www.googletagmanager.com
1	cdn.pdst.fm	www.zscaler.com
1	trk.techtarget.com	www.zscaler.com
1	snap.licdn.com	www.googletagmanager.com
1	munchkin.marketo.net	www.zscaler.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	117186981.intellimizeio.com	cdn.intellimize.co
1	ob.iseaskies.com	www.zscaler.com
0	acsbapp.com Failed	www.zscaler.com
0	insight.adsrvr.org Failed	js.adsrvr.org
0	api.rudderstack.com Failed	cdn.rudderlabs.com
173	49

This site contains links to these domains. Also see Links.

Domain
help.zscaler.com
admin.zscaler.net
admin.zscalerone.net
admin.zscalertwo.net
admin.zscalerthree.net
admin.zscalerbeta.net
admin.zscloud.net
admin.private.zscaler.com
securitypreview.zscaler.com
customer.zscaler.com
community.zscaler.com
ir.zscaler.com
www.facebook.com
twitter.com
www.linkedin.com
attack.mitre.org
www.gapotchenko.com
learn.microsoft.com
www.trendmicro.com
research.checkpoint.com
blogs.blackberry.com
threatlibrary.zscaler.com
facebook.com
linkedin.com
youtube.com

Subject Issuer	Validity	Valid
www.zscaler.com DigiCert SHA2 Extended Validation Server CA	`2024-02-28` - `2025-02-23`	a year	crt.sh
*.iseaskies.com Amazon RSA 2048 M02	`2024-06-18` - `2025-07-18`	a year	crt.sh
cdn.intellimize.co R3	`2024-05-14` - `2024-08-12`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.intellimizeio.com Amazon RSA 2048 M03	`2023-10-25` - `2024-11-22`	a year	crt.sh
api.intellimize.co Amazon RSA 2048 M02	`2023-10-25` - `2024-11-22`	a year	crt.sh
info.zscaler.com Cloudflare Inc ECC CA-3	`2023-10-08` - `2024-10-07`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
log.intellimize.co Amazon RSA 2048 M03	`2023-10-24` - `2024-11-21`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
script.crazyegg.com E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
s.adroll.com Amazon RSA 2048 M02	`2024-05-03` - `2025-06-01`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-04-17` - `2024-07-16`	3 months	crt.sh
trk.techtarget.com GTS CA 1P5	`2024-05-24` - `2024-08-22`	3 months	crt.sh
zi-scripts.com GTS CA 1P5	`2024-05-27` - `2024-08-25`	3 months	crt.sh
cdn.pdst.fm WR3	`2024-05-17` - `2024-08-15`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2024-05-23` - `2025-06-24`	a year	crt.sh
*.rudderlabs.com Amazon RSA 2048 M03	`2024-05-14` - `2025-06-12`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google.de WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
*.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2023-10-09` - `2024-11-07`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
ibc-flow.techtarget.com WR3	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
crazyegg.com Amazon RSA 2048 M03	`2024-05-24` - `2025-06-23`	a year	crt.sh
54.156.2.105 Sectigo RSA Domain Validation Secure Server CA	`2024-01-25` - `2025-02-14`	a year	crt.sh
zoominfo.com E5	`2024-06-17` - `2024-09-15`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Frame ID: 12F8394269046D404664C04BF9D15ADA
Requests: 163 HTTP requests in this frame

Frame: https://117186981.intellimizeio.com/storage.html
Frame ID: 024AB591F22CC7D961011E2BC82A1FF1
Requests: 1 HTTP requests in this frame

Frame: https://info.zscaler.com/index.php/form/XDFrame
Frame ID: A65C2A897D064C8652AA6411D7A1F2D9
Requests: 2 HTTP requests in this frame

Frame: https://8541430.fls.doubleclick.net/activityi;dc_pre=CNyd-Zr4mYcDFe8W-QAdAGUJFQ;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech;ps=1;pcor=1702909533;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Frame ID: 670B19F410B67FED2BBB42325B47150E
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&upid=27hmsyx&upv=1.1.0
Frame ID: F394FCDA862BB8A8EB392FEE469D4C42
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

173
Requests

93 %
HTTPS

43 %
IPv6

30
Domains

49
Subdomains

45
IPs

5
Countries

1964 kB
Transfer

7189 kB
Size

43
Cookies

33 Outgoing links

These are links going to different origins than the main page.

URL: https://help.zscaler.com/phone-support
Title: Support

Search URL Search Domain Scan URL

URL: https://admin.zscaler.net/
Title: Zscaler Cloud Portal | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalerone.net/
Title: Zscaler Cloud Portal One | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalertwo.net/
Title: Zscaler Cloud Portal Two | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalerthree.net/
Title: Zscaler Cloud Portal Three | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalerbeta.net/
Title: Zscaler Cloud Portal Beta | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscloud.net/
Title: admin.zscloud.net

Search URL Search Domain Scan URL

URL: https://admin.private.zscaler.com/
Title: Zscaler Private Access Sign-In

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/client-connector/downloading-zscaler-client-connector
Title: Download Zscaler Client Connector

Search URL Search Domain Scan URL

URL: http://securitypreview.zscaler.com/
Title: Security Preview

Search URL Search Domain Scan URL

URL: https://customer.zscaler.com/
Title: Customer Success Center

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/
Title: Zenith Community

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/
Title: Zscaler Help Portal

Search URL Search Domain Scan URL

URL: https://ir.zscaler.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://tinyurl.com/2aaqb7ph

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://tinyurl.com/2aaqb7ph%20%E2%80%94%20JanelaRAT%3A%20Repurposed%20BX%20RAT%20Variant%20Targeting%20LATAM%20FinTech%22

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://tinyurl.com/2aaqb7ph

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1547/001/
Title: RunKey

Search URL Search Domain Scan URL

URL: https://www.gapotchenko.com/eazfuscator.net
Title: Eazobfuscator

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-getlastinputinfo
Title: GetLastInputInfo

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/winuser/ns-winuser-lastinputinfo
Title: LASTINPUTINFO

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-sendmessage
Title: SendMessage

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-showwindow
Title: ShowWindow

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html
Title: TrendMicro

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/
Title: Check Point Research

Search URL Search Domain Scan URL

URL: https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia
Title: BlackBerry's blog

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?keyword=VBScript.Downloader.JanelaRAT
Title: VBScript.Downloader.JanelaRAT

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?keyword=Win32.RAT.JanelaRAT
Title: Win32.RAT.JanelaRAT

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/?keyword=Win64.RAT.JanelaRAT
Title: Win64.RAT.JanelaRAT

Search URL Search Domain Scan URL

URL: https://facebook.com/zscaler
Title: Visit us on Facebook

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/zscaler
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/zscaler
Title: Follow us on Twitter

Search URL Search Domain Scan URL

URL: https://youtube.com/user/ZscalerMarketing
Title: Subscribe our Youtube Channel

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 100

https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 114

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720527447775&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720527447775&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&e_ipv6=AQJkDzq09fwv7AAAAZCXbWdfLCd4C-H-Ff1QAJSoF9VlEktM3MiF46CDH1Uv0FGXUoErehE3

Request Chain 115

https://8541430.fls.doubleclick.net/activityi;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech;ps=1;pcor=1702909533;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech HTTP 302
https://8541430.fls.doubleclick.net/activityi;dc_pre=CNyd-Zr4mYcDFe8W-QAdAGUJFQ;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech;ps=1;pcor=1702909533;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech

173 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request janelarat-repurposed-bx-rat-variant-targeting-latam-fintech Show response
www.zscaler.com/blogs/security-research/ 457 KB
86 KB 662ms
559ms Document
text/html 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

b90a5cc2cfa337fc639223ceac088e87a637115294d20d73ce0cc324dd8b7fa9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com .mountain.com https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age: 1211
cache-control: public,max-age=0,must-revalidate
cache-status: "Next.js"; hit; fwd=stale, "Netlify Durable"; fwd=miss, "Netlify Edge"; fwd=stale
cf-cache-status: DYNAMIC
cf-ray: 8a084036db27bf65-WAW
content-encoding: br
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/;
content-type: text/html; charset=utf-8
date: Tue, 09 Jul 2024 12:17:26 GMT
netlify-vary: header=x-nextjs-data|x-next-debug-logging|Accept-Encoding,cookie=__prerender_bypass|__next_preview_data
server: cloudflare
strict-transport-security: max-age=31536000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN https://cms.zscaler.com
x-nextjs-date: Tue, 09 Jul 2024 12:17:26 GMT
x-nf-request-id: 01J2BPTQN2Y5Q61YEBFE3K2PTJ
x-powered-by: Next.js
x-xss-protection: 1; mode=block

GET
H2 200 1395e54b70b06b444656a2f40c135374.js Show response
ob.iseaskies.com/i/ 103 KB
38 KB 117ms
35ms Script
text/javascript 2600:9000:2090:4a00:c:d449:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2090:4a00:c:d449:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: d06d5e37644f6addafd8e549dbd74a48bf443b4b06b75172009bc56cd38c42f8

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 07:43:21 GMT
content-encoding: gzip
via: 1.1 80870c148d8c8f3b510fdacf10500460.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: AMS58-P1
age: 16721
etag: "19b6a-lQjTGzpNIpjLyi1dMtcyZJOfQoo"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 38468
x-amz-cf-id: n_mqqCSqGT2zJMjyL3IY5oBeHN7B_Pr7MitdhBp1Zf2UMvAfCgYcSg==
expires: Tue, 09 Jul 2024 19:38:44 GMT

GET
H2 200 117186981.js Show response
cdn.intellimize.co/snippet/ 386 KB
95 KB 215ms
136ms Script
application/javascript 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.intellimize.co/snippet/117186981.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c0dd6d0a7a8e09aaebac019af09fcd53af3147d55913c47530e7b28d773075ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-served-by: cache-fra-eddf8230084-FRA
date: Tue, 09 Jul 2024 12:17:26 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 0
x-timer: S1720527446.220630,VS0,VE107
etag: "0499a1d493320263833e0c863e1233710--gzip"
vary: Intellimize-Namespace, Intellimize-StatusModule, Accept-Encoding
x-cache: HIT
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, must-revalidate
accept-ranges: bytes
content-length: 96776
x-cache-hits: 0

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 170 KB
27 KB 136ms
55ms Script
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/OtAutoBlock.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e7e36f3f88692d69244aa905916aabc0e00bcc987bbc4cef85324e8c3733266

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jul 2024 12:17:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 85204
content-md5: xD1AeAP0mkjc7DsdK25Fqg==
content-length: 27724
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 09:57:51 GMT
server: cloudflare
etag: 0x8DC95C670FC37F2
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 91e37ac3-e01e-0042-16af-c7b89e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a08403b2dd43558-WAW
expires: Wed, 10 Jul 2024 12:17:26 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 127ms
47ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jul 2024 12:17:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XOljGHrVMK6J8mT+Nl48OQ==
age: 4320
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Mon, 08 Jul 2024 18:08:04 GMT
server: cloudflare
etag: 0x8DC9F78E9C772EC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 0e56ad44-901e-002b-497e-d1e732000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a08403b2dd63558-WAW

GET
H2 200 image
www.zscaler.com/_next/ 3 KB
4 KB 185ms
183ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Ffeatured%2Fblack_square_desktop_9.jpeg&w=3840&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98926f6a05762a8c79f70f820734ace36564c10c9e2f992275589d8163369b54

Security Headers

Name	Value
Content-Security-Policy	,
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR84Y6QT7XZGN5N7V6WJ
date: Tue, 09 Jul 2024 12:17:26 GMT
content-security-policy: ,
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 12416
cross-origin-resource-policy: cross-origin
content-length: 3577
last-modified: Tue, 09 Jul 2024 08:50:30 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=miss
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a08403abfd1bf65-WAW

GET
H2 200 219e54771de95554-s.p.woff2
www.zscaler.com/_next/static/media/ 37 KB
37 KB 142ms
140ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/219e54771de95554-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6NWYFQA781DAEDD9D8
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: "babaa13f5c4ebc035bab259b01678acd-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8a08403a6f75bf65-WAW
content-length: 37876

GET
H2 200 86085b213eb89904-s.p.woff2
www.zscaler.com/_next/static/media/ 39 KB
39 KB 145ms
144ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/86085b213eb89904-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6RAYQ1FYHZFXG6N0VZ
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: "894b88dea44b3eea86047b5a14f70bd6-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8a08403a6f78bf65-WAW
content-length: 40264

GET
H2 200 9cdafb0650413334-s.p.woff2
www.zscaler.com/_next/static/media/ 39 KB
40 KB 149ms
148ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/9cdafb0650413334-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6Y651ZH4BBNYY323WX
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 14828
cache-status: "Netlify Edge"; hit
etag: "df72b7565a3dbb7f09aca50548800425-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8a08403a6f7bbf65-WAW
content-length: 40336

GET
H2 200 4012cc4b67ad157d-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
10 KB 143ms
142ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/4012cc4b67ad157d-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6N99EG92EGMC4V37MZ
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 14828
cache-status: "Netlify Edge"; hit
etag: "c6972ec112502e69799d66e6952e00da-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8a08403a6f7dbf65-WAW
content-length: 9592

GET
H2 200 41998fdc1b8220a0-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
10 KB 146ms
145ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/41998fdc1b8220a0-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6NGEA1ZSHCDXEW9NNN
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: "9bd07d3df76f4f2bde51ff4f6856a884-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8a08403a6f7fbf65-WAW
content-length: 9620

GET
H2 200 edb9f1eb1c1a7ead-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
9 KB 166ms
165ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/edb9f1eb1c1a7ead-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR7F1SH6QG68HV3WJMB5
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 12468
cache-status: "Netlify Edge"; hit
etag: "05b344f4b2133542bb04a3fa3940eb19-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8a08403a9faabf65-WAW
content-length: 8780

GET
H2 200 ce9b84dce7581e2b-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
9 KB 181ms
180ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/ce9b84dce7581e2b-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Origin: https://www.zscaler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR7R4G9W7R27GD4Z3VGP
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
age: 12477
cache-status: "Netlify Edge"; hit
etag: "6f9138b6bf5773aec5477a54d805b48a-ssl"
content-type: font/woff2
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
cf-ray: 8a08403a9facbf65-WAW
content-length: 8764

GET
H2 200 d5e9b57557ce294f.css
www.zscaler.com/_next/static/css/ 102 KB
21 KB 139ms
139ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d5e9b57557ce294f.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

101b9bde526650e874429f01df4b9a53660d9c328a072bef8a31607d27f35d0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6MPEXAPTPXX11KEFFX
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"09779461a6297a2f63f2dce383e68f99-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403a6f6dbf65-WAW

GET
H2 200 b0bb3f2a3b7edfcf.css
www.zscaler.com/_next/static/css/ 93 KB
10 KB 147ms
146ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/b0bb3f2a3b7edfcf.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b313dd302550e78e611dd129c0fc501e5544450488c199b44eb20107f69eba3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6G79G5SAFQG351Q6F9
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 13043
cache-status: "Netlify Edge"; hit
etag: W/"e42921e5c093e8e5a448834c416651ca-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403a6f6ebf65-WAW

GET
H2 200 d5d8f2847c08eecd.css
www.zscaler.com/_next/static/css/ 76 KB
10 KB 138ms
137ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d5d8f2847c08eecd.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

464a2a89ca6b0b827fd9598bf6d2dccf5f072cacf0b0f0423f7d30f0e97ce135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6JSMEVN4Q77966WT68
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 12617
cache-status: "Netlify Edge"; hit
etag: W/"a195c39c18bdcd9ea82cf23ccd282a73-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403a6f71bf65-WAW

GET
H2 200 60ab7ffa9f7999ec.css
www.zscaler.com/_next/static/css/ 849 B
386 B 139ms
138ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/60ab7ffa9f7999ec.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6JKXPAZ062GQ6JWHTB
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"5c59d05d39e571427d40dd8d09b3cdb1-ssl"
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403a6f72bf65-WAW

GET
H2 200 54b114f76a2643a4.css
www.zscaler.com/_next/static/css/ 14 KB
2 KB 142ms
141ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/54b114f76a2643a4.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6MKR41KZ131DKBFPF5
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 12942
cache-status: "Netlify Edge"; hit
etag: W/"b3b28bba19cd8cc9e623e240c2173191-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403a6f74bf65-WAW

GET
H2 200 f5464589614907bb.css
www.zscaler.com/_next/static/css/ 6 KB
1 KB 139ms
139ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/f5464589614907bb.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87565af07d1cabde211838c4025996136c7bb2db2507c920c0e36eb92924611a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR7X6ACDZGEWVV565JPY
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"18314490c5b1ab3d98a7816fd0e87e72-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403aafc6bf65-WAW

GET
H2 200 455227249223c84c.css
www.zscaler.com/_next/static/css/ 7 KB
1 KB 145ms
144ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/455227249223c84c.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR84E7GQB9R92V5PENWY
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 12942
cache-status: "Netlify Edge"; hit
etag: W/"5e804ffd42b47c9b8cd3dd20a421e789-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403aafc7bf65-WAW

GET
H2 200 b6d3c529ebda7335.css
www.zscaler.com/_next/static/css/ 18 KB
3 KB 138ms
138ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/b6d3c529ebda7335.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cfc7e7ef1b5a3b8ca8dc185554f0a13e93b88e1ea66e131cb8d8a922039aca7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR7YZV64SGWYCW33TQ9D
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"81a94e2ddda02a299099b2c339671b41-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403aafc8bf65-WAW

GET
H2 200 d34fc117d4462dbb.css
www.zscaler.com/_next/static/css/ 7 KB
1 KB 141ms
141ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d34fc117d4462dbb.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR82DNMJCTJDHCCC1BX7
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 12942
cache-status: "Netlify Edge"; hit
etag: W/"2a8acaa7178d13abe2617ddf64fd1a8d-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403aafccbf65-WAW

GET
H2 200 798dc177ab589f81.css
www.zscaler.com/_next/static/css/ 93 KB
12 KB 141ms
140ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/798dc177ab589f81.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bf28e4da5a9c77541d5933b5b6f4e5255009f8d860bc696428fd16b34c791b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR830MZ331ZJPRH4HD4P
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14828
cache-status: "Netlify Edge"; hit
etag: W/"1db1c4a1d78854024495807fe8c65cdc-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403aafcdbf65-WAW

GET
H2 200 7566.d1be4a11c0638f59.js Show response
www.zscaler.com/_next/static/chunks/ 10 KB
4 KB 147ms
144ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/7566.d1be4a11c0638f59.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af26d202b6d2736172ff073329e6f14d009024925757d31c4b4bde701bcde4e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR85BX3G73CVX3WGW92A
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14817
cache-status: "Netlify Edge"; hit
etag: W/"40e13db5fda0d9eebd6071a9cb3cc974-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfd2bf65-WAW

GET
H2 200 6738.730a2c798cb6864c.js Show response
www.zscaler.com/_next/static/chunks/ 12 KB
4 KB 151ms
149ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6738.730a2c798cb6864c.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

974c75cae56258569c9e08ba3e7c89556dfa21cb979b1106d91171d20c42d82b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8B7K5HAA5PHV719JF0
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"28a804022535c867a74150c42c38caa7-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfd6bf65-WAW

GET
H2 200 537.8ad21235b8edef2f.js Show response
www.zscaler.com/_next/static/chunks/ 604 B
430 B 147ms
145ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/537.8ad21235b8edef2f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR894NCMARMZXER92ZK4
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"d9f5c31ba3339a24433c535485fd1646-ssl"
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfd8bf65-WAW

GET
H2 200 8338.3539dfc7fa5c0856.js Show response
www.zscaler.com/_next/static/chunks/ 112 KB
36 KB 155ms
153ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/8338.3539dfc7fa5c0856.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82597ca5e9f0b28679550d3daf2838062560cb46eae1c623b8ed40704ae82dc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR87EXKHFYX0HB6KJ77P
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 12942
cache-status: "Netlify Edge"; hit
etag: W/"c9fdf90c0e8e740d5985bf02b6b033d1-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfdbbf65-WAW

GET
H2 200 4194.070e0240ce0515d3.js Show response
www.zscaler.com/_next/static/chunks/ 3 KB
1 KB 144ms
142ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/4194.070e0240ce0515d3.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2d13675b5f834ac007b37d59e7dc7b216dce2beefc3111ecfb91b321987685b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR88W5PK0BTBTZHRBNK7
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 12942
cache-status: "Netlify Edge"; hit
etag: W/"cab4aa8f11b883ed204fc3635d9b7ded-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfdcbf65-WAW

GET
H2 200 9775.4e644e67504dd055.js Show response
www.zscaler.com/_next/static/chunks/ 3 KB
1 KB 85ms
83ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/9775.4e644e67504dd055.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

538fcc9b374b95f2ffa196d787ca885a3509d02ff1f4adbbb05089a9c83ba72f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR6C1VX0TB4YEMYAZE2P
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"1caedf0572f93a14d23c7c465901329f-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfdebf65-WAW

GET
H2 200 1306.30fcfd274fc12aa4.js Show response
www.zscaler.com/_next/static/chunks/ 9 KB
3 KB 142ms
140ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/1306.30fcfd274fc12aa4.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b05f7b79179d50668be76cd6b4ba41ddb162deb9e674ade630e9942b4e7c335

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR85ZX38HFZ9P8D82G9E
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14712
cache-status: "Netlify Edge"; hit
etag: W/"d7d191f8aca8571f70f012a18d173ce2-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfe0bf65-WAW

GET
H2 200 2284.69c038dad74418e7.js Show response
www.zscaler.com/_next/static/chunks/ 3 KB
2 KB 147ms
145ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/2284.69c038dad74418e7.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

910c87a7713a41f3e459123f902e195eee2fb9eee25a9aa58566ea73c1914eb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR89MKGGH8EZSTHP5ZQC
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15503
cache-status: "Netlify Edge"; hit
etag: W/"641bb9be7c6555ddb1e9d3041a67bc79-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfe1bf65-WAW

GET
H2 200 893.dd6f1c903a6e7573.js Show response
www.zscaler.com/_next/static/chunks/ 43 KB
14 KB 150ms
148ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/893.dd6f1c903a6e7573.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e89b63ab295246ae2aeb6c6084e9ff457edb842c2e7a4cc378e0fef45589d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8B394Y8XM6TWEB9W4W
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15503
cache-status: "Netlify Edge"; hit
etag: W/"6e3ff926a8bce305b16afadecabae622-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfe3bf65-WAW

GET
H2 200 webpack-a31bc9bc40d53130.js Show response
www.zscaler.com/_next/static/chunks/ 11 KB
6 KB 149ms
147ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/webpack-a31bc9bc40d53130.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f410871d8e23e4983d42551f8d24d2a3801af66f144e50ed9c9968a8898fdb53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8BX008X5C3JS3R8JQ2
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15503
cache-status: "Netlify Edge"; hit
etag: W/"51dd4bb0b217bb2bece9c17aa4e381bd-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfe4bf65-WAW

GET
H2 200 framework-0e8d27528ba61906.js Show response
www.zscaler.com/_next/static/chunks/ 138 KB
45 KB 149ms
147ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/framework-0e8d27528ba61906.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd06da99f01b4d5e3fc4c54e4e3cf4ae18803c08bc113e4cb923638d6e683278

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR88RGZA6NXREZBRJXPM
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 13043
cache-status: "Netlify Edge"; hit
etag: W/"6a439261d41a2394a03e0a4354d7bfdd-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfe6bf65-WAW

GET
H2 200 main-7c8d262537cac334.js Show response
www.zscaler.com/_next/static/chunks/ 111 KB
33 KB 152ms
151ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c52c74d5f72fba35bbb92461ac20ea6d80b9e826d28369d5fa6010d9838508ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8ABJT7F7BZNPAGF6W9
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"16b7038049448ed0734707b3e7f45ff7-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfe7bf65-WAW

GET
H2 200 _app-43cb7510efd06ccb.js Show response
www.zscaler.com/_next/static/chunks/pages/ 368 KB
121 KB 149ms
148ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/pages/_app-43cb7510efd06ccb.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3618b2465cc3685ffb2dd728fc10a62ba02d648f199b33875b43d11465793e75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR883GDCG0827T2S90N4
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"9e5ddcbc00ee308adb47c6ed20dd8479-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403abfe8bf65-WAW

GET
H2 200 7459-6683d56ddfc1e33f.js Show response
www.zscaler.com/_next/static/chunks/ 239 KB
64 KB 165ms
164ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/7459-6683d56ddfc1e33f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97cbac11ec6ac94419d02dcecf53b4f2c3fb2b2481bdd97a3cddbed06e556c4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8X65E4RHF6Z5S0B41R
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14681
cache-status: "Netlify Edge"; hit
etag: W/"07ba3ee6641a92c66221db0916673916-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403ad80abf65-WAW

GET
H2 200 5865-a280b85a1b3f871e.js Show response
www.zscaler.com/_next/static/chunks/ 135 KB
38 KB 166ms
165ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5865-a280b85a1b3f871e.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31d8f5d0e01807256c12d40c18410385c9a9985fed650f5537a5450f0582cce6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8Y5AKDH971CGM45P32
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"9b2bffcd6aaba13434b34808d1fa362d-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403ad80cbf65-WAW

GET
H2 200 544-c66c31cbb2cad110.js Show response
www.zscaler.com/_next/static/chunks/ 81 KB
20 KB 157ms
155ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/544-c66c31cbb2cad110.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e99150abc2550e0f94444a51e076d83c8825451341beac00f7e11176561ebab6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8Q218GPA1S708NJRCY
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"64c5a84dc8d0cfd9dd672297d7d79dbe-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403ad810bf65-WAW

GET
H2 200 1576-023e5469f519af84.js Show response
www.zscaler.com/_next/static/chunks/ 149 KB
32 KB 168ms
166ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/1576-023e5469f519af84.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ada28a7dd69999d0d6c34b24a1c93c1d7c17be16eee58e7398cba75d6a43d600

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8W539V392Q7PA8Z1ZH
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"24898531d4bb6bb44f1dc57db8c3fa16-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403ad812bf65-WAW

GET
H2 200 %5B...slug%5D-462c9d6f54f0ffa7.js Show response
www.zscaler.com/_next/static/chunks/pages/blogs/ 3 KB
2 KB 169ms
168ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/pages/blogs/%5B...slug%5D-462c9d6f54f0ffa7.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf535071929fbe70e3c17edb25abd5115a9e913fb7c40a1119691247fc74ee83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8XQ6SSS33T5NGTVHGR
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 12942
cache-status: "Netlify Edge"; hit
etag: W/"eee2a9e8c770c0a08e6c0be4b09a5699-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403ad813bf65-WAW

GET
H2 200 _buildManifest.js Show response
www.zscaler.com/_next/static/0-B0JKWUERxn0tL-GC2rR/ 3 KB
1000 B 180ms
179ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/0-B0JKWUERxn0tL-GC2rR/_buildManifest.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a268bdbb851f2c43ee7c191a0bd60773d5c23f80b024b8b20f86fda0fa500255

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8XYYV6XXY86E5VHRDJ
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"cd68831f5f0a42064b37253068bcbe94-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403ad815bf65-WAW

GET
H2 200 _ssgManifest.js Show response
www.zscaler.com/_next/static/0-B0JKWUERxn0tL-GC2rR/ 417 B
280 B 169ms
169ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/0-B0JKWUERxn0tL-GC2rR/_ssgManifest.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc1a746e4540f4be2f9172e2403669d454784c6ff4e5394e5c89f6d24f22af83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTR8WMTMD9WHJ9JC4NF61
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15502
cache-status: "Netlify Edge"; hit
etag: W/"9e56531e829a109b15c8b03429c19e6a-ssl"
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403ad817bf65-WAW

GET
H2 200 email-decode.min.js Show response
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
819 B 34ms
34ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
last-modified: Thu, 04 Jul 2024 09:57:52 GMT
server: cloudflare
content-encoding: gzip
etag: W/"66867220-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 8a08403ad819bf65-WAW
expires: Thu, 11 Jul 2024 12:17:26 GMT

GET
H2 200 ct Show response
obs.iseaskies.com/ 4 KB
1 KB 461ms
210ms Script
text/javascript 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/ct?id=60409&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1720527446498&hl=2&op=0&ag=589913651&rand=532217507802901061271118221572258322863025802958616215160282731216059012872171510012&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDE5MDVdLFsiYWJuY2giLDE2XSxbLTgsIi0iXSxbLTM4LCJsLC0xLC0xLDEsMCwyOCwwLDAsNzQsNjY5LC0xLDAsLCw4MzksODM5Il0sWy01MCwiLSJdLFstNTgsIi0iXSxbLTYzLCItIl0sWzM3LCJbMzMxNjIyNDA0OSxmdW5jdGlvbihuZXdWYWx1ZSkge1xuICAgICAgICAgICAgICBhZGRDb250ZW50V2luZG93UHJveHkodGhpcylcbiAgICAgICAgICAgICAgLy8gUmVzZXQgcHJvcGVydHksIHRoZSBob29rIGlzIG9ubHkgbmVlZGVkIG9uY2VcbiAgICAgICAgICAgICAgT2JqZWN0LmRlZmluZVByb3BlcnR5KGlmcmFtZSwgJ3NyY2RvYycsIHtcbiAgICAgICAgICAgICAgICBjb25maWd1cmFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHdyaXRhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB2YWx1ZTogX3NyY2RvY1xuICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICBfaWZyYW1lLnNyY2RvYyA9IG5ld1ZhbHVlXG4gICAgICAgICAgICB9XSJdLFstNywiLSJdLFstMTAsIi0iXSxbLTI5LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy0zNCwiLSJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAxMTAwMTAxMTAxMDAwMDAxIl0sWy00NSwiLSJdLFstNDgsIjAsMCJdLFstMTgsIlswLDAsMCwxXSJdLFstMTksIlsxMTcwLDE1NzAsMTE3MCwxNTcwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjg1LDE2MDAsMTIwMCwwLDAsMCwwLFwiLVwiLFwiLVwiLDE2MDAsMTIwMF0iXSxbLTMxLCJmYWxzZSJdLFstMzcsIi0xNDQtNjYtMTgwLSJdLFstOSwiKyJdLFstMTIsIm51bGwiXSxbLTE3LCIxNiJdLFstMjMsIisiXSxbLTI2LCJ7XCJ0amhzXCI6Njg5MDkwNyxcInVqaHNcIjozODU0MTU5LFwiamhzbFwiOjQyOTQ3MDUxNTJ9Il0sWy00MSwiLSJdLFstNTksImRlZmF1bHQiXSxbLTY4LCItIl0sWy0xLCItIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTQ2LCIwIl0sWy01NCwie1wiaFwiOltcIl8zXCIsXCIyODcyODk5MzIwXCIsXCJfMVwiLFwiNzY2NzYzMThcIl0sXCJkXCI6W10sXCJiXCI6W1wiMTE3NjcyODc4N1wiLFwiMjgzMjU4ODA0OFwiXSxcInNcIjoxfSJdLFstNTUsIjAiXSxbLTIwLCItIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMjcsIlsxNTAsMTAsMCxcIjRnXCIsbnVsbF0iXSxbLTM1LCJbMTcyMDUyNzQ0NjQ1OCwtMl0iXSxbLTQwLCIzMyJdLFstNDIsIjE3MjQyOTc2NTMiXSxbLTYxLCJ7XCJ3Z3NsXCI6XCI0O3JlYWRvbmx5X2FuZF9yZWFkd3JpdGVfc3RvcmFnZV90ZXh0dXJlcztwYWNrZWRfNHg4X2ludGVnZXJfZG90X3Byb2R1Y3Q7dW5yZXN0cmljdGVkX3BvaW50ZXJfcGFyYW1ldGVycztwb2ludGVyX2NvbXBvc2l0ZV9hY2Nlc3M7XCIsXCJwY2ZcIjpcImJncmE4dW5vcm1cIn0iXSxbLTYyLCI4MCJdLFstNjUsIi0iXSxbLTY3LCItIl0sWy0yNSwiLSJdLFstNTMsIjEwMCJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIixcInR3aXR0ZXI6dGl0bGVcIixcInR3aXR0ZXI6ZGVzY3JpcHRpb25cIl19Il0sWy0xNiwiMCJdLFstNDQsIjAsMCwwLDUiXSxbLTQ3LCJFdXJvcGUvQmVybGluLGRlLGxhdG4sZ3JlZ29yeSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstMTUsIi0iXSxbLTMyLCItIl0sWy0zNiwiW1wiNC8zXCIsXCI0LzNcIl0iXSxbLTQ5LCItIl0sWy01MSwiLSJdLFstNTcsIldFMFpWMXhPY1ZoWFhWVmNTeGNGV2xaVVNVeE5YRjBIR1dKWVNobFlTVWxWUUdRWkVWeFBXRlVaV0UwWkJWaFhWbGRBVkZaTVNnY1pFUU1PQXdnTUNRb0pBUkFWR1FWWVYxWlhRRlJXVEVvSEF3Z0JBd29KRUJWWVRSbDRTMHRZUUJkZlhCa1JVVTFOU1VvREZoWldXeGRRU2x4WVNsSlFYRW9YV2xaVUZsQVdDQW9BREZ3TURWc09DVnNKRDFzTkRRMFBEQTlZQzE4TkNWb0lDZ3dLRGcwWFUwb0RDQU1QRGcwT0NCQVZXRTBaU3hrUlVVMU5TVW9ERmhaV1d4ZFFTbHhZU2xKUVhFb1hXbFpVRmxBV0NBb0FERndNRFZzT0NWc0pEMXNORFEwUERBOVlDMThOQ1ZvSUNnd0tEZzBYVTBvRENBTU9DUTRQQ3hBPSJdLFstNjYsImdlb2xvY2F0aW9uLHN0b3JhZ2VhY2Nlc3MsZ2FtZXBhZCxjaGVjdCxtaWRpLGRpc3BsYXljYXB0dXJlLHVzYixicm93c2luZ3RvcGljcyxwaWN0dXJlaW5waWN0dXJlLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LGxvY2FsZm9udHMsb3RwY3JlZGVudGlhbHMsZW5jcnlwdGVkbWVkaWEsY2hzYXZlZGF0YSxjaHVhZnVsbHZlcnNpb25saXN0LGNodWF3b3c2NCxzaGFyZWRzdG9yYWdlLGNoZG93bmxpbmssY2hwcmVmZXJzY29sb3JzY2hlbWUsc3luY3hocixjaHVhbW9kZWwsY2hwcmVmZXJzcmVkdWNlZHRyYW5zcGFyZW5jeSxzZXJpYWwsY2FtZXJhLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24scHJpdmF0ZXN0YXRldG9rZW5pc3N1YW5jZSxpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LGNodWFmdWxsdmVyc2lvbixmdWxsc2NyZWVuLGNoZHByLHVubG9hZCxrZXlib2FyZG1hcCxjaHVhcGxhdGZvcm0sc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxneXJvc2NvcGUsaW50ZXJlc3Rjb2hvcnQsY2h1YW1vYmlsZSx3aW5kb3dtYW5hZ2VtZW50LGNodWEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUsbWFnbmV0b21ldGVyLGFjY2VsZXJvbWV0ZXIscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGNodWFhcmNoLHhyc3BhdGlhbHRyYWNraW5nLGNodWFmb3JtZmFjdG9ycyxpZGxlZGV0ZWN0aW9uLGNodWFwbGF0Zm9ybXZlcnNpb24sY2h3aWR0aCxjbGlwYm9hcmRyZWFkLGNodmlld3BvcnR3aWR0aCxjb21wdXRlcHJlc3N1cmUscGF5bWVudCxjaHZpZXdwb3J0aGVpZ2h0LGNocnR0LGF1dG9wbGF5LGNyb3Nzb3JpZ2luaXNvbGF0ZWQsaGlkLGNodWFiaXRuZXNzLHNjcmVlbndha2Vsb2NrLHByaXZhdGVhZ2dyZWdhdGlvbixjbGlwYm9hcmR3cml0ZSxhdHRyaWJ1dGlvbnJlcG9ydGluZyxjaGRldmljZW1lbW9yeSxtaWNyb3Bob25lIl0sWy0yLCI1LGVBSFdYMS9mM3F6Q3Zia3V5bVF3Z2xJYUYzcEVzUkVFVHBvVmRGVkJRUXBSY1JCRlNLSUlnaVJJcjBLaEpScXBTQXRDQWtRSHBJenliYlhwbVpyLzUvZDk2YnpjdVNBUEovR3QiXSxbLTQsIi0iXSxbLTUsIi0iXSxbLTYsIi0iXSxbLTEzLCItIl0sWy0xNCwiLSJdLFstMjEsIi0iXSxbLTI0LCJbXSJdLFstNjQsIlswLFwiXCIsW11dIl0sWy02OSwiTGludXggeDg2XzY0fEdvb2dsZSBJbmMufDh8MTZ8fDAiXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImludGVsIGluYy5cIixcInJcIjpcImludGVsIGlyaXMgb3BlbmdsIGVuZ2luZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjo2LFwid2dsXCI6MSxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwic2VmXCI6MTkzMDgyMDI3OSxcInNlY1wiOlwiXCJ9Il0sWyJibmNoIiwyMThdLFstMzMsIi0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsNSx0cnVlLHRydWUsbnVsbCwwLHRydWUsdHJ1ZV0iXSxbLTUyLCItIl0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTYwLDIwNV0sWyJkZGIiLCIwLDYsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMiwwLDAsMCw5NywwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDEsMCwyLDAsMCw2LDAsMSwxLDAsMCwwLDAsMCwwLDAsMiwwLDUsMCwwLDAsMCwwLDAsMCwwLDAiXSxbImNiIiwiMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsNywwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwzOCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCw0LDAsMCwwLDAsMCwwLDAsMCwwIl1d&dep=0&pre=0&sdd=%7B%7D&cri=5UwOSugYkI&pto=1046&ver=61&gac=-&mei=&ap=&fe=1&duid=1.1720527446.csRmg2pPDulFzWKV&suid=1.1720527446.CoYSWEcKsQHPy3v9&tuid=1.1720527446.FBWd1mU0HzhT8QMJ&fbc=-&gtm=-&it=23%2C667%2C150&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 67a3a415c4794047c3cf0af572f8db8b3a4078ee7ff7a8a016053f0198ba8016

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-type: text/javascript
pragma: no-cache
date: Tue, 09 Jul 2024 12:17:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 1140
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 janelarat_overview.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/janelaRAT/ 13 KB
14 KB 1001ms
1000ms Image
image/webp 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/janelaRAT/janelarat_overview.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f97c73c5c6dfddc49711032baffafe850957484ebeae04cc84a897d5962a796

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
content-length: 13684
cf-resized: internal=ok/d q=0 n=660+208 c=0+0 v=2024.6.0 l=13684
last-modified: Thu, 04 Jan 2024 17:09:19 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf9YeVdpVirxUttbXH2HrCIgPH1gWqs-rDoNB_ezzVDw"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
content-type: image/webp
cache-control: max-age=300
accept-ranges: bytes
cf-ray: 8a08403ccac7bf65-WAW

GET
H2 200 3e894970-e3e9-4783-85e9-7c38eedbfbbf.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 5 KB
2 KB 132ms
67ms XHR
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/3e894970-e3e9-4783-85e9-7c38eedbfbbf.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b0cd39d290a1403b6303c049dceebac871d07a5f776b53f4e425ec2235d16a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jul 2024 12:17:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 23800
content-md5: oj+Dp3bF+hHUZlalRDGEBg==
content-length: 1840
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 09:57:50 GMT
server: cloudflare
etag: 0x8DC95C6709730F1
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 609ffdb0-a01e-000a-38af-c78a03000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a08403d68503bbf-WAW
expires: Wed, 10 Jul 2024 12:17:26 GMT

GET
H2 200 7763.d758ee891eda7402.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
748 B 76ms
76ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/7763.d758ee891eda7402.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-a31bc9bc40d53130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRJ553RZ49FT2Y8CAM55
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14813
cache-status: "Netlify Edge"; hit
etag: W/"17febf2951ad34c7eeeef4016c7b0b2f-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403d1b36bf65-WAW

GET
H2 200 5551.c4fb596d5a66633e.js Show response
www.zscaler.com/_next/static/chunks/ 1000 B
800 B 74ms
73ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5551.c4fb596d5a66633e.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-a31bc9bc40d53130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRJ55DAP0Z2FJHWAAX9D
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14678
cache-status: "Netlify Edge"; hit
etag: W/"a6691d54597182ea40834fe228daf31e-ssl"
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403d1b3abf65-WAW

GET
H2 200 6023.ccb3fff03c4fa91a.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
748 B 79ms
78ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6023.ccb3fff03c4fa91a.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-a31bc9bc40d53130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRJ8N6P8K783RHXVD7NQ
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14825
cache-status: "Netlify Edge"; hit
etag: W/"cdf67233aa350887f94d408f802c7482-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403d1b3ebf65-WAW

GET
H2 200 790.d7dc94c2ef6f512f.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
840 B 75ms
74ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/790.d7dc94c2ef6f512f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-a31bc9bc40d53130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRJ9TW8W4RGMY3F1WHZX
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 14447
cache-status: "Netlify Edge"; hit
etag: W/"a1ea44e59828d3f7a982ea32905c6987-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403d1b40bf65-WAW

GET
H2 200 6831.3072668993ea221f.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
741 B 76ms
76ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6831.3072668993ea221f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-a31bc9bc40d53130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRJ88VMVPEZSBNDJYJ39
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 15499
cache-status: "Netlify Edge"; hit
etag: W/"e6955a7112f40e9844da8900d4e701a7-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403d1b41bf65-WAW

GET
H2 200 storage.html
117186981.intellimizeio.com/ Frame 024A 0
0 146ms
50ms Document
text/html 34.248.150.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://117186981.intellimizeio.com/storage.html

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.248.150.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-150-175.eu-west-1.compute.amazonaws.com

Software

/ Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 5628
content-type: text/html; charset=utf-8
date: Tue, 09 Jul 2024 12:17:26 GMT
etag: W/"15fc-Uk1A5QrccB7iUltcerqKsVx8Uo0"
strict-transport-security: max-age=15552000; includeSubDomains
x-powered-by: Express

POST
H2 200 117186981 Show response
api.intellimize.co/context-v2/ 558 B
645 B 188ms
84ms Fetch
application/json 52.50.202.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.intellimize.co/context-v2/117186981

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.50.202.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-202-118.eu-west-1.compute.amazonaws.com

Software

Resource Hash

c551aba4de091a3d8da59cc0c4e031f5bab35d829bd6566696910af19e3bac9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

GET
H2 200 117186981.js Show response
cdn.intellimize.co/snippet/ 386 KB
46 B 31ms
31ms Script
application/javascript 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.intellimize.co/snippet/117186981.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c0dd6d0a7a8e09aaebac019af09fcd53af3147d55913c47530e7b28d773075ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 1
date: Tue, 09 Jul 2024 12:17:26 GMT
via: 1.1 varnish
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 0
x-timer: S1720527447.658962,VS0,VE2
etag: "0499a1d493320263833e0c863e1233710--gzip"
vary: Intellimize-Namespace, Intellimize-StatusModule, Accept-Encoding
x-cache: HIT
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, must-revalidate
accept-ranges: bytes
content-length: 96776
x-served-by: cache-fra-eddf8230084-FRA

GET
H2 200 forms2.min.js Show response
info.zscaler.com/js/forms2/js/ 199 KB
67 KB 292ms
70ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/js/forms2.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
age: 1486
etag: "36277e-31b30-619b21e0856c0"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 8a08403f09eb3482-WAW
expires: Tue, 09 Jul 2024 16:17:26 GMT

GET
H2 200 image
www.zscaler.com/_next/ 16 KB
16 KB 105ms
104ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Findian_flag.jpg&w=600&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5724bbf488707332ae05dff33e2e3c6f8d58b4dfa425c3f545433fd5e4f94675

Security Headers

Name	Value
Content-Security-Policy	,
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRMV5EVM9GJ94HAATYA7
date: Tue, 09 Jul 2024 12:17:26 GMT
content-security-policy: ,
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 15496
cross-origin-resource-policy: cross-origin
content-length: 16599
last-modified: Tue, 09 Jul 2024 07:59:10 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=stale
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a08403dac0cbf65-WAW

GET
H2 200 image
www.zscaler.com/_next/ 9 KB
10 KB 121ms
121ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fmodular_blocks.jpg&w=600&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d93678cd5cd441e9799a92c62a8e54e3f5525ee608633476d5a3062ec523820b

Security Headers

Name	Value
Content-Security-Policy	,
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRMV02T3ZPS160Q0TEZD
date: Tue, 09 Jul 2024 12:17:26 GMT
content-security-policy: ,
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 14568
cross-origin-resource-policy: cross-origin
content-length: 9632
last-modified: Tue, 09 Jul 2024 08:14:39 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=stale
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a08403dac10bf65-WAW

GET
H2 200 image
www.zscaler.com/_next/ 13 KB
13 KB 129ms
128ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Ffake_alert.jpg&w=600&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea365b9060720c4d76b6baae2fd6e02031826a78a8df236c7b281efbbb0f32ba

Security Headers

Name	Value
Content-Security-Policy	,
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRMYTCEHM2NMKKS9NADT
date: Tue, 09 Jul 2024 12:17:26 GMT
content-security-policy: ,
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 14571
cross-origin-resource-policy: cross-origin
content-length: 13248
last-modified: Tue, 09 Jul 2024 08:14:35 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=stale
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a08403dac12bf65-WAW

GET
H2 200 b0bb3f2a3b7edfcf.css Show response
www.zscaler.com/_next/static/css/ 93 KB
92 B 104ms
104ms Fetch
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/b0bb3f2a3b7edfcf.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b313dd302550e78e611dd129c0fc501e5544450488c199b44eb20107f69eba3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRNF6AV37TS67G2BJCK3
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 13043
cache-status: "Netlify Edge"; hit
etag: W/"e42921e5c093e8e5a448834c416651ca-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403dac13bf65-WAW

GET
H2 200 d5d8f2847c08eecd.css Show response
www.zscaler.com/_next/static/css/ 76 KB
93 B 77ms
76ms Fetch
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d5d8f2847c08eecd.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-7c8d262537cac334.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

464a2a89ca6b0b827fd9598bf6d2dccf5f072cacf0b0f0423f7d30f0e97ce135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRMZGCVDSD016ZV09XRA
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 12617
cache-status: "Netlify Edge"; hit
etag: W/"a195c39c18bdcd9ea82cf23ccd282a73-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a08403dac16bf65-WAW

GET
H2 200 image
www.zscaler.com/_next/ 3 KB
4 KB 276ms
276ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Ffeatured%2Fblack_square_desktop_9.jpeg&w=1920&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd77b51b33769c81019c11e996e61bb4c0563aedae411b098cf3dc6c79116ec3

Security Headers

Name	Value
Content-Security-Policy	,
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTRN3KX7H3A627YP90ZF8
date: Tue, 09 Jul 2024 12:17:26 GMT
content-security-policy: ,
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload
cf-cache-status: DYNAMIC
age: 12416
cross-origin-resource-policy: cross-origin
content-length: 3566
last-modified: Tue, 09 Jul 2024 08:50:30 GMT
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
server: cloudflare
cache-status: "Netlify Edge"; fwd=miss
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a08403dbc27bf65-WAW

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
304 B 138ms
61ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8a08403e4aecbfee-WAW
access-control-allow-headers: Content-Type

POST
H2 200 clientlogger
log.intellimize.co/ 3 B
325 B 596ms
193ms Ping
application/json 44.238.160.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://log.intellimize.co/clientlogger

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.238.160.115 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-238-160-115.us-west-2.compute.amazonaws.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

POST
H2 200 117186981 Show response
api.intellimize.co/prediction/ 68 B
379 B 51ms
49ms Fetch
application/json 52.50.202.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.intellimize.co/prediction/117186981

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.50.202.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-202-118.eu-west-1.compute.amazonaws.com

Software

Resource Hash

dc7bce7cbccddb325bbaca372fce7fb4c59857efc717ee1935cb8173a28c63af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/ 442 KB
107 KB 52ms
51ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jul 2024 12:17:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: s7qm2vbmUNglr6Jt5k9KHA==
age: 3000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 109676
x-ms-lease-status: unlocked
last-modified: Thu, 21 Mar 2024 07:04:35 GMT
server: cloudflare
etag: 0x8DC49752A75EB01
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f463857b-001e-005d-3a08-7c3307000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a08403eea1e3558-WAW

POST
H2 200 logger
log.intellimize.co/ 3 B
324 B 416ms
193ms Ping
application/json 44.238.160.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://log.intellimize.co/logger

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.238.160.115 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-238-160-115.us-west-2.compute.amazonaws.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

POST
H2 200 logger
log.intellimize.co/ 3 B
324 B 418ms
195ms Ping
application/json 44.238.160.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://log.intellimize.co/logger

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.238.160.115 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-238-160-115.us-west-2.compute.amazonaws.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.zscaler.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/7e39d72d-1927-46f7-a0e0-f2afc442f33f/ 126 KB
28 KB 61ms
61ms Fetch
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/7e39d72d-1927-46f7-a0e0-f2afc442f33f/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f23f53e414e418ba0b70cf9106982d493e4d3554fc1929533737d4f595f89f7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jul 2024 12:17:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 72494
content-md5: SCNd+VjPycUxIbADx7mHRw==
content-length: 28323
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 09:56:03 GMT
server: cloudflare
etag: 0x8DC95C630A2F321
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 14cb5217-901e-006f-78a9-cc3b5e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a08403f7ae73bbf-WAW
expires: Wed, 10 Jul 2024 12:17:26 GMT

GET
H2 200 tc_imp.gif
obs.iseaskies.com/tracker/ 43 B
102 B 123ms
123ms Image
image/gif 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.iseaskies.com/tracker/tc_imp.gif?e=37dfbd8ee84e001268eec237ed438e9b9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5811896d2e17071a10acf9f29f6740d386d8527e6c4eab782205863ede6ac7503801279406035964030ac7b6391e77be26bb25cb43e2916af05165ad5f2f7a1bda53ec14f4c1d7de3cbb2807ff7ecaa8556d8e0e3143714493d60266a060b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf7288ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e82d8e56b92610b87f1cb2d1c11a4606ffec41d31eddfad76da02fb15e1d61c9149d9d36d9a6d279c9b22da6198cefab6cdb3f11338ae6bf2fbb9234e2bfb94248efe01e0141a54954309da8dcec8cff18021853bd79fa29873f867342483692c978490446ad8eb7fac0fe4834e8038bf7a505c44de3bae0ada88ae65f7973bd153f38cccd064824f0b7bfe4e1154684272c2e36db753d7c3c820ae9273fa91269acca9f87acfe8b411266e8fea4f49d7f7510b53afa2a235b630889e29fdfc3ce06eaa3089419145c5a23ddb0865b1f8c7247d6a221120194e0bb8b2d47ed810e41d1b022db8f41ccd840a52affe86eded289bb2baee8ceaf1e3575d6baa34daef0c30c73a3109dd71406370e42dfd05459bbe9f27f334c52f99b63ed1aa4fc569054a2301750f9fc2e2c73d7b559a185994d3d9bbb3d652059eb0b96197cf737bdfce133c69fb99c55721b72484439e1ae33c9c0edad40efbb231fe868bd5915b7feee3397f9f70a68cddb704c8296d42179e7a424eb0a45d8fe916cd9d9fce4a9ec4e56e593507de49ee59dc1fd5fa0f842e51620463296deb488f9f3252bb6fc5a5f231ddc953ff2b1acc76097fe4abb0723aa772b38702c615754513e8292690aec969cc553e9f8714a5dbdbe1f630bd09547f70f20f6f0af8986d21c02efbec836dd9c1e6653060b028645116c5174cf4cdbf5c40ec3d2282d3de1e97b6ef98007de422b1067644981b616ddfd3074897c4a38bb3a019e026b42e8870839d08c7eef13725afdb02d094beaed6ac959e655086e73947c47cc15fdf4cebe728a1d3df8a32e1c4c7f2fb5a69c5a2f4f440c8578d530a704b2bb3d04b6a8336b1048bdd24a74179be2e0b83&cri=5UwOSugYkI&ts=507&cb=1720527447005
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
BLOB 200
OK d4dcd70e-0272-4e7d-8710-a2603d968a84
https://www.zscaler.com/ 261 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.zscaler.com/d4dcd70e-0272-4e7d-8710-a2603d968a84
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82c53248dd29c08f2a64352ac8fa3a4e72c240d04721d88bb24f6d5b737a04db

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 261
Content-Type

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 13 KB
3 KB 48ms
47ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: KLWFssuowJEtDumTaVZD/A==
age: 43642
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3041
x-ms-lease-status: unlocked
last-modified: Thu, 21 Mar 2024 07:04:28 GMT
server: cloudflare
etag: 0x8DC497526A04834
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3a650741-801e-007e-6dd1-9ba6b0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0840402bc93bbf-WAW

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 5 KB
2 KB 59ms
58ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: k7yGPxSf903pvrcZkZ/tnw==
age: 23798
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1738
x-ms-lease-status: unlocked
last-modified: Thu, 21 Mar 2024 07:04:30 GMT
server: cloudflare
etag: 0x8DC497527AB27B4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 4bf9e8d1-801e-00a5-22d1-9b608d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0840402bca3bbf-WAW

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 24 KB
4 KB 59ms
58ms Fetch
text/css 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jul 2024 12:17:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: 4ErYmXXFNbMLrnc9DrDTsg==
age: 23798
x-ms-lease-status: unlocked
last-modified: Thu, 21 Mar 2024 07:04:40 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 5e879149-f01e-0016-51d1-9bc020000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8a0840402bcb3bbf-WAW

GET
BLOB 200
OK 5e85c188-f1fa-4977-ae05-be4fd4dc3289
https://www.zscaler.com/ 529 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.zscaler.com/5e85c188-f1fa-4977-ae05-be4fd4dc3289
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cc106c3c14f9b7cef90cdb279d64dcf92da19a9112195d32a56b7a6746121770

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 529
Content-Type

GET
H2 200 zscaler-variation-icon-white.png
cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a48-f85f-7774-95d7-08faa6aa3c7b/12ee0f04-1958-4b33-a1d4-12aaee5a0f25/ 1 KB
2 KB 50ms
49ms Image
image/png 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a48-f85f-7774-95d7-08faa6aa3c7b/12ee0f04-1958-4b33-a1d4-12aaee5a0f25/zscaler-variation-icon-white.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 09 Jul 2024 12:17:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: AjwaatmEihRgIitZTQhd5w==
age: 56527
content-length: 1448
x-ms-lease-status: unlocked
last-modified: Thu, 21 Mar 2024 07:22:44 GMT
server: cloudflare
etag: 0x8DC4977B36FCFB2
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: e1cc15e3-f01e-0051-752b-b65f9c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a084040ac3a3558-WAW

GET
H2 200 favicon-32x32.ico
www.zscaler.com/favicons/ 4 KB
994 B 208ms
207ms Other
image/vnd.microsoft.icon 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/favicons/favicon-32x32.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J2BPTS5NPTS68A2T80G8B0NK
date: Tue, 09 Jul 2024 12:17:27 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
age: 12446
cache-status: "Netlify Edge"; hit
etag: W/"5d00c0de27c65c78efe08fbcbcd851cd-ssl"
vary: Accept-Encoding
content-type: image/vnd.microsoft.icon
cache-control: public,max-age=0,must-revalidate
cf-ray: 8a0840410839bf65-WAW

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 370 KB
119 KB 191ms
91ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

af077170dcb4f01a49653913e655c6079ce4332916f39f4dae14bd0e05e232db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120989
x-xss-protection: 0
last-modified: Tue, 09 Jul 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Jul 2024 12:17:27 GMT

GET
H2 200 getForm Show response
info.zscaler.com/index.php/form/ 6 KB
2 KB 131ms
130ms Script
application/javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=7971&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&callback=jQuery37108700207057500449_1720527446988&_=1720527446989
Requested by: Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca893d08733f6bf10a8ef03aa850b01501febd245019dd7940a5b9bb320ea0a9

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 8a0840416cf63482-WAW
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 getForm Show response
info.zscaler.com/index.php/form/ 6 KB
2 KB 124ms
124ms Script
application/javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=1944&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&callback=jQuery37108700207057500449_1720527446990&_=1720527446991
Requested by: Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b41158b6ab9bf7e5b1ea3911002ac406b5a73691985d550f91258ddd1b42dade

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 8a0840416cfb3482-WAW
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 forms2.css
info.zscaler.com/js/forms2/css/ 13 KB
3 KB 56ms
55ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/css/forms2.css

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
age: 1486
etag: "362776-3437-619b21e0856c0"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8a0840423ded3482-WAW
content-length: 2623
expires: Tue, 09 Jul 2024 16:17:27 GMT

GET
H2 200 forms2-theme-round.css
info.zscaler.com/js/forms2/css/ 4 KB
1 KB 55ms
54ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/css/forms2-theme-round.css

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
age: 4983
etag: "3040222-e46-619b21e0856c0"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8a0840423def3482-WAW
content-length: 968
expires: Tue, 09 Jul 2024 16:17:27 GMT

GET
H2 200 XDFrame Show response
info.zscaler.com/index.php/form/ Frame A65C 2 KB
864 B 160ms
160ms Document
text/html 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/index.php/form/XDFrame

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 8a084042ce873482-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jul 2024 12:17:27 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 333 KB
109 KB 79ms
79ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24869e82d0ad60b4055b20d91004096498c1c6f8d59573af7322253e0e84758b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 111098
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 09 Jul 2024 12:17:27 GMT

GET
H2 200 6635.js Show response
script.crazyegg.com/pages/scripts/0097/ 7 KB
3 KB 161ms
56ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb8352741015cc1aa5fec563bced353a84d196697cd79bb51fb4410fd0699786

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 10194
cf-polished: origSize=7384
ce-version: 11.5.237
cf-bgj: minify
last-modified: Tue, 09 Jul 2024 09:27:33 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8a084043ecb23492-WAW

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 136ms
32ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.221.60.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Tue, 09 Jul 2024 12:17:27 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 6934ae2b-4c76-4229-97d0-8f637b004b88.js Show response
j.6sc.co/j/ 4 KB
2 KB 139ms
36ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: uLuCr1hhLpJjZt0sFSB89FSJa4YqIrE7
content-encoding: gzip
date: Tue, 09 Jul 2024 12:17:27 GMT
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 1178
pragma: no-cache
last-modified: Tue, 02 May 2023 17:36:47 GMT
server: AmazonS3
etag: "afb8c61166e7f50fe6d7ab7b6377733c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: pE9tinuLUd5M2XuaLIXy0hrVV83hzPqjSQLfD46vz9YCYnJQXn4qvg==
expires: Tue, 09 Jul 2024 12:17:27 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 88 KB
28 KB 122ms
36ms Script
text/javascript 2600:9000:2644:8200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:8200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 02b5db103f24a7395fa2623b371ea764e2948337147de780911dc2fcdec49458

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Amz-Version-Id: fsiDuzy5vys3wCM7hYlFnR.TBXHQSKgT
Content-Encoding: gzip
Via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
Date: Tue, 09 Jul 2024 12:10:47 GMT
Age: 401
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 04 Jul 2024 15:21:58 GMT
Server: AmazonS3
Etag: W/"c3ca7e6129306d41ac549ab4c252c99b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 3DloM3B1GGJ5a9NxOUC-GKWORmqiR0zEciLNhuP1IukJ1VbK6muZlw==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
14 KB 125ms
38ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Jun 2024 16:46:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=12782
accept-ranges: bytes
content-length: 14004

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 282 KB
94 KB 80ms
77ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-812494211&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

57f94a97ea4a43b288e1a82f105e0c6d54a072d26229849e51cfa736a2bf2965

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96288
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 09 Jul 2024 12:17:27 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 47 KB
14 KB 158ms
73ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a97bc8ec679a82ec782bd76c7302c0ca394c1ad672450f86f87bee5e0ec06b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 09 Jul 2024 12:17:26 GMT
last-modified: Mon, 08 Jul 2024 16:08:41 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D20A48ED6B8E4080A05C84DA9F313B43 Ref B: CPH30EDGE0514 Ref C: 2024-07-09T12:17:27Z
etag: "804a6d1951d1da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13828

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 205 KB
75 KB 100ms
97ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-8541430&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5e8795a6586d273e42fde17a31509d27e6cdd4c05f84f52ef272b43b94330479

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76269
x-xss-protection: 0
last-modified: Tue, 09 Jul 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Jul 2024 12:17:27 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 222 KB
59 KB 113ms
30ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 09 Jul 2024 12:17:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58293
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=27, rtx=0, c=12, mss=1368, tbw=2777, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: q3Dr+RPNee6dJK5J79i7duVGPneWGZU1HWw+OpItJiXFxFX1Hd4JItZ2fuWhROJQ9Jh2TA1JZHftiQOQTQhj5A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 170ms
86ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 2932
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 8a084043e84abf51-WAW
expires: Tue, 09 Jul 2024 12:37:27 GMT

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 128ms
47ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
x-amz-version-id: az1JGSQ.qou05rXeP8ubGTGmlUNWgCp9
via: 1.1 365a977b864574759e83e211b333db7e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: TXL50-P5
age: 2875
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 24 Jun 2024 11:29:23 GMT
server: cloudflare
etag: W/"e3c441f75699329acb887bf918f755c9"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 8a084043ec984516-TXL
x-amz-cf-id: 1NChva1MCyDMQQm07kptS4bler9hdVQDSjAlL390CHbd5W72RxiOMQ==

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 22 KB
22 KB 117ms
34ms Script
text/javascript 35.244.142.80
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:00:16 GMT
age: 1031
x-guploader-uploadid: ACJd0NqXeM9wWbF3rCtgqM14GvBSDYQpqJCU4i6nbNQT2SWiYQ0VsnMkaoqfPfSJXbqyNfOSBxk
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22096
last-modified: Tue, 25 Jun 2024 13:55:49 GMT
server: UploadServer
etag: "4eddeec95afda969b3d1b2fb970c1eb1"
x-goog-generation: 1719323749654301
x-goog-hash: crc32c=NZyeaA==, md5=Tt3uyVr9qWmz0bL7lwwesQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 22096
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 09 Jul 2024 13:00:16 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 12 KB
5 KB 100ms
38ms Script
application/x-javascript 18.172.103.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.103.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-103-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Tue, 09 Jul 2024 05:01:33 GMT
Content-Encoding: gzip
Via: 1.1 37dd0feed3e180cbd05080c74e7a5a42.cloudfront.net (CloudFront)
Last-Modified: Fri, 07 Jun 2024 09:20:53 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
Age: 26155
x-amz-server-side-encryption: AES256
ETag: W/"a7eb6794e868fe870db350518165c868"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: E_p9KhSsgPp7K0kRL_j7vRqXVEQgDj0-0PEW4nUp7AiADVW4FLuz-w==

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 25 KB
7 KB 502ms
124ms Script
application/javascript 44.209.137.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=7304606209231057term=value
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.209.137.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-209-137-118.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 567c68c074541d72c21e88481d0e03f5baa209010b6e58572bb76718fb2754bd

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
server: istio-envoy
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
x-envoy-upstream-service-time: 2
be: spx-prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 rudder-analytics.min.js Show response
cdn.rudderlabs.com/v1.1/ 122 KB
38 KB 127ms
35ms Script
application/javascript 2600:9000:275d:3200:16:a497:9700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:3200:16:a497:9700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6983cc4d5da374c36c01d4ef660385b7ae33de35414550bfc04c925d311ca5bc

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 11:43:45 GMT
content-encoding: gzip
via: 1.1 39cfa117a3536e9c0afd90708900b558.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jul 2024 05:24:11 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P11
age: 2056
x-amz-server-side-encryption: AES256
etag: W/"b1f322cbb2bcd09bc1d43a72ebbdc10e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: s0iimG-Oc1LQjx6gXitlbF1B2dfI8sLg7eeSBa5A0FzqZYT9RgnRrQ==

GET
H2 200 forms2.min.js Show response
info.zscaler.com/js/forms2/js/ Frame A65C 199 KB
0 1ms
1ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/js/forms2.min.js

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://info.zscaler.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
age: 1486
etag: "36277e-31b30-619b21e0856c0"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 8a08403f09eb3482-WAW
expires: Tue, 09 Jul 2024 16:17:26 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
18 KB 36ms
35ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

74dcc1eb2c6f66c23a2fcafd5aeeae1bc9f6570346cd243ba075a4f5ba130dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 14 Jun 2024 00:42:44 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "666b9204-1099c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18327
expires: Tue, 09 Jul 2024 12:17:27 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
733 B

30ms
30ms

Script
application/javascript

2600:9000:2644:8200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Protocol: HTTP/1.1
Server: 2600:9000:2644:8200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Tue, 09 Jul 2024 07:01:29 GMT
X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
Age: 18959
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: tA6AjFE4B24Re8vq5JCXGLIFjKavEI8vxMGdWglbWJ_7rQleUNTdMg==

Redirect headers

Date: Tue, 09 Jul 2024 06:21:58 GMT
Via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
Age: 21329
X-Amz-Cf-Pop: FRA60-P6
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: SlxZrGhVYYNhWY-TpStDPJWQRFSOazR2Ke9Tg5r8ARU1T0q08443kw==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/ 0
809 B 63ms
34ms Script
text/javascript 2600:9000:2644:8200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:8200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Amz-Version-Id: TUDbxuIUjM.OFwsbGXOIW8QjBzK_5aK_
Date: Tue, 09 Jul 2024 11:57:12 GMT
Via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
Age: 1310
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Sat, 06 Jul 2024 00:34:24 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: M8QKLq0FVOjJt_7u8V3E2bat3ohlp4wcAgX6g1hjP_Ldp4kvpcClqw==

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 103ms
36ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4730v883639532z871607006za200zb71607006&_p=1720527447199&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=779273250.1720527448&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1720527447&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz&en=page_view&_fv=1&_nsi=1&_ss=1&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20230810&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Gaetano%20Pellegrino&ep.author_name_2=Sudeep%20Singh&ep.nid=67336&epn.hit_timestamp=1720527447577&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&ep.loading_time_seconds=0&ep.z_error=false&up.clientid=(not%20set)&up.debug_info=id%3DGTM-5SLZFK%26v%3D513%26debug%3Dfalse&up.firmographic_name_domain=(not%20set)%20((not%20set))&up.firmographic_location=(not%20set)%3B%20(not%20set)%3B%20(not%20set)%3B%20&up.firmographic_revenue=(not%20set)&up.firmographic_employee=(not%20set)&tfd=2277&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
245 B 106ms
37ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=779273250.1720527448&gtm=45je4730v883639532z871607006za200zb71607006&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 97ms
37ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4730v883639532z871607006za200zb71607006&_p=1720527447199&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=779273250.1720527448&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=2&sid=1720527447&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz&en=form_interaction&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20230810&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Gaetano%20Pellegrino&ep.author_name_2=Sudeep%20Singh&ep.nid=67336&epn.hit_timestamp=1720527447550&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_js&ep.event_label=(not%20set)&_et=3&tfd=2284&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 97ms
37ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4730v883639532z871607006za200zb71607006&_p=1720527447199&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=779273250.1720527448&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=Ag&_s=3&sid=1720527447&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz&en=form_interaction&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20230810&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Gaetano%20Pellegrino&ep.author_name_2=Sudeep%20Singh&ep.nid=67336&epn.hit_timestamp=1720527447553&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=7971&tfd=2285&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 94ms
37ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4730v883639532za200zb71607006&_p=1720527447199&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=779273250.1720527448&ul=de-de&sr=1600x1200&are=1&frm=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAg&_s=4&sid=1720527447&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz&en=marketo_form_view&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20230810&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Gaetano%20Pellegrino&ep.author_name_2=Sudeep%20Singh&ep.nid=67336&epn.hit_timestamp=1720527447553&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=7971&tfd=2288&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 91ms
38ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4730v883639532z871607006za200zb71607006&_p=1720527447199&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=779273250.1720527448&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=5&sid=1720527447&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz&en=form_interaction&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20230810&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Gaetano%20Pellegrino&ep.author_name_2=Sudeep%20Singh&ep.nid=67336&epn.hit_timestamp=1720527447555&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_ready&epn.event_label=7971&_et=1&tfd=2291&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 88ms
38ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4730v883639532z871607006za200zb71607006&_p=1720527447199&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=779273250.1720527448&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=Ag&_s=6&sid=1720527447&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz&en=form_interaction&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20230810&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Gaetano%20Pellegrino&ep.author_name_2=Sudeep%20Singh&ep.nid=67336&epn.hit_timestamp=1720527447557&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=1944&tfd=2292&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 82ms
37ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4730v883639532za200zb71607006&_p=1720527447199&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=779273250.1720527448&ul=de-de&sr=1600x1200&are=1&frm=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAg&_s=7&sid=1720527447&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz&en=marketo_form_view&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20230810&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Gaetano%20Pellegrino&ep.author_name_2=Sudeep%20Singh&ep.nid=67336&epn.hit_timestamp=1720527447557&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=1944&_et=1&tfd=2299&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 128ms
71ms Image
image/gif 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-10SPJ4YJL9&cid=779273250.1720527448&gtm=45je4730v883639532z871607006za200zb71607006&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1&npa=1&frm=0&z=1547156374

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
682 B 473ms
472ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6738e00932f811ec91f92f2d09b779905b179f20a67374e4ed137db52c10d27e

Request headers

visited_url: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Referer: https://www.zscaler.com/
Authorization: Bearer e6609b6e9a1669129391
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Jul 2024 12:17:28 GMT
via: 1.1 fc2007805b18155e8ca67104268477c6.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: TXL50-P5
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: apON2hpRPHcES3g=
server: cloudflare
etag: W/"cb-YDMuT8hm3yEmrQSIs55udvL7JsQ"
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zscaler.com
cf-ray: 8a084045f9f944f2-TXL
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-Amp-Device-Id, X-Amp-Session-Id
x-amz-cf-id: sYBmvTxhQI0fh_kQMLwINxDEOiujR4cpBQxJ-utogYRMLzyAtODwAg==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 210ms
185ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type,visited_url
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
apigw-requestid: apONygZ4vHcESQw=
cf-cache-status: DYNAMIC
cf-ray: 8a084044df8544f2-TXL
date: Tue, 09 Jul 2024 12:17:27 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 fc2007805b18155e8ca67104268477c6.cloudfront.net (CloudFront)
x-amz-cf-id: 4amnoynNjI3pMeuz9amqFej-xv49dJP461mH2negsSuadjK1MgT2vA==
x-amz-cf-pop: TXL50-P5
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
1 KB 237ms
182ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=33962&time=1720527447775&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cache: CONFIG_NOCACHE
x-li-uuid: AAYcz4NcCXXryYJoi+nG4g==
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D0F174DA2B4047768F5195EAE646D3F6 Ref B: CPH30EDGE0315 Ref C: 2024-07-09T12:17:27Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-ltx1
access-control-allow-origin: *
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-fs-uuid: 00061ccf835c0975ebc982688be9c6e2

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720527447775&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720527447775&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fint...

0
483 B

188ms
134ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720527447775&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&e_ipv6=AQJkDzq09fwv7AAAAZCXbWdfLCd4C-H-Ff1QAJSoF9VlEktM3MiF46CDH1Uv0FGXUoErehE3
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 8700B55465FE41FAAB94F15646ED66BB Ref B: CPH30EDGE0311 Ref C: 2024-07-09T12:17:28Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lva1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYcz4NelEIShKIK87a+pg==

Redirect headers

date: Tue, 09 Jul 2024 12:17:27 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 9C4D4558B50E41D99A2683E43C7C841A Ref B: CPH30EDGE0811 Ref C: 2024-07-09T12:17:27Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1720527447775&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&e_ipv6=AQJkDzq09fwv7AAAAZCXbWdfLCd4C-H-Ff1QAJSoF9VlEktM3MiF46CDH1Uv0FGXUoErehE3
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYcz4NbswvTcbYyIJs/EQ==

GET
H2

200

activityi;dc_pre=CNyd-Zr4mYcDFe8W-QAdAGUJFQ;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fj...
8541430.fls.doubleclick.net/ Frame 670B
Redirect Chain

https://8541430.fls.doubleclick.net/activityi;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2...
https://8541430.fls.doubleclick.net/activityi;dc_pre=CNyd-Zr4mYcDFe8W-QAdAGUJFQ;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler...

0
0

211ms
210ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8541430.fls.doubleclick.net/activityi;dc_pre=CNyd-Zr4mYcDFe8W-QAdAGUJFQ;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech;ps=1;pcor=1702909533;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-8541430&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 397
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jul 2024 12:17:28 GMT
expires: Tue, 09 Jul 2024 12:17:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jul 2024 12:17:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8541430.fls.doubleclick.net/activityi;dc_pre=CNyd-Zr4mYcDFe8W-QAdAGUJFQ;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech;ps=1;pcor=1702909533;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activity;register_conversion=1;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repu...
ad.doubleclick.net/ 0
23 B 273ms
213ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=8541430;type=zscal00;cat=zscal0;ord=4756344154865;npa=1;auiddc=1811877425.1720527448;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech;ps=1;pcor=1702909533;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4730z871607006za201zb71607006;gcd=13l3l3l2l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"12178240432317372526"}],"aggregatable_trigger_data":[{"filters":[{"14":["94252198"]}],"key_piece":"0xb9b859d25ac1fb1e","source_keys":["12","13","14","15","16","17","18","19","20","21","14961884","14961885","14961886","14961887","634854592","634854593","634854594","634854595","638137204","638137205","638137206","638137207","900068780","900068781","900068782","900068783"]},{"key_piece":"0x761e2282b1b1358d","not_filters":{"14":["94252198"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","14961884","14961885","14961886","14961887","634854592","634854593","634854594","634854595","638137204","638137205","638137206","638137207","900068780","900068781","900068782","900068783"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"14961884":655,"14961885":655,"14961886":655,"14961887":63569,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"634854592":163,"634854593":163,"634854594":163,"634854595":15892,"638137204":327,"638137205":327,"638137206":327,"638137207":31784,"900068780":40,"900068781":40,"900068782":40,"900068783":3973},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"16885712298481318881","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"12178240432317372526","filters":[{"14":["94252198"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"12178240432317372526","filters":[{"14":["94252198"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"12178240432317372526","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"12178240432317372526","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["8541430"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ULSJHTPGTZGY3EPPZSKHKS Show response
d.adroll.com/consent/check/ 542 B
635 B 161ms
47ms Script
application/javascript 2a05:d018:cc3:fe05:ea3:4257:5c6d:709c
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS?pv=239284060.48192576&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&_s=4c94cabb14c9394f14e2b4a3cadaa43e&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe05:ea3:4257:5c6d:709c Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 299d90488a9b1a7805a3ead99deae96c60a3695bd38904cc1138c17246ca6c78

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
server: nginx/1.22.1
content-length: 542
content-type: application/javascript

GET
H2 200 www.zscaler.com.json Show response
script.crazyegg.com/pages/data-scripts/0097/6635/site/ 97 KB
11 KB 126ms
57ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6635/site/www.zscaler.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d93115e62ae3ac35a8d89087d2d8900304ddcf2b1c8a40117304997772a17ec4

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 10193
ce-version: 11.5.237
content-length: 10525
last-modified: Tue, 09 Jul 2024 09:27:34 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a0840457c99bfee-WAW

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
701 B 108ms
34ms XHR
application/json 185.89.210.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
an-x-request-uuid: 2270f672-15fd-4e03-bfa7-63b8991df153
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zscaler.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 193.32.248.222; 193.32.248.222; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 45ms
36ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
311 B 112ms
31ms XHR
text/html 2a02:26f0:ab00::214:8e41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00::214:8e41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fb6ace03aeac78105f826dbd0e0b1042b42d67e61255e4ed092bf632756b2755

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:27 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.zscaler.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a03:1b20:b:f011::2e
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1720527447896_34901565_243884466_27_1158_28_36_219";dur=1
content-length: 20
expires: Tue, 09 Jul 2024 12:17:27 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
447 B 135ms
134ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1720527447833&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 2334982
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:28 GMT
via: 1.1 google
x-guploader-uploadid: ACJd0No9oYGyCVx0Ncza5xmbzkcyTrvmZAK5OkkYUsCHxoY2A6S15OweMt8ufA6WRCuPH8yEkiO7arQYGw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Tue, 09 Jul 2024 13:17:28 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 206ms
128ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1720527447833&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 09 Jul 2024 12:17:27 GMT
expires: Tue, 09 Jul 2024 12:17:27 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ACJd0NrAI03ydXqGgdLpCGKMXJBJOuoe4Xgh8rhsahRht_aZg_0d0QC2curNlCJfsoaSoyXyHReXS0SbSQ

GET
H2 200 1778897272132032 Show response
connect.facebook.net/signals/config/ 69 KB
14 KB 32ms
32ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1778897272132032?v=2.9.160&r=stable&domain=www.zscaler.com&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

db0163d425d4dc195528d58a02779d27e841f1158accbfc2303e599aeed1ecff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 09 Jul 2024 12:17:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14469
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=34, rtx=0, c=61, mss=1368, tbw=63826, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: A7Gwgzg/7QQm1G7620LOZYcVgo+lMfaOD/Dbpfeft6K3SoRlnlJztpscf7wW23n58Swq9G0fCn+PfV+ni4FXiQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 26354555.js Show response
bat.bing.com/p/action/ 1 KB
841 B 59ms
58ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/26354555.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

dfbd8d7a089d17409d244b68361d28f48afd0eceb7ef00f965afeba00468c780

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Tue, 09 Jul 2024 12:17:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 997F0BC7FB36481DAB8551469FA45D63 Ref B: CPH30EDGE0514 Ref C: 2024-07-09T12:17:27Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET /
api.rudderstack.com/sourceConfig/ 0
0

GET up
insight.adsrvr.org/track/ Frame F394 0
0

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 91ms
30ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&rl=&if=false&ts=1720527447901&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720527447898.110441146293337459&cs_est=true&ler=empty&cdl=API_unavailable&it=1720527447841&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=26, rtx=0, c=10, mss=1368, tbw=2781, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 09 Jul 2024 12:17:27 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
4 KB 268ms
207ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&rl=&if=false&ts=1720527447901&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720527447898.110441146293337459&cs_est=true&ler=empty&cdl=API_unavailable&it=1720527447841&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x3b296dc5458c63f9","source_keys":["1","2"]},{"key_piece":"0xd6ce7ed1eabafdd5","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Tue, 09 Jul 2024 12:17:28 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7389609122702088986", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=10, mss=1368, tbw=3099, tp=-1, tpl=-1, uplat=178, ullat=0
pragma: no-cache
x-fb-debug: i9PZuHk72pIbk6A38wRLvY2mqBKh8O/2BtI1nrfPSSznoSAT5yUrAL6khJdOLW6W0f2APEvKR/L9YSo9/3y92Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7389609122702088986"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 26354555 Show response
bat.bing.com/p/insights/t/ 711 B
894 B 132ms
132ms Script
application/x-javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/insights/t/26354555

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/p/action/26354555.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

45a7c6a1906740c5a29a4bae66ba98c9d9aada399744e0a196ff0929f9318aac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: -1
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 09 Jul 2024 12:17:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C66198EA40D24BD4B590331EFEAF9146 Ref B: CPH30EDGE0514 Ref C: 2024-07-09T12:17:27Z
vary: Accept-Encoding
x-azure-ref: 20240709T121727Z-17f9d98b578q94rq9qz36nbm8400000002vg00000000c07p
content-type: application/x-javascript
x-cache: CONFIG_NOCACHE
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 604
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 138ms
130ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c80d5641-e1e5-4aa3-8325-89d541086101&session=71c10e0a-171e-4ad6-8dbe-da188cf047fd&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A27%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=3a2d6b90-ddf6-4be3-840b-04ab97476bf8&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:28 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 12:17:28 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 147ms
139ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c80d5641-e1e5-4aa3-8325-89d541086101&session=71c10e0a-171e-4ad6-8dbe-da188cf047fd&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22ab9750bca4342498694e239e304dd3a9%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2012%3A17%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%221dc729230d6b8d19bab5e6236d81f60c4dca0823%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2012%3A17%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2012%3A17%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2012%3A17%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%226934ae2b-4c76-4229-97d0-8f637b004b88%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2012%3A17%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2012%3A17%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2012%3A17%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=3a2d6b90-ddf6-4be3-840b-04ab97476bf8&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:28 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 12:17:28 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 139ms
131ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c80d5641-e1e5-4aa3-8325-89d541086101&session=71c10e0a-171e-4ad6-8dbe-da188cf047fd&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3Ab%3Af011%3A%3A2e%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=3a2d6b90-ddf6-4be3-840b-04ab97476bf8&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:28 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 12:17:28 GMT

GET
H2 200 1cb0fe96622d360e640b6ca18b5ba2ec.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 101 KB
34 KB 44ms
44ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 747b3bdf8958ba6ea546f95ee4255f40cdb156a5e61cb7c0b4324f77181c7991

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Sun, 30 Jun 2024 16:56:32 GMT
server: cloudflare
age: 40720
cf-polished: origSize=103828
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
cf-ray: 8a084045df943492-WAW

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 721 B
708 B 90ms
36ms XHR
application/json 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 0dd6d32b18b84e34f0543632d46934585bc6784f24ba8c1fc387e397fc74d9ab

Request headers

Referer: https://www.zscaler.com/
Authorization: Token 1dc729230d6b8d19bab5e6236d81f60c4dca0823
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID: WebTag 6934ae2b-4c76-4229-97d0-8f637b004b88

Response headers

x-trace-id: 8697598272510176290
date: Tue, 09 Jul 2024 12:17:28 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.zscaler.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 388

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 89ms
31ms Preflight 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.zscaler.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Tue, 09 Jul 2024 12:17:28 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 896039852816583880

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
147 B 131ms
129ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 09 Jul 2024 12:17:28 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 clock Show response
tracking.crazyegg.com/ 40 B
147 B 166ms
65ms XHR
text/plain 54.246.153.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1720527448024&tk=80f93ae68d664369d14c6654f4ff8042
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.153.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-153-93.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 0e956c358680c00e004bb898f0a5641c70e38d9e9b4de69aab88e929b0bdd804

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 09 Jul 2024 12:17:28 GMT
cache-control: no-store
server: awselb/2.0
content-length: 40
content-type: text/plain

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ 19 B
462 B 97ms
32ms XHR
application/json 13.35.58.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-128.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 01:43:28 GMT
via: 1.1 38f2daae6c849ed5f695333a9d4104ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P10
age: 25353241
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: uDVtJzsTZVV20vVhksudiXb36oh_pbORNLhw0NihPRhzxJAKUduxxA==

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ 19 B
462 B 98ms
33ms XHR
application/json 18.66.122.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-45.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 20 Dec 2023 01:23:29 GMT
via: 1.1 16aa5c15345b1c0756b83a5ae8ee765e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
age: 17492040
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: lkd03wvyks6gnHyqEqIHnt5DL_5AxaNgc6xhKtSVJd2PGq4OULyzwQ==

GET
H2 200 www.zscaler.com.json Show response
script.crazyegg.com/pages/data-scripts/0097/6635/sampling/ 154 B
256 B 48ms
47ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6635/sampling/www.zscaler.com.json?t=477924
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1cb0fe96622d360e640b6ca18b5ba2ec.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e98aa581b29facc90e4d84fcd13f3bf4e879d57765243f77c7036873d03fa794

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:28 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 10193
ce-version: 11.5.237
content-length: 145
last-modified: Tue, 09 Jul 2024 09:27:35 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a0840464d9bbfee-WAW

GET
BLOB 200
OK ff2a8432-0169-42b7-896a-1a0a90e70a1b
https://www.zscaler.com/ 45 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.zscaler.com/ff2a8432-0169-42b7-896a-1a0a90e70a1b
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 45
Content-Type: text/javascript

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
16 B 127ms
124ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 09 Jul 2024 12:17:28 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 0.7.32 Show response
bat.bing.com/p/insights/s/ 35 KB
15 KB 62ms
62ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/insights/s/0.7.32

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/p/insights/t/26354555

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ad367e536c20c594229b6d90ac4097730886eac4f8e11b07e908e584a62b1268

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Tue, 09 Jul 2024 12:17:27 GMT
x-cache: CONFIG_NOCACHE
x-fd-int-roxy-purgeid: 51562430
content-length: 14999
last-modified: Fri, 10 May 2024 17:30:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E063BF8B876340C4AFA3C89DCC424EA0 Ref B: CPH30EDGE0514 Ref C: 2024-07-09T12:17:28Z
etag: W/"0x8DC7116E7C400CE"
vary: Accept-Encoding
x-azure-ref: 20240709T121728Z-17f9d98b578jq8zgytxfwy2dn000000002s000000000mqqg
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: ed736777-601e-0050-5989-d0ec8b000000
cache-control: public, max-age=86400
x-ms-version: 2018-03-28

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
411 B 136ms
126ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 09 Jul 2024 12:17:27 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 56E8198F9594482E86CED7829B0054EA Ref B: CPH30EDGE0811 Ref C: 2024-07-09T12:17:28Z
linkedin-action: 1
vary: Origin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.zscaler.com
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYcz4NgqHTMsA/zvBgsaQ==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 151ms
151ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=6sense-temp-analytics&svisitor=null&visitor=c80d5641-e1e5-4aa3-8325-89d541086101&session=71c10e0a-171e-4ad6-8dbe-da188cf047fd&event=https%3A%2F%2Fepsilon.6sense.com&q=%7B%22name%22%3A%22https%3A%2F%2Fepsilon.6sense.com%2Fv3%2Fcompany%2Fdetails%22%2C%22entryType%22%3A%22resource%22%2C%22startTime%22%3A2528%2C%22duration%22%3A182.0999984741211%2C%22initiatorType%22%3A%22xmlhttprequest%22%2C%22deliveryType%22%3A%22%22%2C%22nextHopProtocol%22%3A%22%22%2C%22renderBlockingStatus%22%3A%22non-blocking%22%2C%22workerStart%22%3A0%2C%22redirectStart%22%3A0%2C%22redirectEnd%22%3A0%2C%22fetchStart%22%3A2528%2C%22domainLookupStart%22%3A0%2C%22domainLookupEnd%22%3A0%2C%22connectStart%22%3A0%2C%22secureConnectionStart%22%3A0%2C%22connectEnd%22%3A0%2C%22requestStart%22%3A0%2C%22responseStart%22%3A0%2C%22firstInterimResponseStart%22%3A0%2C%22responseEnd%22%3A2710.099998474121%2C%22transferSize%22%3A0%2C%22encodedBodySize%22%3A0%2C%22decodedBodySize%22%3A0%2C%22responseStatus%22%3A200%2C%22serverTiming%22%3A%5B%5D%2C%22metadata%22%3A%7B%22region%22%3A%22eu-central-1a%22%7D%7D&isIframe=false&m=%7B%22endpoint%22%3A%22epsilon.6sense.com%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=&d=1&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:28 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 12:17:28 GMT

GET
BLOB 200
OK 142caa58-64bf-424f-9dc3-00cdf3648080
https://www.zscaler.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.zscaler.com/142caa58-64bf-424f-9dc3-00cdf3648080
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK is Show response
54.156.2.105/ 32 B
437 B 531ms
120ms Fetch
text/plain 54.156.2.105
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://54.156.2.105/is
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=7304606209231057term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.156.2.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-2-105.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: b7ad0826f99ce6657d0450a38de9f52649af58c7e4d6404e26f1066f6d17a6a3

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:28 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain;charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 32
x-application-context: application:prod:8080

GET
H2 200 ca6be1649b2c6bd5aa79ebaa229fa676.js Show response
script.crazyegg.com/pages/versioned/trackingpagestate-scripts/ 20 KB
8 KB 41ms
41ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/trackingpagestate-scripts/ca6be1649b2c6bd5aa79ebaa229fa676.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7701282ea59743a1d336ee5ede4e6805ca9572c28ad013fa956fb39f18de0d69

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:28 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 08 Jul 2024 15:02:26 GMT
server: cloudflare
age: 40713
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
cf-ray: 8a08404779d83492-WAW

GET
BLOB 200
OK d6ab7b54-d89d-4d1b-87f3-c27ea62501e3
https://www.zscaler.com/ 241 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.zscaler.com/d6ab7b54-d89d-4d1b-87f3-c27ea62501e3
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 024e41c582154068167df60396174022322fae5b74c245e2085f1c57f5bb60aa

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 241
Content-Type: text/javascript

POST
H2 204 t Show response
bat.bing.com/p/insights/c/ 0
173 B 169ms
168ms XHR
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/insights/c/t

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/p/insights/s/0.7.32

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/x-webinsights-gzip
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 09 Jul 2024 12:17:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B49BEEF939F745878F60E084DDC96E64 Ref B: CPH30EDGE0514 Ref C: 2024-07-09T12:17:28Z
vary: Origin
x-cache: CONFIG_NOCACHE
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 cf002f9117e70ef1a1dd0008c9c1be41.js Show response
script.crazyegg.com/pages/versioned/tracking-scripts/ 92 KB
30 KB 53ms
53ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/tracking-scripts/cf002f9117e70ef1a1dd0008c9c1be41.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2168b67e80fac2eb8902789f3e31c92269fd82f0635c59ad6d924994e995f6c

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:28 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 08 Jul 2024 15:02:21 GMT
server: cloudflare
age: 40713
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
cf-ray: 8a084047ba863492-WAW

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 90 KB
27 KB 125ms
79ms Script
application/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:28 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 1270
x-guploader-uploadid: ACJd0NoTx0kOFPJIbQUdEdnFMsrsOuI9vrP7KzQTrAH2U5wE7qzwt7_RjLxylGZVIhnF0BiI9AuhCaaPEg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 8a0840494ab5bf3d-WAW
expires: Tue, 09 Jul 2024 12:56:18 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ 3 KB
2 KB 288ms
251ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6cfa86ec457d11cce5d22cbe07d8e79ec8204db06f3cd255f9f0cd83c4b6cae0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Referer: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
_vtok: MTkzLjMyLjI0OC4yMjI=
_zitok: 383d0ac75dc8321ff42f1720527448
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

date: Tue, 09 Jul 2024 12:17:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 8a08404abdbb349d-WAW

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ Frame 0
0 238ms
202ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.zscaler.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a08404938853bba-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jul 2024 12:17:28 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 183ms
183ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.zscaler.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a084049f9763bba-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jul 2024 12:17:28 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 321 B
618 B 191ms
189ms Fetch
application/json 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
Authorization: bearer 370c892e688e1744cd312ed1426b3a
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Jul 2024 12:17:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"141-mLq6O+j3ZcyvZxAx4AvrvpOh24w"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zscaler.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 8a08404b2e11349d-WAW

GET
H/1.1 200
OK st Show response
px.mountain.com/ 2 KB
1 KB 794ms
199ms Script
application/javascript 52.42.124.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=779273250.1720527448&shpt=JanelaRAT%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720527447%22%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%22779273250.1720527448%22%2C%22shpt%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%22779273250.1720527448%22%2C%22mntnis%22%3A%223PUZkCkwgNrFZinHkmZW7w8Cz4nYYODl%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A3%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=779273250.1720527448&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720527447%22%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=7304606209231057term%3Dvalue&shoid=%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Cga4%3Dtrue
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=7304606209231057term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.42.124.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-124-195.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 26f2477691b63f46e481c1395f9c44e9a45ebc84f9f42f9096c40facbb29a84b

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:29 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 1
connection: close

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 134ms
134ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c80d5641-e1e5-4aa3-8325-89d541086101&session=71c10e0a-171e-4ad6-8dbe-da188cf047fd&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A28%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A27%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=3a2d6b90-ddf6-4be3-840b-04ab97476bf8&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:28 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 12:17:28 GMT

GET e3c50d08-c04f-47da-8b64-1ee708b19b2b
https://www.zscaler.com/ 0
0

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 123ms
122ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 09 Jul 2024 12:17:29 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H/1.1 200
OK gs Show response
gs.mountain.com/ 144 B
733 B 801ms
202ms Script
application/javascript 35.81.162.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gs.mountain.com/gs
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=779273250.1720527448&shpt=JanelaRAT%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720527447%22%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%22779273250.1720527448%22%2C%22shpt%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%22779273250.1720527448%22%2C%22mntnis%22%3A%223PUZkCkwgNrFZinHkmZW7w8Cz4nYYODl%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A3%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=779273250.1720527448&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720527447%22%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=7304606209231057term%3Dvalue&shoid=%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Cga4%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.81.162.201 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-81-162-201.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: ed15846a1bb1128a73bb27f35fc6ae410ea81183232595e39fc4029ec286a37d

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:30 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
cache-control: public, max-age=31536000
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 144
x-application-context: application:prod:8080

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 175ms
174ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c80d5641-e1e5-4aa3-8325-89d541086101&session=71c10e0a-171e-4ad6-8dbe-da188cf047fd&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A29%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A28%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=3a2d6b90-ddf6-4be3-840b-04ab97476bf8&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:29 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 12:17:29 GMT

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 123ms
122ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 09 Jul 2024 12:17:30 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H/1.1 200
OK st Show response
px.mountain.com/ 5 KB
2 KB 604ms
217ms Script
application/javascript 52.42.124.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=779273250.1720527448&shpt=JanelaRAT%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720527447%22%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%22779273250.1720527448%22%2C%22shpt%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%22779273250.1720527448%22%2C%22mntnis%22%3A%223PUZkCkwgNrFZinHkmZW7w8Cz4nYYODl%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A3%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=779273250.1720527448&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720527447%22%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&shoid=%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Cga4%3Dtrue&cb=1720527449492904&shguid=13c268a8-3328-3438-af93-975abfcc5083&shgts=1720527450293
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=779273250.1720527448&shpt=JanelaRAT%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720527447%22%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%22779273250.1720527448%22%2C%22shpt%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%22779273250.1720527448%22%2C%22mntnis%22%3A%223PUZkCkwgNrFZinHkmZW7w8Cz4nYYODl%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A3%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=779273250.1720527448&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221720527447%22%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=7304606209231057term%3Dvalue&shoid=%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Cga4%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.42.124.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-124-195.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: c8840e904766c1dd8f3f5bd0fa73318de1c2bc9c983f19b2e08af93423e26694

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 12:17:30 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 21
connection: close

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 128ms
128ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c80d5641-e1e5-4aa3-8325-89d541086101&session=71c10e0a-171e-4ad6-8dbe-da188cf047fd&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A30%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A29%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=3a2d6b90-ddf6-4be3-840b-04ab97476bf8&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:30 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 12:17:30 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 151ms
151ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c80d5641-e1e5-4aa3-8325-89d541086101&session=71c10e0a-171e-4ad6-8dbe-da188cf047fd&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A31%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A30%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=3a2d6b90-ddf6-4be3-840b-04ab97476bf8&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:31 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 12:17:31 GMT

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 147ms
145ms XHR
application/json 2600:1f18:e8a:cd04:9b88:a313:d24d:af44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.zscaler.com
date: Tue, 09 Jul 2024 12:17:32 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET app.js
acsbapp.com/apps/app/dist/js/ 0
0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 36ms
36ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4730v883639532z871607006za200zb71607006&_p=1720527447199&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=779273250.1720527448&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=8&sid=1720527447&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz&en=form_interaction&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_published_date=20230810&ep.blog_child_category=Threatlabz%20Research&ep.author_name=Gaetano%20Pellegrino&ep.author_name_2=Sudeep%20Singh&ep.nid=67336&epn.hit_timestamp=1720527447559&ep.site_classification=marketing&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&ep.loading_time_seconds=0&ep.z_error=false&ep.form_interaction=mkto_form_ready&epn.event_label=1944&_et=1&tfd=7299&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 12:17:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zscaler.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.rudderstack.com
URL: https://api.rudderstack.com/sourceConfig/?p=cdn&v=2.48.12&writeKey=2iW16CYfMWw5tCRDZVbyXGVWLNR

Domain: insight.adsrvr.org
URL: https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&upid=27hmsyx&upv=1.1.0

Domain: www.zscaler.com
URL: blob:https://www.zscaler.com/e3c50d08-c04f-47da-8b64-1ee708b19b2b

Domain: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c80d5641-e1e5-4aa3-8325-89d541086101&session=71c10e0a-171e-4ad6-8dbe-da188cf047fd&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A32%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2012%3A17%3A31%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=3a2d6b90-ddf6-4be3-840b-04ab97476bf8&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.21

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

43 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.zscaler.com/	1970-01-21 00:06:51	Name: _cq_duid Value: 1.1720527446.csRmg2pPDulFzWKV
.zscaler.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1720527446.CoYSWEcKsQHPy3v9
.info.zscaler.com/	1970-01-20 21:55:29	Name: __cf_bm Value: QsEa9difK7zaohZ29n9JOyU_QjYUfsvH7o4GvjSHhaw-1720527446-1.0.1.1-SDCZOozhl5sC0nxTtIOpt4hEnL6pfrsme8reH_lCObWlpOCyCDZzOI2NNQDWGxkK1NTuS02eris0NvlqXWkgFA
obs.iseaskies.com/	1970-01-21 05:59:17	Name: cg_uuid Value: 9a5aebcee0e115180d8447d36a7e18ba
.www.zscaler.com/	1970-01-21 06:41:03	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Tue+Jul+09+2024+14%3A17%3A27+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202403.1.0&browserGpcFlag=0&isIABGlobal=false&consentId=624db097-d7f6-460a-8556-7459e1f6a3c0&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&groups=C0001%3A1%2CC0005%3A0%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0&hosts=H36%3A1%2CH120%3A1%2CH59%3A1%2CH88%3A1%2CH98%3A1%2CH141%3A1%2CH109%3A1%2CH45%3A1%2CH46%3A1%2CH100%3A1%2CH79%3A1%2CH132%3A1%2CH119%3A0%2CH12%3A0%2CH123%3A0%2CH153%3A0%2CH144%3A0%2CH82%3A0%2CH106%3A0%2CH140%3A0%2CH165%3A0%2CH168%3A0%2CH169%3A0%2CH145%3A0%2CH139%3A0%2CH130%3A0%2CH31%3A0%2CH116%3A0%2CH4%3A0%2CH102%3A0%2CH76%3A0%2CH103%3A0%2CH60%3A0%2CH96%3A0%2CH162%3A0%2CH167%3A0%2CH20%3A0%2CH175%3A0%2CH22%3A0%2CH97%3A0%2CH121%3A0%2CH108%3A0%2CH65%3A0%2CH83%3A0%2CH131%3A0%2CH110%3A0%2CH111%3A0%2CH112%3A0%2CH185%3A0%2CH114%3A0%2CH118%3A0%2CH101%3A0%2CH150%3A0%2CH151%3A0%2CH129%3A0%2CH152%3A0%2CH52%3A0%2CH154%3A0%2CH133%3A0%2CH155%3A0%2CH156%3A0%2CH8%3A0%2CH157%3A0%2CH158%3A0%2CH159%3A0%2CH104%3A0%2CH160%3A0%2CH161%3A0%2CH163%3A0%2CH164%3A0%2CH105%3A0%2CH14%3A0%2CH149%3A0%2CH146%3A0%2CH166%3A0%2CH40%3A0%2CH15%3A0%2CH17%3A0%2CH170%3A0%2CH171%3A0%2CH172%3A0%2CH173%3A0%2CH63%3A0%2CH124%3A0%2CH174%3A0%2CH176%3A0%2CH177%3A0%2CH178%3A0%2CH134%3A0%2CH135%3A0%2CH179%3A0%2CH147%3A0%2CH180%3A0%2CH136%3A0%2CH189%3A0%2CH181%3A0%2CH182%3A0%2CH183%3A0%2CH184%3A0%2CH113%3A0%2CH186%3A0%2CH115%3A0%2CH33%3A0%2CH34%3A0%2CH187%3A0%2CH188%3A0&genVendors=
.zscaler.com/	1970-01-21 00:05:03	Name: _gcl_au Value: 1.1.1811877425.1720527448
info.zscaler.com/	1969-12-31 23:59:59	Name: BIGipServerabmweb-nginx-app_https Value: !s6XPk/RNFkjdTUvagI9xdiUvaZp4gsMV9dTNzmrDuYXYe24nJI7QK6x+7Cy6QRXscsLLUQw9tcF/bg==
www.zscaler.com/	1970-01-21 06:41:03	Name: __pdst Value: e78d32afc59f4b1d9daeb05e0e2d7a6d
.zscaler.com/	1970-01-21 07:31:27	Name: _ga Value: GA1.1.779273250.1720527448
.techtarget.com/	1970-01-20 21:55:29	Name: __cf_bm Value: bk.7hMZg6D3VZ3rsYoW1XxandZdxpDXbGxUD6xLBnN4-1720527447-1.0.1.1-PXHGydjHoC0Zt2ukCk5aloKRPmSatNyU.kBjSpFn3G4MOBYWp90fc_KEaBcuvmaoYrIIWVFo6fYHDeiYdJWm0w
.zscaler.com/	1970-01-21 07:31:27	Name: _ga_10SPJ4YJL9 Value: GS1.1.1720527447.1.0.1720527447.60.0.0
.zscaler.com/	1970-01-21 06:41:03	Name: rl_session Value: RudderEncrypt%3AU2FsdGVkX18nhBzstUutEM3dxvdeSmb5qJyw7QdmcFovEBJUmS58crw0K6RP9iqxoIFuOhJIalfK1AiazNAO40z2TXauO3U8tk7M3eM4hH24he4Dw8b%2Bg9dVtyILmhX%2BCvXXbJ0pp5mssEJ5Rqtxpg%3D%3D
.zscaler.com/	1970-01-21 06:41:03	Name: rl_user_id Value: RudderEncrypt%3AU2FsdGVkX1%2BVCV6lk7EtSUFpyr1AuHiLZbSGExf9U60%3D
.zscaler.com/	1970-01-21 06:41:03	Name: rl_trait Value: RudderEncrypt%3AU2FsdGVkX19yBg0Whx4RDZ2JyT0THHupof%2B3Pr8sny8%3D
.zscaler.com/	1970-01-21 06:41:03	Name: rl_group_id Value: RudderEncrypt%3AU2FsdGVkX18k%2FRuC9KPJ2JM9k%2BZGTvirh4GNtNgqx5A%3D
.zscaler.com/	1970-01-21 06:41:03	Name: rl_group_trait Value: RudderEncrypt%3AU2FsdGVkX1%2FY2elZ9kMYXa5DuG5%2BJjeYZwAhjoXVsac%3D
.zscaler.com/	1970-01-21 06:41:03	Name: rl_anonymous_id Value: RudderEncrypt%3AU2FsdGVkX1%2F%2F4yPRRjrHO41V9e8%2BzAUY6Je6sniXQsSjoo1AhKYgJ31eJn8lVKC03DIw1PPyw0PM8w8WBqrnvQ%3D%3D
.zscaler.com/	1970-01-21 06:41:03	Name: rl_page_init_referrer Value: RudderEncrypt%3AU2FsdGVkX1%2F%2Fdgj0JsTMYktVD4KrTzeaFnTIdrDSx8Q%3D
.zscaler.com/	1970-01-21 06:41:03	Name: rl_page_init_referring_domain Value: RudderEncrypt%3AU2FsdGVkX1%2Fr4A3QP7j9rXPC833FWSMA61WTsFHGMNc%3D
.zscaler.com/	1970-01-21 00:05:03	Name: _fbp Value: fb.1.1720527447898.110441146293337459
.adnxs.com/	1970-01-21 07:31:27	Name: receive-cookie-deprecation Value: 1
www.zscaler.com/	1970-01-20 22:05:32	Name: _an_uid Value: 0
www.zscaler.com/	1970-01-21 07:31:27	Name: _gd_visitor Value: c80d5641-e1e5-4aa3-8325-89d541086101
www.zscaler.com/	1970-01-20 21:55:41	Name: _gd_session Value: 71c10e0a-171e-4ad6-8dbe-da188cf047fd
.linkedin.com/	1970-01-21 06:41:03	Name: bcookie Value: "v=2&3c534ea7-4aa5-4404-8651-010d37d41944"
.linkedin.com/	1970-01-21 02:14:39	Name: li_gc Value: MTswOzE3MjA1Mjc0NDc7MjswMjFAU6eIDUX5/seQyKOzhLNAkhtjUC/y+/ToObLQkSsfow==
.linkedin.com/	1970-01-20 21:56:53	Name: lidc Value: "b=VGST03:s=V:r=V:a=V:p=V:g=3247:u=1:x=1:i=1720527447:t=1720613847:v=2:sig=AQEAuC-zCOakTDWYoLXOuYOKiHeGRFNm"
.doubleclick.net/	1970-01-20 22:38:39	Name: ar_debug Value: 1
.zscaler.com/	1969-12-31 23:59:59	Name: _ce.irv Value: new
.zscaler.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.zscaler.com/	1970-01-20 21:56:53	Name: _uetsid Value: 350f10b03ded11efb3e7153194afd4b3\|1cqna7r\|2\|fnb\|0\|1651
.zscaler.com/	1970-01-20 21:56:53	Name: _ce.clock_data Value: 34%2C193.32.248.222%2C1%2C120f067c16b32be659e0180b31e62841%2CChrome%2CDE
.zscaler.com/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.zscaler.com/	1970-01-21 06:41:03	Name: _ce.s Value: v~18e6aa7d20ce31487267f131e0d5c5ae776511c8~lcw~1720527448211~lva~1720527448092~vpv~0~v11.cs~366477~v11.s~35462e30-3ded-11ef-a556-0d902dade1fe~lcw~1720527448212
.doubleclick.net/	1970-01-21 07:17:03	Name: IDE Value: AHWqTUnErIvfwr0JAEFlpG6-UT7dIT5JVFze3so9NUwICOv1kVHivPtvZLhxUpcBNmk
.doubleclick.net/	1970-01-21 02:14:39	Name: receive-cookie-deprecation Value: 1
.zscaler.com/	1970-01-21 07:17:03	Name: _uetvid Value: 350f14803ded11efbc5309e4ebefeb91\|12ofrps\|1720527448387\|1\|1\|bat.bing.com/p/insights/c/t
.www.zscaler.com/	1970-01-21 06:41:03	Name: _zitok Value: 383d0ac75dc8321ff42f1720527448
.zoominfo.com/	1970-01-20 21:55:29	Name: __cf_bm Value: fnbh.41OI9fh7H5ZEJqA3O3e5tfF.tnON.HIPa9Q.QE-1720527448-1.0.1.1-fDPb1M_XIvAF.GT3SCO99xLYH2e2R8900Af4zYIKsECeH49kHbqSVj2ms5d2.jwHsbgjahsU9TbI1nITxxkdPg
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: e0ExXoFZ6m83MjCxqr5PREQSQgSIm3le4JDeJxNIMm4-1720527448570-0.0.1.1-604800000
.mountain.com/	1970-01-21 06:41:03	Name: guid Value: 3609a5f1-3ded-11ef-8942-f396e26ad79a
.px.mountain.com/	1970-01-21 06:41:03	Name: tt Value: "H4sIAAAAAAAAAKtW8guKNzYyNrKMN7IwtlCyMtBBEjG3NAaLICswNDcyMDUyNzE1sLAw01EqU7IyqgUATkh5wUYAAAA="
.mountain.com/	1970-01-21 06:41:03	Name: rt Value: "MzIzMjk6MTcyMDUyNzQ1MA=="

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
worker	verbose	URL: blob:https://www.zscaler.com/d4dcd70e-0272-4e7d-8710-a2603d968a84(Line 1) Message: Error
security	error	URL: https://cdn.pdst.fm/ping.min.js Message: Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the following Content Security Policy directive: "connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/".
javascript	error	URL: https://cdn.pdst.fm/ping.min.js Message: Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the document's Content Security Policy.
security	error	URL: https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js Message: Refused to connect to 'https://api.rudderstack.com/sourceConfig/?p=cdn&v=2.48.12&writeKey=2iW16CYfMWw5tCRDZVbyXGVWLNR' because it violates the following Content Security Policy directive: "connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/".
security	error	URL: https://js.zi-scripts.com/zi-tag.js Message: Refused to load the script 'blob:https://www.zscaler.com/e3c50d08-c04f-47da-8b64-1ee708b19b2b' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com .mountain.com https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com .mountain.com https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

117186981.intellimizeio.com
8541430.fls.doubleclick.net
acsbapp.com
ad.doubleclick.net
api.intellimize.co
api.rudderstack.com
assets-tracking.crazyegg.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.cookielaw.org
cdn.intellimize.co
cdn.pdst.fm
cdn.rudderlabs.com
connect.facebook.net
d.adroll.com
dx.mountain.com
epsilon.6sense.com
geolocation.onetrust.com
gs.mountain.com
ibc-flow.techtarget.com
info.zscaler.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.zi-scripts.com
log.intellimize.co
munchkin.marketo.net
ob.iseaskies.com
obs.iseaskies.com
pagestates-tracking.crazyegg.com
px.ads.linkedin.com
px.mountain.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
script.crazyegg.com
secure.adnxs.com
snap.licdn.com
stats.g.doubleclick.net
tracking.crazyegg.com
trk.techtarget.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.facebook.com
www.google.de
www.googletagmanager.com
www.zscaler.com
acsbapp.com
api.rudderstack.com
b.6sc.co
insight.adsrvr.org
www.zscaler.com
104.16.117.43
104.17.70.206
104.18.37.212
13.107.42.14
13.248.142.121
13.35.58.128
142.250.185.70
142.250.185.99
142.250.186.166
151.101.66.132
18.172.103.101
18.66.122.45
185.89.210.90
2.17.100.193
2001:4860:4802:34::36
2600:1f18:e8a:cd04:9b88:a313:d24d:af44
2600:9000:2090:4a00:c:d449:2a40:93a1
2600:9000:2644:8200:6:9280:1080:93a1
2600:9000:275d:3200:16:a497:9700:93a1
2606:4700:4400::6812:2089
2606:4700:4400::ac40:973c
2606:4700::6812:1d4a
2606:4700::6813:9308
2606:4700::6813:b134
2620:1ec:21::14
2620:1ec:c11::237
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9d
2a02:26f0:3500:10::210:a99
2a02:26f0:ab00::214:8e41
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a05:d018:cc3:fe05:ea3:4257:5c6d:709c
34.111.208.231
34.248.150.175
35.244.142.80
35.81.162.201
44.209.137.118
44.238.160.115
52.42.124.195
52.50.202.118
54.156.2.105
54.246.153.93
88.221.60.75
024e41c582154068167df60396174022322fae5b74c245e2085f1c57f5bb60aa
02b5db103f24a7395fa2623b371ea764e2948337147de780911dc2fcdec49458
02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0dd6d32b18b84e34f0543632d46934585bc6784f24ba8c1fc387e397fc74d9ab
0e956c358680c00e004bb898f0a5641c70e38d9e9b4de69aab88e929b0bdd804
101b9bde526650e874429f01df4b9a53660d9c328a072bef8a31607d27f35d0f
13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5
15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971
1bf28e4da5a9c77541d5933b5b6f4e5255009f8d860bc696428fd16b34c791b5
1e7e36f3f88692d69244aa905916aabc0e00bcc987bbc4cef85324e8c3733266
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
24869e82d0ad60b4055b20d91004096498c1c6f8d59573af7322253e0e84758b
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26f2477691b63f46e481c1395f9c44e9a45ebc84f9f42f9096c40facbb29a84b
299d90488a9b1a7805a3ead99deae96c60a3695bd38904cc1138c17246ca6c78
2b0cd39d290a1403b6303c049dceebac871d07a5f776b53f4e425ec2235d16a8
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
31d8f5d0e01807256c12d40c18410385c9a9985fed650f5537a5450f0582cce6
3618b2465cc3685ffb2dd728fc10a62ba02d648f199b33875b43d11465793e75
42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45a7c6a1906740c5a29a4bae66ba98c9d9aada399744e0a196ff0929f9318aac
464a2a89ca6b0b827fd9598bf6d2dccf5f072cacf0b0f0423f7d30f0e97ce135
4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
538fcc9b374b95f2ffa196d787ca885a3509d02ff1f4adbbb05089a9c83ba72f
54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3
567c68c074541d72c21e88481d0e03f5baa209010b6e58572bb76718fb2754bd
5724bbf488707332ae05dff33e2e3c6f8d58b4dfa425c3f545433fd5e4f94675
57f94a97ea4a43b288e1a82f105e0c6d54a072d26229849e51cfa736a2bf2965
5e8795a6586d273e42fde17a31509d27e6cdd4c05f84f52ef272b43b94330479
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850
6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c
6738e00932f811ec91f92f2d09b779905b179f20a67374e4ed137db52c10d27e
67a3a415c4794047c3cf0af572f8db8b3a4078ee7ff7a8a016053f0198ba8016
67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3
6983cc4d5da374c36c01d4ef660385b7ae33de35414550bfc04c925d311ca5bc
6cfa86ec457d11cce5d22cbe07d8e79ec8204db06f3cd255f9f0cd83c4b6cae0
6f97c73c5c6dfddc49711032baffafe850957484ebeae04cc84a897d5962a796
747b3bdf8958ba6ea546f95ee4255f40cdb156a5e61cb7c0b4324f77181c7991
74dcc1eb2c6f66c23a2fcafd5aeeae1bc9f6570346cd243ba075a4f5ba130dc6
7701282ea59743a1d336ee5ede4e6805ca9572c28ad013fa956fb39f18de0d69
7b05f7b79179d50668be76cd6b4ba41ddb162deb9e674ade630e9942b4e7c335
7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c
7cfc7e7ef1b5a3b8ca8dc185554f0a13e93b88e1ea66e131cb8d8a922039aca7
7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7
7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff
82597ca5e9f0b28679550d3daf2838062560cb46eae1c623b8ed40704ae82dc2
82c53248dd29c08f2a64352ac8fa3a4e72c240d04721d88bb24f6d5b737a04db
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
87565af07d1cabde211838c4025996136c7bb2db2507c920c0e36eb92924611a
89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140
89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723
910c87a7713a41f3e459123f902e195eee2fb9eee25a9aa58566ea73c1914eb8
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
974c75cae56258569c9e08ba3e7c89556dfa21cb979b1106d91171d20c42d82b
97cbac11ec6ac94419d02dcecf53b4f2c3fb2b2481bdd97a3cddbed06e556c4d
98926f6a05762a8c79f70f820734ace36564c10c9e2f992275589d8163369b54
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd
9e89b63ab295246ae2aeb6c6084e9ff457edb842c2e7a4cc378e0fef45589d60
9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc
a268bdbb851f2c43ee7c191a0bd60773d5c23f80b024b8b20f86fda0fa500255
a97bc8ec679a82ec782bd76c7302c0ca394c1ad672450f86f87bee5e0ec06b19
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ad367e536c20c594229b6d90ac4097730886eac4f8e11b07e908e584a62b1268
ada28a7dd69999d0d6c34b24a1c93c1d7c17be16eee58e7398cba75d6a43d600
ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10
af077170dcb4f01a49653913e655c6079ce4332916f39f4dae14bd0e05e232db
af26d202b6d2736172ff073329e6f14d009024925757d31c4b4bde701bcde4e0
b313dd302550e78e611dd129c0fc501e5544450488c199b44eb20107f69eba3d
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
b41158b6ab9bf7e5b1ea3911002ac406b5a73691985d550f91258ddd1b42dade
b7ad0826f99ce6657d0450a38de9f52649af58c7e4d6404e26f1066f6d17a6a3
b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8
b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc
b90a5cc2cfa337fc639223ceac088e87a637115294d20d73ce0cc324dd8b7fa9
beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac
c0dd6d0a7a8e09aaebac019af09fcd53af3147d55913c47530e7b28d773075ee
c52c74d5f72fba35bbb92461ac20ea6d80b9e826d28369d5fa6010d9838508ee
c551aba4de091a3d8da59cc0c4e031f5bab35d829bd6566696910af19e3bac9c
c8840e904766c1dd8f3f5bd0fa73318de1c2bc9c983f19b2e08af93423e26694
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca893d08733f6bf10a8ef03aa850b01501febd245019dd7940a5b9bb320ea0a9
cc106c3c14f9b7cef90cdb279d64dcf92da19a9112195d32a56b7a6746121770
ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336
cf535071929fbe70e3c17edb25abd5115a9e913fb7c40a1119691247fc74ee83
d06d5e37644f6addafd8e549dbd74a48bf443b4b06b75172009bc56cd38c42f8
d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f
d2168b67e80fac2eb8902789f3e31c92269fd82f0635c59ad6d924994e995f6c
d93115e62ae3ac35a8d89087d2d8900304ddcf2b1c8a40117304997772a17ec4
d93678cd5cd441e9799a92c62a8e54e3f5525ee608633476d5a3062ec523820b
db0163d425d4dc195528d58a02779d27e841f1158accbfc2303e599aeed1ecff
dc1a746e4540f4be2f9172e2403669d454784c6ff4e5394e5c89f6d24f22af83
dc7bce7cbccddb325bbaca372fce7fb4c59857efc717ee1935cb8173a28c63af
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dfbd8d7a089d17409d244b68361d28f48afd0eceb7ef00f965afeba00468c780
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb
e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090
e98aa581b29facc90e4d84fcd13f3bf4e879d57765243f77c7036873d03fa794
e99150abc2550e0f94444a51e076d83c8825451341beac00f7e11176561ebab6
ea365b9060720c4d76b6baae2fd6e02031826a78a8df236c7b281efbbb0f32ba
ed15846a1bb1128a73bb27f35fc6ae410ea81183232595e39fc4029ec286a37d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f23f53e414e418ba0b70cf9106982d493e4d3554fc1929533737d4f595f89f7e
f2d13675b5f834ac007b37d59e7dc7b216dce2beefc3111ecfb91b321987685b
f410871d8e23e4983d42551f8d24d2a3801af66f144e50ed9c9968a8898fdb53
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5
fb6ace03aeac78105f826dbd0e0b1042b42d67e61255e4ed092bf632756b2755
fb8352741015cc1aa5fec563bced353a84d196697cd79bb51fb4410fd0699786
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c
fd06da99f01b4d5e3fc4c54e4e3cf4ae18803c08bc113e4cb923638d6e683278
fd77b51b33769c81019c11e996e61bb4c0563aedae411b098cf3dc6c79116ec3
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.zscaler.com Open in urlscan Pro 2606:4700::6812:1d4a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

173 Requests

93 %HTTPS

43 %IPv6

30 Domains

49 Subdomains

45 IPs

5 Countries

1964 kBTransfer

7189 kBSize

43 Cookies

33 Outgoing links

Redirected requests

173 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.zscaler.com Open in urlscan Pro
2606:4700::6812:1d4a Public Scan

Screenshot
Live screenshot

Full Image

173
Requests

93 %
HTTPS

43 %
IPv6

30
Domains

49
Subdomains

45
IPs

5
Countries

1964 kB
Transfer

7189 kB
Size

43
Cookies

173 HTTP transactions
0 data transactions