URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Submission: On July 11 via api from US — Scanned from DE

Summary

This website contacted 43 IPs in 4 countries across 32 domains to perform 124 HTTP transactions. The main IP is 2606:4700::6812:1d4a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com. The Cisco Umbrella rank of the primary domain is 70419.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 9th 2022. Valid for: a year.
This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
23 2606:4700::68... 13335 (CLOUDFLAR...)
8 2606:4700::68... 13335 (CLOUDFLAR...)
1 54.160.32.126 14618 (AMAZON-AES)
2 104.92.72.193 16625 (AKAMAI-AS)
5 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
10 104.92.74.202 16625 (AKAMAI-AS)
3 142.250.186.34 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 6 2600:9000:225... 16509 (AMAZON-02)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 3 142.250.186.166 15169 (GOOGLE)
1 152.195.15.58 15133 (EDGECAST)
2 2a03:2880:f02... 32934 (FACEBOOK)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 54.69.255.140 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
1 185.89.210.82 29990 (ASN-APPNEX)
1 2a02:26f0:ef:... 20940 (AKAMAI-ASN1)
1 2001:4860:480... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
2 18.198.216.61 16509 (AMAZON-02)
3 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 192.28.144.124 15224 (OMNITURE)
2 4 2a00:1450:400... 15169 (GOOGLE)
2 6 2a00:1450:400... 15169 (GOOGLE)
6 13.224.189.101 16509 (AMAZON-02)
1 206.19.49.24 7018 (ATT-INTER...)
1 54.229.182.75 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 1 2a00:1450:400... 15169 (GOOGLE)
2 2620:1ec:27::... 8075 (MICROSOFT...)
2 34.210.219.79 16509 (AMAZON-02)
3 52.167.85.21 8075 (MICROSOFT...)
1 35.81.162.201 16509 (AMAZON-02)
1 151.101.2.137 54113 (FASTLY)
1 2 20.234.93.27 8075 (MICROSOFT...)
1 162.247.241.14 23467 (NEWRELIC-...)
124 43
Apex Domain
Subdomains
Transfer
23 zscaler.com
www.zscaler.com — Cisco Umbrella Rank: 70419
746 KB
11 6sc.co
j.6sc.co — Cisco Umbrella Rank: 7170
c.6sc.co — Cisco Umbrella Rank: 10598
ipv6.6sc.co — Cisco Umbrella Rank: 7405
b.6sc.co — Cisco Umbrella Rank: 4734
17 KB
10 doubleclick.net
12179156.fls.doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 119
googleads.g.doubleclick.net — Cisco Umbrella Rank: 54
6 KB
8 google.de
www.google.de — Cisco Umbrella Rank: 5448
adservice.google.de — Cisco Umbrella Rank: 7751
2 KB
8 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 5133
www.google.com — Cisco Umbrella Rank: 8
adservice.google.com — Cisco Umbrella Rank: 92
2 KB
8 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 450
118 KB
7 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 579
i.clarity.ms — Cisco Umbrella Rank: 5240
c.clarity.ms — Cisco Umbrella Rank: 1113
26 KB
7 adroll.com
s.adroll.com — Cisco Umbrella Rank: 2305
d.adroll.com — Cisco Umbrella Rank: 1568
21 KB
6 fullcircleinsights.com
st.fullcircleinsights.com — Cisco Umbrella Rank: 82665
6 KB
5 googleusercontent.com
lh5.googleusercontent.com — Cisco Umbrella Rank: 202
lh6.googleusercontent.com — Cisco Umbrella Rank: 732
207 KB
4 reactful.com
visitor.reactful.com — Cisco Umbrella Rank: 99870
tracking.reactful.com — Cisco Umbrella Rank: 127103
107 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 395
www.linkedin.com — Cisco Umbrella Rank: 485
px4.ads.linkedin.com — Cisco Umbrella Rank: 5675
3 KB
4 mountain.com
dx.mountain.com — Cisco Umbrella Rank: 6867
px.mountain.com — Cisco Umbrella Rank: 6749
gs.mountain.com — Cisco Umbrella Rank: 12571
8 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 362
c.bing.com — Cisco Umbrella Rank: 182
13 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49
20 KB
3 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 126
33 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 96
315 B
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 10642
448 B
2 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 12693
apt.techtarget.com — Cisco Umbrella Rank: 16054
2 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 155
109 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 89
162 KB
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3505
6 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 284
716 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 412
14 KB
1 mktoresp.com
306-zej-256.mktoresp.com — Cisco Umbrella Rank: 590732
318 B
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 408
705 B
1 cloudfront.net
d2i34c80a0ftze.cloudfront.net
11 KB
1 bizible.com
cdn.bizible.com — Cisco Umbrella Rank: 7048
32 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 780
3 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 766
432 B
1 sf14g.com
t.sf14g.com — Cisco Umbrella Rank: 42397
0 adsrvr.org Failed
match.adsrvr.org Failed
124 32
Domain Requested by
23 www.zscaler.com www.zscaler.com
8 b.6sc.co www.zscaler.com
8 cdn.cookielaw.org www.zscaler.com
cdn.cookielaw.org
7 www.google.de www.zscaler.com
12179156.fls.doubleclick.net
6 st.fullcircleinsights.com www.zscaler.com
6 www.google.com 2 redirects www.zscaler.com
6 s.adroll.com 2 redirects www.googletagmanager.com
www.zscaler.com
s.adroll.com
4 googleads.g.doubleclick.net 2 redirects www.googleadservices.com
4 lh5.googleusercontent.com www.zscaler.com
3 i.clarity.ms www.zscaler.com
3 visitor.reactful.com www.zscaler.com
3 stats.g.doubleclick.net www.googletagmanager.com
www.zscaler.com
3 12179156.fls.doubleclick.net 1 redirects www.googletagmanager.com
adservice.google.com
3 www.google-analytics.com www.googletagmanager.com
www.zscaler.com
3 www.googleadservices.com www.googletagmanager.com
12179156.fls.doubleclick.net
www.googleadservices.com
2 c.clarity.ms 1 redirects
2 px.mountain.com dx.mountain.com
www.zscaler.com
2 www.clarity.ms bat.bing.com
www.clarity.ms
2 www.facebook.com www.zscaler.com
2 px.ads.linkedin.com 2 redirects
2 epsilon.6sense.com www.zscaler.com
2 connect.facebook.net www.zscaler.com
connect.facebook.net
2 bat.bing.com www.googletagmanager.com
bat.bing.com
2 www.googletagmanager.com www.zscaler.com
www.googletagmanager.com
2 munchkin.marketo.net www.zscaler.com
munchkin.marketo.net
1 bam.nr-data.net js-agent.newrelic.com
1 c.bing.com 1 redirects
1 js-agent.newrelic.com www.zscaler.com
1 gs.mountain.com www.zscaler.com
1 tracking.reactful.com www.zscaler.com
1 adservice.google.de 1 redirects
1 adservice.google.com 12179156.fls.doubleclick.net
1 d.adroll.com s.adroll.com
1 apt.techtarget.com www.zscaler.com
1 lh6.googleusercontent.com www.zscaler.com
1 306-zej-256.mktoresp.com munchkin.marketo.net
1 px4.ads.linkedin.com www.zscaler.com
1 www.linkedin.com 1 redirects
1 region1.analytics.google.com www.googletagmanager.com
1 ipv6.6sc.co www.zscaler.com
1 c.6sc.co www.zscaler.com
1 secure.adnxs.com www.zscaler.com
1 d2i34c80a0ftze.cloudfront.net www.googletagmanager.com
1 dx.mountain.com www.zscaler.com
1 trk.techtarget.com www.zscaler.com
1 cdn.bizible.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 j.6sc.co www.zscaler.com
1 geolocation.onetrust.com www.zscaler.com
1 t.sf14g.com www.zscaler.com
0 match.adsrvr.org Failed www.zscaler.com
124 51
Subject Issuer Validity Valid
www.zscaler.com
DigiCert SHA2 Extended Validation Server CA
2022-03-09 -
2023-02-24
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2022-05-01 -
2023-05-01
a year crt.sh
t.sf14g.com
Go Daddy Secure Certificate Authority - G2
2021-07-11 -
2022-08-12
a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2022-02-06 -
2023-02-07
a year crt.sh
*.googleusercontent.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2022-01-12 -
2023-01-12
a year crt.sh
*.6sc.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-08 -
2023-03-11
a year crt.sh
www.googleadservices.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
s.adroll.com
Amazon
2022-07-03 -
2023-08-01
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2022-03-01 -
2023-03-01
a year crt.sh
www.bing.com
Microsoft RSA TLS CA 01
2022-06-10 -
2022-12-10
6 months crt.sh
*.doubleclick.net
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
io.bizible.com
DigiCert TLS RSA SHA256 2020 CA1
2022-06-30 -
2023-07-31
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-04-19 -
2022-07-18
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-08-25 -
2022-08-24
a year crt.sh
*.mountain.com
Go Daddy Secure Certificate Authority - G2
2022-05-21 -
2023-06-22
a year crt.sh
*.cloudfront.net
Amazon
2022-02-01 -
2023-01-31
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
www.google.de
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.6sense.com
Amazon
2022-05-31 -
2023-06-29
a year crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1
2021-11-30 -
2022-11-30
a year crt.sh
aws-st.fullcircleinsights.com
Amazon
2022-06-13 -
2023-07-11
a year crt.sh
www.google.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.google.de
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.techtarget.com
Sectigo RSA Domain Validation Secure Server CA
2021-10-13 -
2022-11-12
a year crt.sh
adroll.mgr.consensu.org
Amazon
2021-09-09 -
2022-10-08
a year crt.sh
*.google.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.reactful.com
Go Daddy Secure Certificate Authority - G2
2022-05-11 -
2023-05-09
a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1
2022-02-27 -
2023-02-27
a year crt.sh
*.googleadservices.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 02
2022-06-07 -
2023-06-02
a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2
2022-07-10 -
2023-08-11
a year crt.sh
*.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1
2022-01-10 -
2023-02-10
a year crt.sh

This page contains 5 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Frame ID: 5CD5E96D95F573242D5171AD62E5AF60
Requests: 113 HTTP requests in this frame

Frame: https://12179156.fls.doubleclick.net/activityi;dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Frame ID: 16693B2DE1408957D27CCAC45B36D433
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Frame ID: 55CAF0CA869D024457DCF04778598DCD
Requests: 1 HTTP requests in this frame

Frame: https://12179156.fls.doubleclick.net/ddm/fls/r/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Frame ID: A8346CB1077D9F601CECA524E6D2727F
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 03652AFA8E092C0A640480C3D971DA66
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Analysis of top non-HTTP/S threats | Zscaler Blog

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:a|s)\.adroll\.com

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

124
Requests

94 %
HTTPS

55 %
IPv6

32
Domains

51
Subdomains

43
IPs

4
Countries

1670 kB
Transfer

4380 kB
Size

49
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35
  • https://12179156.fls.doubleclick.net/activityi;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols HTTP 302
  • https://12179156.fls.doubleclick.net/activityi;dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Request Chain 51
  • https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 52
  • https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js HTTP 302
  • https://s.adroll.com/j/pre/index.js
Request Chain 57
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1657545317867&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1657545317867%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fcatching-rats-over-custom-protocols%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1657545317867&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1657545317867&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&liSync=true&e_ipv6=AQKAzvSnqUAccAAAAYHtZl-0mVcMwH0LjEqsqx0BI8w6Y4-rgX8btnzBS_N5U61qhicazD1z0T6D
Request Chain 61
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10943497988/?random=1657545317881&cv=9&fst=1657545317881&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&hn=www.googleadservices.com&async=1 HTTP 302
  • https://www.google.com/pagead/1p-user-list/10943497988/?random=1657545317881&cv=9&fst=1657544400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&async=1&is_vtc=1&random=1848129223&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-user-list/10943497988/?random=1657545317881&cv=9&fst=1657544400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&async=1&is_vtc=1&random=1848129223&resp=GooglemKTybQhCsO&ipr=y
Request Chain 87
  • https://adservice.google.de/ddm/fls/i/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols HTTP 302
  • https://12179156.fls.doubleclick.net/ddm/fls/r/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Request Chain 93
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10943122199/?random=433256278&cv=9&fst=1657545318485&num=1&npa=1&label=m0jnCIrw_8sDEJeWi-Io&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F12179156.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKaq-7718PgCFWS3UQodN4IJ3w%3Bsrc%3D12179156%3Btype%3Dpv%3Bcat%3Dapv%3Bord%3D1%3Bnum%3D9774550557540%3Bgtm%3D2wg760%3Bauiddc%3D401962233.1657545318%3B~oref%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fcatching-rats-over-custom-protocols&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=ZiLMYsPvHpmH9fgPmtSRmAU&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/10943122199/?random=433256278&cv=9&fst=1657545318485&num=1&npa=1&label=m0jnCIrw_8sDEJeWi-Io&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F12179156.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKaq-7718PgCFWS3UQodN4IJ3w%3Bsrc%3D12179156%3Btype%3Dpv%3Bcat%3Dapv%3Bord%3D1%3Bnum%3D9774550557540%3Bgtm%3D2wg760%3Bauiddc%3D401962233.1657545318%3B~oref%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fcatching-rats-over-custom-protocols&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=ZiLMYsPvHpmH9fgPmtSRmAU&cid=CAQSKQCNIrLMTUiptWgSPCYHO5hOaL60okYss4CbgpLx8442A7DwsKHMtLV9&random=3568935436&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/10943122199/?random=433256278&cv=9&fst=1657545318485&num=1&npa=1&label=m0jnCIrw_8sDEJeWi-Io&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F12179156.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKaq-7718PgCFWS3UQodN4IJ3w%3Bsrc%3D12179156%3Btype%3Dpv%3Bcat%3Dapv%3Bord%3D1%3Bnum%3D9774550557540%3Bgtm%3D2wg760%3Bauiddc%3D401962233.1657545318%3B~oref%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fcatching-rats-over-custom-protocols&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=ZiLMYsPvHpmH9fgPmtSRmAU&cid=CAQSKQCNIrLMTUiptWgSPCYHO5hOaL60okYss4CbgpLx8442A7DwsKHMtLV9&random=3568935436&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Request Chain 111
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?CtsSyncId=14F211C67C654A7BA46706A926A32519&RedC=c.clarity.ms&MXFR=1E771EFC8EA56ECD268C0F228AA5609C HTTP 302
  • https://c.clarity.ms/c.gif?CtsSyncId=14F211C67C654A7BA46706A926A32519&MUID=1043F3F2A6586EF13E25E22CA78A6F1D

124 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request catching-rats-over-custom-protocols
www.zscaler.com/blogs/security-research/
202 KB
45 KB
Document
General
Full URL
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7918450c7e410828b4dd49f2caf420d2022cd213a46e4cb0491889cdfc998c7d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
cache-control
must-revalidate, no-cache, private
cf-cache-status
DYNAMIC
cf-ray
7291ce841c15bbe6-FRA
content-encoding
br
content-language
en
content-security-policy
frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com
content-type
text/html; charset=UTF-8
date
Mon, 11 Jul 2022 13:15:17 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Sun, 19 Nov 1978 05:00:00 GMT
permissions-policy
interest-cohort=()
server
cloudflare
strict-transport-security
max-age=31536000; preload
vary
X-UA-Device,Accept-Encoding
via
varnish
x-ah-environment
prod
x-cache
MISS
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-request-id
v-80388d68-011b-11ed-a7f8-2b4e5ae63621
x-ua-compatible
IE=edge
OtAutoBlock.js
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/
7 KB
3 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/OtAutoBlock.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eaa42f47f6a654a47e81beab22e41b86f4cdce5306691610e8c5169c5407791a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
SGsZv7LqXcQ+QBpDwAJgfQ==
age
6400
vary
Accept-Encoding
content-length
2227
x-ms-lease-status
unlocked
last-modified
Thu, 12 May 2022 06:43:48 GMT
server
cloudflare
etag
0x8DA33E2C517927A
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3b503ba6-901e-0175-3bcb-651908000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7291ce98bf5c9be8-FRA
expires
Mon, 11 Jul 2022 17:15:17 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
20 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7aaad78d13ba343554d09043d46b9f563fb3c06d4789f7faf5e45a7247458894
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
4m3LBpuQ5au3un+sbdTm6g==
age
4984
vary
Accept-Encoding
content-length
6922
x-ms-lease-status
unlocked
last-modified
Mon, 11 Jul 2022 02:32:19 GMT
server
cloudflare
etag
0x8DA62E593E953D7
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
36f72d37-601e-008a-38d2-9462c5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7291ce98bf5e9be8-FRA
google_tag.script.js
www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/
347 B
377 B
Script
General
Full URL
https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/google_tag.script.js?repban
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
262792
x-cache
MISS
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-7fa2ceec-feb7-11ec-8010-a75c9497d1ca
last-modified
Fri, 08 Jul 2022 12:13:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7291ce98ee09bbe6-FRA
expires
Sat, 08 Jul 2023 12:14:21 GMT
css_a6t6c2U5yk2snc7X02PTcvY_BOMsl3V7Tyjq15nbyYM.css
www.zscaler.com/sites/default/files/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css_a6t6c2U5yk2snc7X02PTcvY_BOMsl3V7Tyjq15nbyYM.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bab7a736539ca4dac9dced7d363d372f63f04e32c97757b4f28ead799dbc983
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1563073
x-cache
MISS
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-22e8f89e-a9d9-11ec-8c21-5791684c69c2
last-modified
Sun, 20 Feb 2022 18:11:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
max-age=31536000
content-security-policy
frame-ancestors 'self';
cf-ray
7291ce989d92bbe6-FRA
expires
Wed, 22 Mar 2023 12:11:00 GMT
zscaler-stylesheet.min.css
www.zscaler.com/sites/default/files/cohesion/styles/base/
366 KB
29 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/cohesion/styles/base/zscaler-stylesheet.min.css?repban
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fe70db1abbd6444383c5af5b2eba59a5592077dfe5fc617a3f362f87256fc46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
262792
x-cache
MISS
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-6f13180c-feb7-11ec-9759-ff07af7865dc
last-modified
Wed, 29 Jun 2022 03:53:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
max-age=31536000
cf-ray
7291ce989d94bbe6-FRA
expires
Sat, 08 Jul 2023 12:13:53 GMT
css__aecc4Kzy3q8M1Yshjl0Vfk7-zpFhn0xlyLJDLJz5ZI.css
www.zscaler.com/sites/default/files/css/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css__aecc4Kzy3q8M1Yshjl0Vfk7-zpFhn0xlyLJDLJz5ZI.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fda79c7382b3cb7abc33562c86397455f93bfb3a45867d319722c90cb273e592
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1557866
x-cache
MISS
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-64cdf91c-c531-11ec-9ccf-9f585ad43634
last-modified
Tue, 26 Apr 2022 07:20:45 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
max-age=31536000
content-security-policy
frame-ancestors 'self';
cf-ray
7291ce989d95bbe6-FRA
expires
Wed, 26 Apr 2023 07:20:47 GMT
zscaler-stylesheet.min.css
www.zscaler.com/sites/default/files/cohesion/styles/theme/
28 KB
4 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/cohesion/styles/theme/zscaler-stylesheet.min.css?repban
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60f91174dc2152b8e2b49e09ca5f210d1b63504a1096637c60c44d258d3b8569
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
262792
x-cache
MISS
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-6f123b3a-feb7-11ec-8c6c-572b7704423e
last-modified
Wed, 29 Jun 2022 03:53:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
max-age=31536000
cf-ray
7291ce989d96bbe6-FRA
expires
Sat, 08 Jul 2023 12:13:53 GMT
css_1nqUI_FL4b9wfudUKNX6vB0olLZFEvnApVsQM0sRhDM.css
www.zscaler.com/sites/default/files/css/
2 KB
676 B
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css_1nqUI_FL4b9wfudUKNX6vB0olLZFEvnApVsQM0sRhDM.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d67a9423f14be1bf707ee75428d5fabc1d2894b64512f9c0a55b10334b118433
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
9356313
x-cache
MISS
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-d28e707a-ac00-11ec-b587-9fff90baf831
last-modified
Fri, 25 Mar 2022 05:59:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
max-age=31536000
content-security-policy
frame-ancestors 'self';
cf-ray
7291ce989d97bbe6-FRA
expires
Sat, 25 Mar 2023 06:00:07 GMT
css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
www.zscaler.com/sites/default/files/css/
446 KB
72 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5af5a6b85031bd2e34548dc036e0695c538c5bf869d8264fee3636d2d870ee09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
367077
x-cache
MISS
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-a132e72a-fdbf-11ec-bdf0-c736145a4a85
last-modified
Thu, 07 Jul 2022 06:29:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
max-age=31536000
cf-ray
7291ce989d98bbe6-FRA
expires
Fri, 07 Jul 2023 06:40:02 GMT
logo.svg
www.zscaler.com/themes/custom/zscaler/
2 KB
1 KB
Image
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/logo.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb71a91ef4937bdac04520d7e7b1852bb28635ae850934d440360ccc8142c1a4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1570925
x-cache
HIT
x-cache-hits
6
x-ah-environment
prod
content-encoding
br
vary
Host, Accept-Encoding
x-request-id
v-5da938a8-aae8-11ec-9e56-17e4645a8dc3
last-modified
Tue, 22 Mar 2022 12:02:36 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/svg+xml
cache-control
public, max-age=31536000
content-security-policy
frame-ancestors 'self';
cf-ray
7291ce98fe1dbbe6-FRA
expires
Tue, 11 Jul 2023 13:15:17 GMT
3e894970-e3e9-4783-85e9-7c38eedbfbbf.json
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/3e894970-e3e9-4783-85e9-7c38eedbfbbf.json
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c07e30db528eba56d8a6ef279d770151b952681e1b5d6ba30a24ad26561d3b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Ud1czpwDkbcUUXsbJSHVMQ==
vary
Accept-Encoding
content-length
1660
x-ms-lease-status
unlocked
last-modified
Thu, 12 May 2022 06:43:48 GMT
server
cloudflare
etag
0x8DA33E2C511EDFF
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
258439ff-a01e-0139-67cb-65de17000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7291ce9918e09a12-FRA
expires
Mon, 11 Jul 2022 17:15:17 GMT
gt-haptik-zs-regular-webfont.woff2
www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/
18 KB
19 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/gt-haptik-zs-regular-webfont.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f7832c8054c16e592d3697f5612969b692ac94197aa591b5487795f7c928c1b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1576419
x-cache
HIT
x-cache-hits
17
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
18848
x-request-id
v-d0b4b67a-aa9c-11ec-9059-d7592967ce35
last-modified
Tue, 15 Mar 2022 06:45:50 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
cache-control
public, max-age=31536000
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
7291ce997f3bbbe6-FRA
expires
Tue, 11 Jul 2023 13:15:17 GMT
fa-solid-900.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/
134 KB
135 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-solid-900.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d23676da3d5b10007f7f675da723f274604cd88397dc25c4721519973994a71
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
9085346
x-cache
HIT
x-cache-hits
19
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
137704
x-request-id
v-d0b5b250-aa9c-11ec-9bec-e389f93b2512
last-modified
Wed, 09 Mar 2022 07:46:43 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
cache-control
public, max-age=31536000
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
7291ce997f3cbbe6-FRA
expires
Tue, 11 Jul 2023 13:15:17 GMT
email-decode.min.js
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
825 B
Script
General
Full URL
https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 06 Jul 2022 12:55:25 GMT
server
cloudflare
etag
W/"62c5863d-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
strict-transport-security
max-age=31536000; preload
cf-ray
7291ce99cf9fbbe6-FRA
vary
Accept-Encoding
expires
Wed, 13 Jul 2022 13:15:17 GMT
js_nUIqGgIGzszy652jaeIFk6QLIr78SMx4nek9q1G_VvI.js
www.zscaler.com/sites/default/files/js/
448 KB
139 KB
Script
General
Full URL
https://www.zscaler.com/sites/default/files/js/js_nUIqGgIGzszy652jaeIFk6QLIr78SMx4nek9q1G_VvI.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d422a1a0206ceccf2eb9da369e20593a40b22befc48cc789de93dab51bf56f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1232445
x-cache
MISS
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
x-request-id
v-e89d83de-f5e2-11ec-8af6-f305ec3d0f8a
last-modified
Mon, 27 Jun 2022 06:32:13 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/javascript
cache-control
max-age=31536000
cf-ray
7291ce99cfa5bbe6-FRA
expires
Tue, 27 Jun 2023 06:32:25 GMT
home-footer-background@2x.jpg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/footer/
93 KB
93 KB
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/footer/home-footer-background@2x.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e5618bc46938d4c3e4832af45f797ea0887d28aeae59379f0e728198e2dd380
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
vary
Accept, Accept-Encoding
content-length
95086
last-modified
Tue, 22 Mar 2022 14:16:50 GMT
server
cloudflare
etag
"cfBN6SCxrfM1HzTrBQNV_7TA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
warning
cf-images 299 "image too large for AVIF"
content-type
image/webp
cache-control
public, max-age=31536000
cf-resized
internal=ok/h q=0 n=20 c=468 v=2022.7.0 l=95086
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
accept-ranges
bytes
cf-ray
7291ce99dfb8bbe6-FRA
cf-bgj
imgq:86,h2pri
gt-haptik-zs-medium-webfont.woff2
www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/
19 KB
19 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/gt-haptik-zs-medium-webfont.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0026207a95ec76029445ec7fd6eda7a06dfb1778cb84464e36f661711db17ea4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
9085466
x-cache
HIT
x-cache-hits
17
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
19504
x-request-id
v-d0b59cb6-aa9c-11ec-8fe6-dbc493aeea26
last-modified
Tue, 15 Mar 2022 06:46:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
cache-control
public, max-age=31536000
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
7291ce99dfc4bbe6-FRA
expires
Tue, 11 Jul 2023 13:15:17 GMT
fa-brands-400.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/
74 KB
74 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-brands-400.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79e40ce5098ca3d5d3ed476b2b4e156829bdec21fb8c07bab967f6525f5c5677
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1570592
x-cache
HIT
x-cache-hits
19
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
76008
x-request-id
v-d0b6aa70-aa9c-11ec-9161-6b6400a0dbaa
last-modified
Wed, 09 Mar 2022 07:47:31 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
cache-control
public, max-age=31536000
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
7291ce99dfc9bbe6-FRA
expires
Tue, 11 Jul 2023 13:15:17 GMT
sf14g.js
t.sf14g.com/
0
0
Script
General
Full URL
https://t.sf14g.com/sf14g.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_nUIqGgIGzszy652jaeIFk6QLIr78SMx4nek9q1G_VvI.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.160.32.126 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-160-32-126.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_nUIqGgIGzszy652jaeIFk6QLIr78SMx4nek9q1G_VvI.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.72.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-72-193.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:17 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
zscaler-blog-botnets-1%402x_4.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blogs/----category-images/botnets/
69 KB
69 KB
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blogs/----category-images/botnets/zscaler-blog-botnets-1%402x_4.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af1ddcf5d9d49c15699ecb92692482e19f61ed13a306d5270376078bc6dd09d4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
vary
Accept, Accept-Encoding
content-length
70723
last-modified
Fri, 04 Sep 2020 16:30:00 GMT
server
cloudflare
etag
"cfFQK57MTHIHx1_Y582DrVqA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
max-age=31536000
cf-resized
internal=ok/h q=0 n=34 c=377 v=2022.7.2 l=70723
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
accept-ranges
bytes
cf-ray
7291ce9ad9a1bbe6-FRA
cf-bgj
imgq:85,h2pri
aYzD50PDgdfzxXZyjeGnZ1rFbL-b7dYT3UQCAZqIIgf8MAI3Adj4MziWl0n-AuYx6tISUTHpur-YwI9J7Z2s7gKMRX_eLqMUMoDEdQ1NcJYgiHUZNj6taGB_E-S9p0XZ7MhBSPR1
lh5.googleusercontent.com/
22 KB
22 KB
Image
General
Full URL
https://lh5.googleusercontent.com/aYzD50PDgdfzxXZyjeGnZ1rFbL-b7dYT3UQCAZqIIgf8MAI3Adj4MziWl0n-AuYx6tISUTHpur-YwI9J7Z2s7gKMRX_eLqMUMoDEdQ1NcJYgiHUZNj6taGB_E-S9p0XZ7MhBSPR1
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ef18ecb20e0f46b943f837d346177eaf89bed6266816f83a467284e64297a396
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="YDVISabfLyJBjeqGmWrPSogDORf50YFRe8cLIHmyFPYxrmKhcYctYq0jzDyFZnrHK-zTmjy7kBRg7KG8jii7m2vV_lsG_MUVq1eEHSTORt48hPIoGrKCX8LpGIg7B5pd0Mebf3n_.png"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22421
x-xss-protection
0
expires
Tue, 12 Jul 2022 13:15:17 GMT
PriwwYlpzpsb-E89vgyjWguBklqQvrw8j4DN9ttZ_LaIShbiWvvvyVjUw-MgUxV6X-JU_DTOWtl5VGU06GqCY83AsXDuBJee6_cx0egzqKtIVxD7TnkT1-z_frrKimsVbb7Z9ApG
lh5.googleusercontent.com/
23 KB
23 KB
Image
General
Full URL
https://lh5.googleusercontent.com/PriwwYlpzpsb-E89vgyjWguBklqQvrw8j4DN9ttZ_LaIShbiWvvvyVjUw-MgUxV6X-JU_DTOWtl5VGU06GqCY83AsXDuBJee6_cx0egzqKtIVxD7TnkT1-z_frrKimsVbb7Z9ApG
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4e05aa46ba994cd70d50cc1c0e1e1e798685f152eff2f9913f1afcf8635a57bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="eF6YhCmGLv4aGmGumnEgnIjA9_JApTP4sumRpWy6-lSvyu9vfuoD4y2MTMUZPrwjrFzVpHvmP5oAx_sPVHNEOsvHkKk7bZPOQtwi6lSifQW_6GtuczJxFc479byFe2F9rbhQVFV6.png"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23676
x-xss-protection
0
expires
Tue, 12 Jul 2022 13:15:17 GMT
gtm.js
www.googletagmanager.com/
327 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/google_tag.script.js?repban
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e73ddd11aa6291b132bf22e8ad6083769149f9c146378d47de0a77416091e29b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
94031
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 11 Jul 2022 13:15:17 GMT
zscaler-company-blogs-seconday-hero-secure-the-workforce%402x.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/blog-hero/
22 KB
22 KB
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/blog-hero/zscaler-company-blogs-seconday-hero-secure-the-workforce%402x.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
979fad71a30e04878ea6f208924e89593d93fac949e1ddcdd824e265d840b32e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
vary
Accept, Accept-Encoding
content-length
22456
last-modified
Fri, 06 Nov 2020 06:04:35 GMT
server
cloudflare
etag
"cfdlCMiQ4_AbLObQaa3Zyl3w"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
warning
cf-images 299 "image too large for AVIF"
content-type
image/webp
cache-control
max-age=31536000
cf-resized
internal=ok/h q=0 n=32 c=173 v=2022.5.3 l=22456
accept-ranges
bytes
cf-ray
7291ce9b09fabbe6-FRA
cf-bgj
imgq:86,h2pri
fail-over.js
www.zscaler.com/
0
182 B
XHR
General
Full URL
https://www.zscaler.com/fail-over.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

X-NewRelic-ID
VwQFWFNWDRABV1ZRBwQDXlwH
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1576418
x-cache
MISS
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
0
x-request-id
v-48bd8934-dfdc-11ec-b7bf-1b747852037a
last-modified
Mon, 30 May 2022 05:47:55 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
application/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
7291ce9b09f8bbe6-FRA
expires
Tue, 11 Jul 2023 13:15:17 GMT
fail-over.js
www.zscaler.com/
0
51 B
Script
General
Full URL
https://www.zscaler.com/fail-over.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_nUIqGgIGzszy652jaeIFk6QLIr78SMx4nek9q1G_VvI.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1576418
x-cache
MISS
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
0
x-request-id
v-48bd8934-dfdc-11ec-b7bf-1b747852037a
last-modified
Mon, 30 May 2022 05:47:55 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
application/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
7291ce9b2a2cbbe6-FRA
expires
Tue, 11 Jul 2023 13:15:17 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
153 B
432 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:929e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fba5ed9a21a948a1edf9f018055a8ed911df83da750fcb24177e2a3c539a085
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
7291ce9b9eab8fef-FRA
access-control-allow-headers
Content-Type
js
www.googletagmanager.com/gtag/
201 KB
70 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bfde04835e156a7a69e29669b61488cf42472ec818219b7ffa1354ba1d43a257
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
71663
x-xss-protection
0
expires
Mon, 11 Jul 2022 13:15:17 GMT
6si.min.js
j.6sc.co/
31 KB
10 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
8e038b564510a45dc11799f74da367733f3db7f9c0a0434f1e90c44ec5168278
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:17 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
9715
Pragma
no-cache
Last-Modified
Thu, 05 May 2022 03:45:17 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"6273484d-7b02"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Cache-Control
private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Mon, 11 Jul 2022 13:15:17 GMT
conversion_async.js
www.googleadservices.com/pagead/
40 KB
15 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
00e67a6bb1601297c954a9c6438eb956f4ca87253683fb348d1bda64cee7d1ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15163
x-xss-protection
0
server
cafe
etag
11137310801552021614
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 11 Jul 2022 13:15:17 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
1149
date
Mon, 11 Jul 2022 12:56:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Mon, 11 Jul 2022 14:56:08 GMT
roundtrip.js
s.adroll.com/j/
52 KB
17 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:5e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9db9265f8119cc29e3011eb69fb5d9bfb6b2b715890351480ac0904059af7f02

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

X-Amz-Version-Id
J7p8W1lQgNY91qwUxZU3x.y9IQrTVjMu
Content-Encoding
gzip
Etag
W/"d570d2e0cc47679b5bf3a6f9ff5b9e5b"
Age
2539
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Vary
Accept-Encoding
Via
1.1 544049d1dc4d534822b40b9f9c7529da.cloudfront.net (CloudFront)
Last-Modified
Thu, 30 Jun 2022 21:03:48 GMT
Server
AmazonS3
Date
Mon, 11 Jul 2022 12:32:58 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
FRA60-P4
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
RURbTIX1R0A2BYZuYPzAsqKE05_tyEQrE3knnv_qfADInKZbn2uCYA==
insight.min.js
snap.licdn.com/li.lms-analytics/
8 KB
3 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:17 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=84476
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
bat.js
bat.bing.com/
38 KB
12 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0fcff9391b8f4560e9bc64c28dcd9101f66de7b93676ea8cc254980567f663db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Thu, 16 Jun 2022 18:22:08 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0EB04DE3502046CD9C3F97B7EC02F041 Ref B: FRAEDGE1213 Ref C: 2022-07-11T13:15:17Z
etag
"0c8eafcad81d81:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
date
Mon, 11 Jul 2022 13:15:17 GMT
accept-ranges
bytes
content-length
11374
activityi;dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-resear...
12179156.fls.doubleclick.net/ Frame 1669
Redirect Chain
  • https://12179156.fls.doubleclick.net/activityi;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-res...
  • https://12179156.fls.doubleclick.net/activityi;dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww....
542 B
447 B
Document
General
Full URL
https://12179156.fls.doubleclick.net/activityi;dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f6.1e100.net
Software
cafe /
Resource Hash
5775c8f225b4d3ed8d29863dc6d396951bb40910d357dba252f8055d5c2ade4f
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
about:blank
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
422
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 11 Jul 2022 13:15:17 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 11 Jul 2022 13:15:17 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://12179156.fls.doubleclick.net/activityi;dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
bizible.js
cdn.bizible.com/scripts/
83 KB
32 KB
Script
General
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D4) /
Resource Hash
65dad26d197878fdddaaa0ab1990b6a0bc7f6853c6db2af3e1970ba6c2f5b2a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
last-modified
Sat, 02 Jul 2022 06:46:23 GMT
server
ECS (frb/67D4)
age
57622
etag
"766ce471df8dd81:0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
32316
fbevents.js
connect.facebook.net/en_US/
98 KB
26 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f8bdb531d36caf4bb43071d1be58a2d1b153d3a403f4b8f4e6a919dd46213f47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
25939
x-xss-protection
0
pragma
public
x-fb-debug
p0L4PhXyxEwVf/g4jXr0HJ4ET7V+d+wESw4HgeiGF78o8vbg0f7Owg3o+4P4aLBeHXFvzDxQNGaFWjeCoyd0VA==
x-fb-trip-id
917726464
x-frame-options
DENY
date
Mon, 11 Jul 2022 13:15:17 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
tracking.js
trk.techtarget.com/
2 KB
1 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 15 Oct 2021 14:31:37 GMT
server
cloudflare
age
264
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
expires
Mon, 11 Jul 2022 13:20:53 GMT
cache-control
max-age=1200
cf-ray
7291ce9c685a91e9-FRA
cf-bgj
minify
spx
dx.mountain.com/
14 KB
4 KB
Script
General
Full URL
https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&cb=50508467254961656term=value
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.69.255.140 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-255-140.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
64038699655eedf887e77452880932a27a9c34f532d0b127c9e168e43595e490

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
connection
close
content-type
application/javascript;charset=utf-8
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
expires
Thu, 01 Jan 1970 00:00:00 GMT
fullcircle.js
d2i34c80a0ftze.cloudfront.net/
31 KB
11 KB
Script
General
Full URL
https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=731c316a-c46e-4a94-81a9-7cfc0ea0d53e&domain=zscaler.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:5800:9:14eb:6280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0f544883382e62ac1f82c7b7d53ee27a469e05ddb75035beb1516e15bb96d5ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 07:08:03 GMT
via
1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront), 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
age
22034
x-amzn-requestid
e33944b6-387e-4e48-b099-b52ad44e9be2
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-62cbcc53-368b7edd6a59b27e36df17db;Sampled=0
x-amz-cf-pop
FRA60-P1, FRA56-P5
content-encoding
gzip
x-amz-apigw-id
VFzdGHQPvHcFg9w=
x-amz-cf-id
B18S46e6-bRQ6Hwv8SVfPqwxr5TxXa89dTSObfrRbzgkDEdt-X7v_Q==
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.34.0/
348 KB
83 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e88dafe889a514ea8b9b07747f53d08b66a473b7caa78645b4aa2167563651e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ywzctmjVIapkx83Pz3a+AQ==
age
12677
vary
Accept-Encoding
content-length
84671
x-ms-lease-status
unlocked
last-modified
Tue, 17 May 2022 16:31:35 GMT
server
cloudflare
etag
0x8DA3822B5C4CCF6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d89fe3b5-901e-0071-140d-6aaadf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7291ce9c0e719be8-FRA
munchkin.js
munchkin.marketo.net/161/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/161/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.72.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-72-193.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:17 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Sep 2021 00:38:21 GMT
Server
AkamaiNetStorage
ETag
"0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4681
Expires
Wed, 19 Oct 2022 13:15:17 GMT
getuidj
secure.adnxs.com/
11 B
705 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 11 Jul 2022 13:15:17 GMT
X-Proxy-Origin
178.162.209.131; 178.162.209.131; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
0fe33fc8-fd65-4e74-87af-e4942ebe37cb
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.zscaler.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/
47 B
371 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
35839853e7230caa8a9102a3446ac98fe876746a0640db8945a204e6baeb1d78

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:17 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.zscaler.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
/
ipv6.6sc.co/
23 B
260 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ef:288::1c91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
50658afdf69a9ae3177f81fe2156fcd616e766a401c8407de929f0936d3bd517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:17 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.zscaler.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a00:c98:2050:a007:2::4
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
23
expires
Mon, 11 Jul 2022 13:15:17 GMT
collect
region1.analytics.google.com/g/
0
338 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=2oe760&_p=1262794966&_z=ccd.v9B&_gaz=1&cid=1701354886.1657545318&ul=en-us&sr=1600x1200&_s=1&sid=1657545317&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&dt=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1&ep.allowLinker=true&ep.cookieDomain=auto
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:17 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
56 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=1701354886.1657545318&gtm=2oe760&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:17 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
501 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-10SPJ4YJL9&cid=1701354886.1657545318&gtm=2oe760&aip=1&z=1144710868
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
442 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-6177009-1&cid=1701354886.1657545318&jid=1607485338&gjid=2019373283&_gid=1411563949.1657545318&_u=YCDAiEABBAAAAE~&z=347271526
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 11 Jul 2022 13:15:17 GMT
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1262794966&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&ul=en-us&de=UTF-8&dt=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABB~&jid=1607485338&gjid=2019373283&cid=1701354886.1657545318&tid=UA-6177009-1&_gid=1411563949.1657545318&gtm=2wg7605SLZFK&z=1667772040
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 11:00:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
8059
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
785 B
Script
General
Full URL
https://s.adroll.com/j/exp/index.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Server
2600:9000:225e:5e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

X-Amz-Version-Id
BTP2rshxaRFWPNdrItPYEau9DI6Y8oce
Via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
Etag
"5816cced8568d223aa09d889f300692b"
Age
37536
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
28
Last-Modified
Wed, 06 Jul 2022 18:15:57 GMT
Server
AmazonS3
Date
Mon, 11 Jul 2022 02:49:45 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
FRA60-P4
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
4G7dc61l02157RZutuOoxAsTtjpKn6l0rue7nRUiKjqTXfqpYQOyVw==

Redirect headers

Date
Sun, 10 Jul 2022 20:51:18 GMT
Via
1.1 544049d1dc4d534822b40b9f9c7529da.cloudfront.net (CloudFront)
Age
59038
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
FRA60-P4
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
w6YT_bzVUrNJiHgvLoFrR-NWbeZ_cYMhpSS16ySO36XDEQPYnsguwQ==
index.js
s.adroll.com/j/pre/
Redirect Chain
  • https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js
  • https://s.adroll.com/j/pre/index.js
0
756 B
Script
General
Full URL
https://s.adroll.com/j/pre/index.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Server
2600:9000:225e:5e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

X-Amz-Version-Id
nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Age
54928
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
0
Last-Modified
Wed, 15 Jan 2020 23:54:18 GMT
Server
AmazonS3
Date
Sun, 10 Jul 2022 22:00:01 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
FRA60-P4
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
OjxDUBN01_hZaeqJRlniYX8MJi5FAUDDEOe0K-1fsssyBVu7e1xGBQ==

Redirect headers

Date
Mon, 11 Jul 2022 09:05:54 GMT
Via
1.1 544049d1dc4d534822b40b9f9c7529da.cloudfront.net (CloudFront)
Age
14962
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Location
https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
FRA60-P4
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
SC9jqAlyvbMUasbpVfAr73hyHzyk8VQCMHWWRDnw102KVW8BftZ1Bg==
index.js
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/
0
809 B
Script
General
Full URL
https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:5e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

X-Amz-Version-Id
7waAGE1MII2ie0XoUsGjV50NF1svSj1J
Via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Age
2493
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
0
Last-Modified
Tue, 05 Jul 2022 04:56:43 GMT
Server
AmazonS3
Date
Mon, 11 Jul 2022 12:33:45 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
FRA60-P4
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
tmAH-2NxIP6xXnlU-qVg6k5PCCEY2X7w5TRR-khTzYe-352vuNyt8g==
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&session=398e476b-027d-4fa4-8a6d-e05751c8dec7&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2050%3Aa007%3A2%3A%3A4%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20article%2C%20Zscaler%20security%20research%20team%20dissect%20the%20custom%20protocols%20used%20in%20some%20of%20the%20most%20prevalent%20RATs%20seen%20in%20recent%20campaigns.%20Read%20more.%22%2C%22keywords%22%3A%22RATs%2C%20remote%20access%20trojan%2C%20remote%20access%20tool%2C%20custom%20protocol%2C%20APTs%2C%20phishing%2C%20command%20and%20control%22%2C%22title%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&pageViewId=b4124bb1-bf0b-4273-8a80-644e3032926f
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:18 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Tue, 05 Oct 2021 22:17:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615ccf10-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
details
epsilon.6sense.com/v3/company/
461 B
448 B
XHR
General
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.216.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-216-61.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a6eee64573014e2458214e27623e2d52e7477ece71b125b40e41f81a3f3b6e44

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
Authorization
Token d9a28eea7120bf0c47191c72d2fdf42c4de8fc4e
EpsilonCookie
7558655f2f7a00006522cc62ef020000ae7c0000

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
content-length
263
details
epsilon.6sense.com/v3/company/ Frame
0
0
Preflight
General
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.216.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-216-61.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,epsiloncookie
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,epsiloncookie
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.zscaler.com
access-control-max-age
1800
date
Mon, 11 Jul 2022 13:15:17 GMT
server
nginx
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1657545317867&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1657545317867%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblog...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1657545317867&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1657545317867&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&liSync=true&e_ipv6=A...
0
263 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1657545317867&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&liSync=true&e_ipv6=AQKAzvSnqUAccAAAAYHtZl-0mVcMwH0LjEqsqx0BI8w6Y4-rgX8btnzBS_N5U61qhicazD1z0T6D
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:17 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 31389334B1C54A0FA9B2130AD477EA53 Ref B: FRAEDGE1512 Ref C: 2022-07-11T13:15:18Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXjh1folrKpU0aaIRRvcw==
x-li-fabric
prod-lva1

Redirect headers

date
Mon, 11 Jul 2022 13:15:18 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 18ECE74C3758428B92C9CC021735195D Ref B: FRAEDGE1406 Ref C: 2022-07-11T13:15:18Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1657545317867&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&liSync=true&e_ipv6=AQKAzvSnqUAccAAAAYHtZl-0mVcMwH0LjEqsqx0BI8w6Y4-rgX8btnzBS_N5U61qhicazD1z0T6D
x-li-proto
http/2
content-length
0
x-li-uuid
AAXjh1flokexSm2wTgyaig==
visitWebPage
306-zej-256.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1657545317874&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-zscaler.com-1657545317871-77568&_mchHo=www.zscaler.com&_mchPo=&_mchRu=%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:18 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
0ba76d80-e8df-4201-a821-4d7224c86798
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/
2 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1657545317877&cv=9&fst=1657545317877&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
720a63e7963de81a020bde7902533661f8726f750ad6eafd20207c39c57879c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1075
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1657545317881&cv=9&fst=1657545317881&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
119f048ed5f9b5525f08641a76aeed41fb4c20db5379cd4e256541d85d46c2d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1077
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10943497988/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10943497988/?random=1657545317881&cv=9&fst=1657545317881&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=...
  • https://www.google.com/pagead/1p-user-list/10943497988/?random=1657545317881&cv=9&fst=1657544400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java...
  • https://www.google.de/pagead/1p-user-list/10943497988/?random=1657545317881&cv=9&fst=1657544400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=...
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/10943497988/?random=1657545317881&cv=9&fst=1657544400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&async=1&is_vtc=1&random=1848129223&resp=GooglemKTybQhCsO&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-user-list/10943497988/?random=1657545317881&cv=9&fst=1657544400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&async=1&is_vtc=1&random=1848129223&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1778897272132032
connect.facebook.net/signals/config/
292 KB
84 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1778897272132032?v=2.9.64&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ff43b747c2cccca04b7dba8de743b42ba2b3c85a194e8b254eea902b173f558e
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
kkhyW8rKeu9t1MAc+sVWL1Rmcpj0CjvftF22coMp8OlbBbxXluzt5KTWMeMq9BMb4wnuETMikyNbs5Gv8fE74g==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Mon, 11 Jul 2022 13:15:17 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts
1657545317988
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
en.json
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/57d0b2fd-5e95-4e1b-923d-cff7f0c71c9e/
70 KB
14 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/57d0b2fd-5e95-4e1b-923d-cff7f0c71c9e/en.json
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd36ca2ca5c843fe2dee52d722f89cc9feec988d3ba6f11f185249ec7db9db23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Jul 2022 13:15:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sviFtwoNtOODugX1frJ64A==
age
7198
vary
Accept-Encoding
content-length
13916
x-ms-lease-status
unlocked
last-modified
Thu, 12 May 2022 06:43:50 GMT
server
cloudflare
etag
0x8DA33E2C5E8580E
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
75e5b10d-801e-008b-0bcb-656338000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7291ce9cdf3b9a12-FRA
expires
Mon, 11 Jul 2022 17:15:17 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=7558655f2f7a00006522cc62ef020000ae7c0000&session=398e476b-027d-4fa4-8a6d-e05751c8dec7&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A17%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20article%2C%20Zscaler%20security%20research%20team%20dissect%20the%20custom%20protocols%20used%20in%20some%20of%20the%20most%20prevalent%20RATs%20seen%20in%20recent%20campaigns.%20Read%20more.%22%2C%22keywords%22%3A%22RATs%2C%20remote%20access%20trojan%2C%20remote%20access%20tool%2C%20custom%20protocol%2C%20APTs%2C%20phishing%2C%20command%20and%20control%22%2C%22title%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&pageViewId=b4124bb1-bf0b-4273-8a80-644e3032926f&an_uid=0
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:18 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Tue, 05 Oct 2021 22:17:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615ccf10-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
26354555.js
bat.bing.com/p/action/
828 B
747 B
Script
General
Full URL
https://bat.bing.com/p/action/26354555.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cb7d8aad58bd3c6c1f5bbd95682340611f8d0628526e5a5731318a5036787b13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0D5190A77C56410AA25B111A5FB4C2AF Ref B: FRAEDGE1213 Ref C: 2022-07-11T13:15:17Z
date
Mon, 11 Jul 2022 13:15:17 GMT
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private,max-age=60
content-length
572
zN7waqVzJ7bcYrfOAkgqH-_czg5hvNth-DIU6ll956XT3r7e49_4CLHbjXWxlnc7D4fCrNd_UIXEW3hKz8K4Wt7lGVLzCuIsbBTcUhFu4JP0n4f4zFXterYWG-HxAva4QI_S5gIo
lh6.googleusercontent.com/
97 KB
97 KB
Image
General
Full URL
https://lh6.googleusercontent.com/zN7waqVzJ7bcYrfOAkgqH-_czg5hvNth-DIU6ll956XT3r7e49_4CLHbjXWxlnc7D4fCrNd_UIXEW3hKz8K4Wt7lGVLzCuIsbBTcUhFu4JP0n4f4zFXterYWG-HxAva4QI_S5gIo
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d9c71b61f4109ec817360a2e305d4b5aeaea05939d523e8b014a32774530db94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="IFFr484O_dgl2H1Bz58Wc5ZoHAxz-OoBOsrOJDl7-TKaN_US0VgPPGyHXKEjGd5JFD4PRwIFj_1QaiXzQ6hZ55Mg9GvsbxD6ytygBGAooPIi23-evk4-BLwIlgOjWXSI7-yHn9dp.jpg"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99265
x-xss-protection
0
expires
Tue, 12 Jul 2022 13:15:18 GMT
vd-LhD9lYGPqT3Yl_ABwdyq2A0yN5YasLtqsvF_hSua6QkxIMi9MZ0zgtZfpRDpSgUfZmxbCKOcB4G9mUh7VY5uSDjYzUwHl8wjZzk102ApFqJeabOokBoYv0Z3nSZ2b2pOTZZ3d
lh5.googleusercontent.com/
24 KB
24 KB
Image
General
Full URL
https://lh5.googleusercontent.com/vd-LhD9lYGPqT3Yl_ABwdyq2A0yN5YasLtqsvF_hSua6QkxIMi9MZ0zgtZfpRDpSgUfZmxbCKOcB4G9mUh7VY5uSDjYzUwHl8wjZzk102ApFqJeabOokBoYv0Z3nSZ2b2pOTZZ3d
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6eb6cf1735cd6883307a4abc86a49705b4a8b33f61885f9518c139bf61d84c09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="2cF-R7YeppDLNc8zYcLa3Wv9i7P_amu6Gb65N3KDEoDoiMsDbX1GvZIpDQdfHaneRQZhCBiZp-B5fnYbOOAICBMUlVmboaqd5LekSWsPB0iJR05_jr_dp1uwLnzJvR0UxdJxdNqe.png"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24454
x-xss-protection
0
expires
Tue, 12 Jul 2022 13:15:18 GMT
7wLs8lUEMdYFPShrSwZR0DS-dWkSEznyb1LzuiirRBrwkx_aOfRHBBA9IZi6M3wA_tZ8wmTxQ-nVQQRAXBqHX1bUn9QziriO_-34JLECbcWR-OTBtiG6WhFF2EQQxOYd8qQz_vnB
lh5.googleusercontent.com/
40 KB
40 KB
Image
General
Full URL
https://lh5.googleusercontent.com/7wLs8lUEMdYFPShrSwZR0DS-dWkSEznyb1LzuiirRBrwkx_aOfRHBBA9IZi6M3wA_tZ8wmTxQ-nVQQRAXBqHX1bUn9QziriO_-34JLECbcWR-OTBtiG6WhFF2EQQxOYd8qQz_vnB
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c94ae6b277a9ff5cec86f1c0f6e0564a0d7d384aea5d9f5958ce23e160572bad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="u4KysxxrTiuWkkmEvsQ1p_9jAmbR_kySe2Kw-fuoIvn2zLGsxr9X-J9Mxyou9RZJfcPQB72BADoUVy5-tiA8ZCF2NoojchGguKYg-F5qcAcMv_hGeEcN8LxMqQZfOC7dT3k8Wfnp.png"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41140
x-xss-protection
0
expires
Tue, 12 Jul 2022 13:15:18 GMT
create
st.fullcircleinsights.com/v1/visitors/
1 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visitors/create
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash
c47947ad7254cdaf25c7b2867e3263326ce8b150722409702e11f697b2c3aab4

Request headers

origin-fci
https://www.zscaler.com
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
x-api-key
qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
22963ebd-8fe5-4af9-8817-5277a0a486db
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
x-amzn-trace-id
Root=1-62cc2266-1bc14e16095b2c4b53cb8f5d;Sampled=0
x-amz-apigw-id
VGpQHFE7PHcF77g=
content-length
1386
x-amz-cf-id
kcpkFzY4TI3lUTAN7mEXCFSdxfjjBJnI_2D0IUvF3bJAMTHYDohqsw==
ga-audiences
www.google.com/ads/
42 B
107 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-6177009-1&cid=1701354886.1657545318&jid=1607485338&_u=YCDAiEABBAAAAE~&z=251240900
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-6177009-1&cid=1701354886.1657545318&jid=1607485338&_u=YCDAiEABBAAAAE~&z=251240900
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
create
st.fullcircleinsights.com/v1/visitors/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visitors/create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.zscaler.com
content-length
1
content-type
application/json
date
Mon, 11 Jul 2022 13:15:18 GMT
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-apigw-id
VGpQCGI6vHcFocg=
x-amz-cf-id
nIZdh3dPK0IGGLtUGJQDll0JEdupanPYjVgApTkstbibpS8lTtKnjQ==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
08781925-2291-4e50-93d8-9d3e3e284117
x-cache
Miss from cloudfront
activity.gif
apt.techtarget.com/activity/
43 B
324 B
Image
General
Full URL
https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=2334982&version=2.1.1&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&r=1657545318023
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:18 GMT
Last-Modified
Tue, 26 Mar 2019 18:30:29 GMT
Server
Apache/2.4.6 (CentOS)
ETag
"2b-5850384029cff"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=76
Content-Length
43
ULSJHTPGTZGY3EPPZSKHKS
d.adroll.com/consent/check/
462 B
555 B
Script
General
Full URL
https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS?arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&_s=162bcd5f9617f2009296f7976a265a27&_b=2
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.182.75 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-182-75.eu-west-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
40e7924dd89629298c36cf351cf6f417f6a956a65c2135975127d9e6b576f13c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
server
nginx/1.20.0
content-length
462
content-type
application/javascript
dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatch...
adservice.google.com/ddm/fls/i/ Frame 55CA
541 B
890 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Requested by
Host: 12179156.fls.doubleclick.net
URL: https://12179156.fls.doubleclick.net/activityi;dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
21e19cf59aac059e03d0b9faa3cf9dc15e4eaa8285530911825a4032b29032d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://12179156.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
422
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 11 Jul 2022 13:15:18 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.google.com/pagead/1p-user-list/973777747/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/973777747/?random=1657545317877&cv=9&fst=1657544400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&async=1&fmt=3&is_vtc=1&random=1665605841&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/973777747/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/973777747/?random=1657545317877&cv=9&fst=1657544400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&async=1&fmt=3&is_vtc=1&random=1665605841&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/812494211/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/812494211/?random=1657545317881&cv=9&fst=1657544400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&async=1&fmt=3&is_vtc=1&random=3444241600&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/812494211/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/812494211/?random=1657545317881&cv=9&fst=1657544400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg760&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&tiba=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&async=1&fmt=3&is_vtc=1&random=3444241600&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/6.34.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.34.0/assets/otFlat.json
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ae30f6f2162279a812bf9e00efd0c985e20e76efece9444125b410f3a6822a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Jul 2022 13:15:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
e9t+XAucPzqMmpjFA11lKw==
age
12994
vary
Accept-Encoding
content-length
2959
x-ms-lease-status
unlocked
last-modified
Tue, 17 May 2022 16:31:25 GMT
server
cloudflare
etag
0x8DA3822AFD03491
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
5e9e53d4-f01e-00e2-3d0c-6a3c94000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7291ce9e19489a12-FRA
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/6.34.0/assets/
5 KB
2 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.34.0/assets/otCookieSettingsButton.json
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e413fe14135b1fe89832925dad54fd79bef183a189868be478726d11f3942d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Jul 2022 13:15:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
i+uvjjZQ5wEBgLSseorNJg==
age
7199
vary
Accept-Encoding
content-length
1780
x-ms-lease-status
unlocked
last-modified
Tue, 17 May 2022 16:31:27 GMT
server
cloudflare
etag
0x8DA3822B0F18204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
d8111227-b01e-00aa-0e27-6a0e09000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7291ce9e194b9a12-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.34.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.34.0/assets/otCommonStyles.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74c39b5ec5a61c19ff20d81c0418fabd61d6deb6ac0c967da28761d6b895ff7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Jul 2022 13:15:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
/wtHD+oYY7dZRzCx50GZrQ==
age
11425
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Tue, 17 May 2022 16:31:39 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
f2c7ac08-501e-00c6-6011-6aa5da000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
7291ce9e194e9a12-FRA
main.rtfl.js
visitor.reactful.com/dist/
273 KB
106 KB
Script
General
Full URL
https://visitor.reactful.com/dist/main.rtfl.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
4d71e28edcd31a762462d68b69b58c84965188c5f19c64f9d55fe0520e33985d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 10:14:10 GMT
content-encoding
gzip
server
Google Frontend
age
10868
etag
"T5buNg"
content-type
application/javascript; charset=UTF-8
x-cloud-trace-context
85cd01691abafe4b50fbc1e6831f9010
cache-control
public,public, max-age=432000
content-length
107826
expires
Sat, 16 Jul 2022 10:14:10 GMT
/
www.facebook.com/tr/
44 B
297 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&rl=&if=false&ts=1657545318098&sw=1600&sh=1200&v=2.9.64&r=stable&ec=0&o=30&fbp=fb.1.1657545318097.1684960867&it=1657545317889&coo=false&exp=p0&rqm=GET
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Mon, 11 Jul 2022 13:15:18 GMT
icon-enlarge-btn.svg
www.zscaler.com/themes/custom/zscaler/images/icons/
3 KB
1 KB
Image
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/images/icons/icon-enlarge-btn.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/sites/default/files/css/css_WvWmuFAxvS40VI3ANuBpXFOMW_hp2CZP7jY20thw7gk.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
27178
x-cache
HIT
x-cache-hits
21
x-ah-environment
prod
content-encoding
br
vary
Host, Accept-Encoding
x-request-id
v-06c80fe8-d6e7-11ec-888e-4f9893141f53
last-modified
Wed, 27 Apr 2022 17:57:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/svg+xml
cache-control
public, max-age=31536000
cf-ray
7291ce9e2896bbe6-FRA
expires
Tue, 11 Jul 2023 13:15:18 GMT
truncated
/
817 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/svg+xml
dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatch...
12179156.fls.doubleclick.net/ddm/fls/r/ Frame A834
Redirect Chain
  • https://adservice.google.de/ddm/fls/i/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.c...
  • https://12179156.fls.doubleclick.net/ddm/fls/r/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww....
845 B
519 B
Document
General
Full URL
https://12179156.fls.doubleclick.net/ddm/fls/r/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f6.1e100.net
Software
cafe /
Resource Hash
ec455d2301383f9c81477d74ba1daf55eb98faebfca8c51b0d044fa1ce128829
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
494
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 11 Jul 2022 13:15:18 GMT
expires
Mon, 11 Jul 2022 13:15:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 11 Jul 2022 13:15:18 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://12179156.fls.doubleclick.net/ddm/fls/r/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
26354555
www.clarity.ms/tag/uet/
2 KB
2 KB
Script
General
Full URL
https://www.clarity.ms/tag/uet/26354555
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/26354555.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:27::cafe:1834 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
5524f9883dd096f50c4ca94bf7bd6239b4e084132cd84b6d6d4a37b8a2803c64

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
x-powered-by
ASP.NET
x-azure-ref
0ZiLMYgAAAADyuRVMiAH5SquOMtRNmabuVExWMzBFREdFMDIwOAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
request-context
appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
content-length
1543
expires
-1
/
visitor.reactful.com/config/494419/
8 KB
2 KB
XHR
General
Full URL
https://visitor.reactful.com/config/494419/?page=%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&hash=&referer=&user_id=&hshkgid=f1b8629c-a196-4767-b78d-f832746c4229&cb_rtfl=_rtfl_jsonp_0
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
21cdb5781b3df2669ff5d246344ef815b249cea62d10fbf9862ed37b67881ed8

Request headers

Referer
https://www.zscaler.com/
Six-Sense-Data
eyJjb21wYW55Ijp7ImRvbWFpbiI6IiIsIm5hbWUiOiIiLCJyZWdpb24iOiIiLCJjb3VudHJ5IjoiR2VybWFueSIsInN0YXRlIjoiTm9ydGggUmhpbmUtV2VzdHBoYWxpYSIsImNpdHkiOiJDb2xvZ25lIiwiaW5kdXN0cnkiOiIiLCJjb3VudHJ5X2lzb19jb2RlIjoiREUiLCJhZGRyZXNzIjoiIiwiemlwIjoiIiwicGhvbmUiOiIiLCJlbXBsb3llZV9yYW5nZSI6IiIsInJldmVudWVfcmFuZ2UiOiIiLCJlbXBsb3llZV9jb3VudCI6IiIsImFubnVhbF9yZXZlbnVlIjoiIiwiaXNfYmxhY2tsaXN0ZWQiOmZhbHNlLCJzdGF0ZV9jb2RlIjoiIiwiaW5kdXN0cnlfdjIiOltdLCJzaWNfZGVzY3JpcHRpb24iOiIiLCJzaWMiOiIiLCJuYWljcyI6IiIsIm5haWNzX2Rlc2NyaXB0aW9uIjoiIn0sInNjb3JlcyI6W10sInNlZ21lbnRzIjp7ImlkcyI6W10sIm5hbWVzIjpbXSwibGlzdCI6W119LCJjb25maWRlbmNlIjoiTG93In0=
Url-Params-Data
e30=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:19 GMT
content-encoding
gzip
server
Google Frontend
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
access-control-allow-origin
https://www.zscaler.com
x-cloud-trace-context
b04517435fdbca58d69e362a48872834
cache-control
no-cache
access-control-allow-credentials
true
content-type
text/html; charset=utf-8
access-control-allow-headers
Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length
1421
expires
Mon, 11 Jul 2022 13:15:19 GMT
/
visitor.reactful.com/config/494419/ Frame
0
0
Preflight
General
Full URL
https://visitor.reactful.com/config/494419/?page=%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&hash=&referer=&user_id=&hshkgid=f1b8629c-a196-4767-b78d-f832746c4229&cb_rtfl=_rtfl_jsonp_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
six-sense-data,url-params-data
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
access-control-allow-methods
GET
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache
content-length
0
content-type
text/javascript
date
Mon, 11 Jul 2022 13:15:18 GMT
expires
Mon, 11 Jul 2022 13:15:18 GMT
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
server
Google Frontend
x-cloud-trace-context
9e970cd984103a8590cabf8dfc145a41
conversion.js
www.googleadservices.com/pagead/ Frame A834
44 KB
17 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: 12179156.fls.doubleclick.net
URL: https://12179156.fls.doubleclick.net/ddm/fls/r/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
7969c427a8f0695bc83c6d5d26aa6a1bc7d78111fe39d90d696a9aa05a9b62b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://12179156.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17003
x-xss-protection
0
server
cafe
etag
3151637731994422235
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 11 Jul 2022 13:15:18 GMT
/
www.googleadservices.com/pagead/conversion/10943122199/ Frame A834
2 KB
1 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/10943122199/?random=1657545318485&cv=9&fst=1657545318485&num=1&npa=1&label=m0jnCIrw_8sDEJeWi-Io&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F12179156.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKaq-7718PgCFWS3UQodN4IJ3w%3Bsrc%3D12179156%3Btype%3Dpv%3Bcat%3Dapv%3Bord%3D1%3Bnum%3D9774550557540%3Bgtm%3D2wg760%3Bauiddc%3D401962233.1657545318%3B~oref%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fcatching-rats-over-custom-protocols&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
8401c37fcdadbb93d6390a813044b8321e9cba1f46ea1b3346206f102021a4ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://12179156.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1284
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/10943122199/ Frame A834
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10943122199/?random=433256278&cv=9&fst=1657545318485&num=1&npa=1&label=m0jnCIrw_8sDEJeWi-Io&guid=ON&resp=GooglemKTybQhCsO&eid=375603...
  • https://www.google.com/pagead/1p-conversion/10943122199/?random=433256278&cv=9&fst=1657545318485&num=1&npa=1&label=m0jnCIrw_8sDEJeWi-Io&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600...
  • https://www.google.de/pagead/1p-conversion/10943122199/?random=433256278&cv=9&fst=1657545318485&num=1&npa=1&label=m0jnCIrw_8sDEJeWi-Io&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&...
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/10943122199/?random=433256278&cv=9&fst=1657545318485&num=1&npa=1&label=m0jnCIrw_8sDEJeWi-Io&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F12179156.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKaq-7718PgCFWS3UQodN4IJ3w%3Bsrc%3D12179156%3Btype%3Dpv%3Bcat%3Dapv%3Bord%3D1%3Bnum%3D9774550557540%3Bgtm%3D2wg760%3Bauiddc%3D401962233.1657545318%3B~oref%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fcatching-rats-over-custom-protocols&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=ZiLMYsPvHpmH9fgPmtSRmAU&cid=CAQSKQCNIrLMTUiptWgSPCYHO5hOaL60okYss4CbgpLx8442A7DwsKHMtLV9&random=3568935436&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: 12179156.fls.doubleclick.net
URL: https://12179156.fls.doubleclick.net/ddm/fls/r/dc_pre=CKaq-7718PgCFWS3UQodN4IJ3w;src=12179156;type=pv;cat=apv;ord=1;num=9774550557540;gtm=2wg760;auiddc=401962233.1657545318;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Protocol
H3
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://12179156.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:18 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/10943122199/?random=433256278&cv=9&fst=1657545318485&num=1&npa=1&label=m0jnCIrw_8sDEJeWi-Io&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F12179156.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKaq-7718PgCFWS3UQodN4IJ3w%3Bsrc%3D12179156%3Btype%3Dpv%3Bcat%3Dapv%3Bord%3D1%3Bnum%3D9774550557540%3Bgtm%3D2wg760%3Bauiddc%3D401962233.1657545318%3B~oref%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fcatching-rats-over-custom-protocols&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=ZiLMYsPvHpmH9fgPmtSRmAU&cid=CAQSKQCNIrLMTUiptWgSPCYHO5hOaL60okYss4CbgpLx8442A7DwsKHMtLV9&random=3568935436&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
st
px.mountain.com/
2 KB
2 KB
Script
General
Full URL
https://px.mountain.com/st?ga_tracking_id=UA-6177009-1&ga_client_id=1701354886.1657545318&shpt=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-6177009-1%22%2C%22ga_client_id%22%3A%221701354886.1657545318%22%2C%22shpt%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%2C%22dcm_cid%22%3A%221657545317.1%22%2C%22dcm_gid%22%3A%221411563949.1657545318%22%2C%22ga_gclid%22%3A%221701354886.1657545318%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByGA%22%3A%22OK%22%2C%22ga_gclid%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1657545317.1&dcm_gid=1411563949.1657545318&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&cb=50508467254961656term%3Dvalue&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Clanguage%3Den&shoid=%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&cb=50508467254961656term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.210.219.79 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-210-219-79.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
c82f1582e891374c4f9f68b74b820b845163206d4e701836b402277e35830e98

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 11 Jul 2022 13:15:19 GMT
content-encoding
gzip
connection
close
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type
application/javascript;charset=utf-8
clarity.js
www.clarity.ms/eus2-c/s/0.6.34/
53 KB
23 KB
Script
General
Full URL
https://www.clarity.ms/eus2-c/s/0.6.34/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/26354555
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:27::cafe:1834 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:18 GMT
content-encoding
br
etag
"1d890d4908cf454"
last-modified
Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by
ASP.NET
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript;charset=utf-8
cache-control
public,max-age=86400
x-azure-ref
0ZiLMYgAAAACbaEfDi4vTSo5kINZzaW1VVExWMzBFREdFMDIwOAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges
bytes
content-length
23150
request-context
appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
/
www.facebook.com/tr/ Frame 0365
0
18 B
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.zscaler.com
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Mon, 11 Jul 2022 13:15:18 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=7558655f2f7a00006522cc62ef020000ae7c0000&session=398e476b-027d-4fa4-8a6d-e05751c8dec7&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A18%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A17%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20article%2C%20Zscaler%20security%20research%20team%20dissect%20the%20custom%20protocols%20used%20in%20some%20of%20the%20most%20prevalent%20RATs%20seen%20in%20recent%20campaigns.%20Read%20more.%22%2C%22keywords%22%3A%22RATs%2C%20remote%20access%20trojan%2C%20remote%20access%20tool%2C%20custom%20protocol%2C%20APTs%2C%20phishing%2C%20command%20and%20control%22%2C%22title%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&pageViewId=b4124bb1-bf0b-4273-8a80-644e3032926f&an_uid=0
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:18 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Tue, 05 Oct 2021 22:17:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615ccf10-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
collect
i.clarity.ms/
0
175 B
XHR
General
Full URL
https://i.clarity.ms/collect
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
https://www.zscaler.com
date
Mon, 11 Jul 2022 13:15:18 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
collect
i.clarity.ms/
0
25 B
XHR
General
Full URL
https://i.clarity.ms/collect
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
https://www.zscaler.com
date
Mon, 11 Jul 2022 13:15:18 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
queue
st.fullcircleinsights.com/v1/visits/
2 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash
82861a3f3928c4967bd85a091917c6434e904331ee1aed812160493e6ff889a9

Request headers

origin-fci
https://www.zscaler.com
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
x-api-key
qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 11 Jul 2022 13:15:19 GMT
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
37e44f3b-069d-4bfe-a20f-657b7895370a
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
x-amzn-trace-id
Root=1-62cc2267-1548853b39b4d2317298825d;Sampled=0
x-amz-apigw-id
VGpQQH_EPHcFWYw=
content-length
2014
x-amz-cf-id
t0aP_MIKYEDAlmM-OwSoUkeWqynADGSRZB4t0NDX9PXuvIfqWc3E-Q==
queue
st.fullcircleinsights.com/v1/visits/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.zscaler.com
content-length
1
content-type
application/json
date
Mon, 11 Jul 2022 13:15:19 GMT
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-apigw-id
VGpQMGRDvHcFkdQ=
x-amz-cf-id
u3z6hWPeL5eophi2TjMrLpmAKk7OvmyYrcfqP-c_dhnOVEgXcj00RA==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
659b37bc-1bc4-4ada-88db-5b26c215cba6
x-cache
Miss from cloudfront
d4c748d2-efb7-44b0-b430-e975fc2d14e5
https://www.zscaler.com/
8 KB
0
Script
General
Full URL
blob:https://www.zscaler.com/d4c748d2-efb7-44b0-b430-e975fc2d14e5
Requested by
Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
21cdb5781b3df2669ff5d246344ef815b249cea62d10fbf9862ed37b67881ed8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length
8691
Content-Type
text/html
/
tracking.reactful.com/tracking/494419/
6 B
117 B
XHR
General
Full URL
https://tracking.reactful.com/tracking/494419/
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56

Request headers

Accept
*/*
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 11 Jul 2022 13:15:19 GMT
content-encoding
gzip
server
Google Frontend
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
8d0349ff01df7810de6ab0434545fb1a
cache-control
no-cache
content-length
26
gs
gs.mountain.com/
144 B
733 B
Script
General
Full URL
https://gs.mountain.com/gs
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.81.162.201 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-81-162-201.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
7d14a4c633d3a52778ebd715958f44ea892ef2ccceeb8507eaa39f2f42aa176c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:19 GMT
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-envoy-upstream-service-time
1
connection
close
content-type
application/javascript;charset=utf-8
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
content-length
144
x-application-context
application:prod:8080
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=7558655f2f7a00006522cc62ef020000ae7c0000&session=398e476b-027d-4fa4-8a6d-e05751c8dec7&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A18%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20article%2C%20Zscaler%20security%20research%20team%20dissect%20the%20custom%20protocols%20used%20in%20some%20of%20the%20most%20prevalent%20RATs%20seen%20in%20recent%20campaigns.%20Read%20more.%22%2C%22keywords%22%3A%22RATs%2C%20remote%20access%20trojan%2C%20remote%20access%20tool%2C%20custom%20protocol%2C%20APTs%2C%20phishing%2C%20command%20and%20control%22%2C%22title%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&pageViewId=b4124bb1-bf0b-4273-8a80-644e3032926f&an_uid=0
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:19 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
st
px.mountain.com/
4 KB
2 KB
Script
General
Full URL
https://px.mountain.com/st?ga_tracking_id=UA-6177009-1&ga_client_id=1701354886.1657545318&shpt=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-6177009-1%22%2C%22ga_client_id%22%3A%221701354886.1657545318%22%2C%22shpt%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%2C%22dcm_cid%22%3A%221657545317.1%22%2C%22dcm_gid%22%3A%221411563949.1657545318%22%2C%22ga_gclid%22%3A%221701354886.1657545318%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByGA%22%3A%22OK%22%2C%22ga_gclid%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1657545317.1&dcm_gid=1411563949.1657545318&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Clanguage%3Den&shoid=%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&cb=1657545319207115&shguid=11a8fcaa-1f59-345d-92a5-e3e4dadaec01&shgts=1657545319905
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.210.219.79 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-210-219-79.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
f3ea4d050d59f8c2b1430206191937d9a821701dbfa4a3b2269a446b6dd49bff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 11 Jul 2022 13:15:20 GMT
content-encoding
gzip
connection
close
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type
application/javascript;charset=utf-8
generic
match.adsrvr.org/track/cmf/
0
0

queue
st.fullcircleinsights.com/v1/visits/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.zscaler.com
content-length
1
content-type
application/json
date
Mon, 11 Jul 2022 13:15:20 GMT
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-apigw-id
VGpQaEv7PHcFqQA=
x-amz-cf-id
3liMyVFnAp0oRGtPljSg2Z5XX3q7K8lVJ4H1M2Ixgjr2urWNIgem2w==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
efa06ee0-e1bd-48a9-83b2-0231889515f0
x-cache
Miss from cloudfront
nr-1216.min.js
js-agent.newrelic.com/
38 KB
14 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-1216.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding
gzip
etag
"9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-request-id
KBVH2PMAKMG74HWE
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
14391
x-amz-id-2
c40g0/PEOypibNZhpK4f4SlPZCSnAXuxKGtJ+LI/kKMS0hiuLcfL6ykVCP/ylzTky574I1FuVPM=
x-served-by
cache-fra19175-FRA
last-modified
Thu, 14 Apr 2022 16:45:57 GMT
server
AmazonS3
x-timer
S1657545321.529087,VS0,VE0
date
Mon, 11 Jul 2022 13:15:20 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
12347
queue
st.fullcircleinsights.com/v1/visits/
2 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash
81d2d0e306eadfabab1d22143191ef0256f3d1070c7f937b5bf6730e94eb72ed

Request headers

origin-fci
https://www.zscaler.com
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
x-api-key
qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 11 Jul 2022 13:15:21 GMT
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
66705d40-4331-4305-9a66-945ed1379cd7
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
x-amzn-trace-id
Root=1-62cc2269-0ed852b140ce17931d7c29cf;Sampled=0
x-amz-apigw-id
VGpQgGMnPHcFWHQ=
content-length
2013
x-amz-cf-id
jB7xDUU-8LaJ89T8nXxKDPtnj7iMyU7OWFui9on4WR9-gbFZcanjOw==
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?CtsSyncId=14F211C67C654A7BA46706A926A32519&RedC=c.clarity.ms&MXFR=1E771EFC8EA56ECD268C0F228AA5609C
  • https://c.clarity.ms/c.gif?CtsSyncId=14F211C67C654A7BA46706A926A32519&MUID=1043F3F2A6586EF13E25E22CA78A6F1D
42 B
367 B
Image
General
Full URL
https://c.clarity.ms/c.gif?CtsSyncId=14F211C67C654A7BA46706A926A32519&MUID=1043F3F2A6586EF13E25E22CA78A6F1D
Protocol
H2
Server
20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:20 GMT
last-modified
Sat, 02 Jul 2022 00:08:47 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"8a177e6a78dd81:0"
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42

Redirect headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:19 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 64722B32D23940B7BC151CE0AB2434BF Ref B: FRAEDGE1213 Ref C: 2022-07-11T13:15:20Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?CtsSyncId=14F211C67C654A7BA46706A926A32519&MUID=1043F3F2A6586EF13E25E22CA78A6F1D
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1262794966&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&ul=en-us&de=UTF-8&dt=Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Engagement&ea=10%25&el=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&_u=aDDACEABBAAAAG~&jid=662276864&gjid=1249594434&cid=1701354886.1657545318&tid=UA-6177009-1&_gid=1411563949.1657545318&_r=1&gtm=2wg7605SLZFK&z=1102572518
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:20 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
zscaler-promo-thumb-modernWorkEnab.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blocks/menu-promo/
8 KB
8 KB
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blocks/menu-promo/zscaler-promo-thumb-modernWorkEnab.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb1caaba147b88c19ce4892207f76445ec5a032a8c60079bfe7d10751bd6d9f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:20 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
vary
Accept, Accept-Encoding
content-length
8052
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
cloudflare
etag
"cf5xrNu9UMldjvZcsoxXuyzQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
max-age=31536000
cf-resized
internal=ok/h q=0 n=22 c=537 v=2022.6.0 l=8052
accept-ranges
bytes
cf-ray
7291cead4f18bbe6-FRA
cf-bgj
imgq:85,h2pri
NRJS-686f86ac307898cabed
bam.nr-data.net/1/
49 B
716 B
Script
General
Full URL
https://bam.nr-data.net/1/NRJS-686f86ac307898cabed?a=1373054886&v=1216.487a282&to=YlxUMEJRWEFTVBALDlsWdwdEWVlcHXMWFxFUVWoKX1RTbnFYChYTWlVaAUJseF1WUjILBEJ6WQpEQlleXlIWT19DUFMT&rst=6667&ck=1&ref=https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols&ap=2406&be=3372&fe=6637&dc=3699&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1657545313872,%22n%22:0,%22f%22:0,%22dn%22:2,%22dne%22:19,%22c%22:19,%22s%22:26,%22ce%22:60,%22rq%22:60,%22rp%22:3330,%22rpe%22:3490,%22dl%22:3337,%22di%22:3698,%22ds%22:3699,%22de%22:3785,%22dc%22:6635,%22l%22:6637,%22le%22:6643%7D,%22navigation%22:%7B%7D%7D&fp=3525&fcp=3525&at=ThtXRgpLS08%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:20 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
7291cead89bcbb7d-FRA
collect
stats.g.doubleclick.net/j/
4 B
25 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-6177009-1&cid=1701354886.1657545318&jid=662276864&gjid=1249594434&_gid=1411563949.1657545318&_u=aDDACEABBAAAAG~&z=1932342331
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 11 Jul 2022 13:15:20 GMT
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
63 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-6177009-1&cid=1701354886.1657545318&jid=662276864&_u=aDDACEABBAAAAG~&z=1695670456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-6177009-1&cid=1701354886.1657545318&jid=662276864&_u=aDDACEABBAAAAG~&z=1695670456
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Jul 2022 13:15:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
zscaler-promo-thumb-modernWorkEnab.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blocks/menu-promo/
8 KB
8 KB
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blocks/menu-promo/zscaler-promo-thumb-modernWorkEnab.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_nUIqGgIGzszy652jaeIFk6QLIr78SMx4nek9q1G_VvI.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb1caaba147b88c19ce4892207f76445ec5a032a8c60079bfe7d10751bd6d9f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 11 Jul 2022 13:15:20 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
vary
Accept, Accept-Encoding
content-length
8052
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
cloudflare
etag
"cf5xrNu9UMldjvZcsoxXuyzQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/avif
cache-control
max-age=31536000
cf-resized
internal=ok/h q=0 n=22 c=537 v=2022.6.0 l=8052
accept-ranges
bytes
cf-ray
7291ceae189fbbe6-FRA
cf-bgj
imgq:85,h2pri
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=7558655f2f7a00006522cc62ef020000ae7c0000&session=398e476b-027d-4fa4-8a6d-e05751c8dec7&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A20%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A19%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20article%2C%20Zscaler%20security%20research%20team%20dissect%20the%20custom%20protocols%20used%20in%20some%20of%20the%20most%20prevalent%20RATs%20seen%20in%20recent%20campaigns.%20Read%20more.%22%2C%22keywords%22%3A%22RATs%2C%20remote%20access%20trojan%2C%20remote%20access%20tool%2C%20custom%20protocol%2C%20APTs%2C%20phishing%2C%20command%20and%20control%22%2C%22title%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&pageViewId=b4124bb1-bf0b-4273-8a80-644e3032926f&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:20 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
collect
i.clarity.ms/
0
48 B
XHR
General
Full URL
https://i.clarity.ms/collect
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
https://www.zscaler.com
date
Mon, 11 Jul 2022 13:15:20 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=7558655f2f7a00006522cc62ef020000ae7c0000&session=398e476b-027d-4fa4-8a6d-e05751c8dec7&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A21%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A20%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%224009%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20article%2C%20Zscaler%20security%20research%20team%20dissect%20the%20custom%20protocols%20used%20in%20some%20of%20the%20most%20prevalent%20RATs%20seen%20in%20recent%20campaigns.%20Read%20more.%22%2C%22keywords%22%3A%22RATs%2C%20remote%20access%20trojan%2C%20remote%20access%20tool%2C%20custom%20protocol%2C%20APTs%2C%20phishing%2C%20command%20and%20control%22%2C%22title%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&pageViewId=b4124bb1-bf0b-4273-8a80-644e3032926f&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:21 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=7558655f2f7a00006522cc62ef020000ae7c0000&session=398e476b-027d-4fa4-8a6d-e05751c8dec7&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A22%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A21%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225010%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20article%2C%20Zscaler%20security%20research%20team%20dissect%20the%20custom%20protocols%20used%20in%20some%20of%20the%20most%20prevalent%20RATs%20seen%20in%20recent%20campaigns.%20Read%20more.%22%2C%22keywords%22%3A%22RATs%2C%20remote%20access%20trojan%2C%20remote%20access%20tool%2C%20custom%20protocol%2C%20APTs%2C%20phishing%2C%20command%20and%20control%22%2C%22title%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&pageViewId=b4124bb1-bf0b-4273-8a80-644e3032926f&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:22 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=7558655f2f7a00006522cc62ef020000ae7c0000&session=398e476b-027d-4fa4-8a6d-e05751c8dec7&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A23%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Jul%202022%2013%3A15%3A22%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226011%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20article%2C%20Zscaler%20security%20research%20team%20dissect%20the%20custom%20protocols%20used%20in%20some%20of%20the%20most%20prevalent%20RATs%20seen%20in%20recent%20campaigns.%20Read%20more.%22%2C%22keywords%22%3A%22RATs%2C%20remote%20access%20trojan%2C%20remote%20access%20tool%2C%20custom%20protocol%2C%20APTs%2C%20phishing%2C%20command%20and%20control%22%2C%22title%22%3A%22Analysis%20of%20top%20non-HTTP%2FS%20threats%20%7C%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&pageViewId=b4124bb1-bf0b-4273-8a80-644e3032926f&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Mon, 11 Jul 2022 13:15:23 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
match.adsrvr.org
URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=83026400-011b-11ed-a678-dd95b836bd84&gdpr=&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| NREUM object| newrelic function| __nr_require object| OneTrustStub function| OptanonWrapper function| ownKeys function| _objectSpread function| _defineProperty function| $ function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray number| sf14gv function| jQuery object| drupalSettings object| Drupal function| dBlazy function| Bio function| BioMedia object| tabbable function| Popper object| Cookies object| APP object| UTIL object| IPv6 object| punycode object| SecondLevelDomains function| URI function| URITemplate object| lazySizes object| FormValidation object| dataLayer object| _wq object| single_optin_parent object| single_optin_checkbox object| sponsorOptinc object| google_tag_manager object| google_tag_data function| process6senseData object| _6si string| GoogleAnalyticsObject function| ga string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| _linkedin_data_partner_id function| fbq function| _fbq object| techtargetic string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin function| onYouTubeIframeAPIReady object| gaGlobal object| gaplugins object| gaData string| adroll_sid object| adroll object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback boolean| _storagePopulated function| lintrk boolean| _already_called_lintrk function| UET function| UET_init function| UET_push object| MunchkinTracker function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| ueto_4386245539 object| uetq object| Bizible object| BizTrackingA object| BizA object| _vis_opt_queue object| LC_API object| $jscomp object| fcdsc function| fcdscLoad function| ES6Promise object| __adroll_consent_data object| Optanon object| OneTrust object| adroll_exp_list object| _rctfl boolean| __adroll_consent boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country undefined| _ string| dcm_cid undefined| dcm_tid undefined| dcm_gid function| clarity object| _rctfl_track object| irongate

49 Cookies

Domain/Path Name / Value
.zscaler.com/ Name: _gcl_au
Value: 1.1.401962233.1657545318
.6sc.co/ Name: 6suuid
Value: 7558655f2f7a00006522cc62ef020000ae7c0000
.bing.com/ Name: MUID
Value: 1043F3F2A6586EF13E25E22CA78A6F1D
.zscaler.com/ Name: _ga_10SPJ4YJL9
Value: GS1.1.1657545317.1.0.1657545317.60
.zscaler.com/ Name: _ga
Value: GA1.2.1701354886.1657545318
.zscaler.com/ Name: _gid
Value: GA1.2.1411563949.1657545318
.zscaler.com/ Name: _dc_gtm_UA-6177009-1
Value: 1
.techtarget.com/ Name: __cf_bm
Value: rGf_3p_96ee2kEYrVRCicT425E6oQtF8yayDAvjRDKU-1657545317-0-AZf3p5Xr+TmfqAxT4t4j5MAwNWxkKGuBfExXk1olSW64qSNiA591wsu5rqnRp3C+swqKcJPacTYSLicP0lrEtCE=
www.zscaler.com/ Name: _gd_visitor
Value: da0905de-26fd-4a2c-846d-f87e7f236f59
www.zscaler.com/ Name: _gd_session
Value: 398e476b-027d-4fa4-8a6d-e05751c8dec7
www.zscaler.com/ Name: _gd_svisitor
Value: 7558655f2f7a00006522cc62ef020000ae7c0000
.zscaler.com/ Name: _mkto_trk
Value: id:306-ZEJ-256&token:_mch-zscaler.com-1657545317871-77568
www.zscaler.com/ Name: _an_uid
Value: 0
.zscaler.com/ Name: _uetsid
Value: 824106f0011b11ed859f5f53d8c30f26
.zscaler.com/ Name: _uetvid
Value: 82411400011b11ed96bd657039aa5839
.zscaler.com/ Name: _biz_uid
Value: d0f6c7a17c384e72e2d6ff972d2f50d3
.zscaler.com/ Name: _biz_sid
Value: 70d473
.zscaler.com/ Name: _biz_nA
Value: 2
.zscaler.com/ Name: _biz_pendingA
Value: %5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3Dd0f6c7a17c384e72e2d6ff972d2f50d3%26_biz_s%3D70d473%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fcatching-rats-over-custom-protocols%26_biz_t%3D1657545317965%26_biz_i%3DAnalysis%2520of%2520top%2520non-HTTP%252FS%2520threats%2520%257C%2520Zscaler%2520Blog%26_biz_n%3D0%26rnd%3D173653%22%2C%22m%2Fu%3FmapType%3Dmkto%26mapValue%3Did%253A306-ZEJ-256%2526token%253A_mch-zscaler.com-1657545317871-77568%26_biz_u%3Dd0f6c7a17c384e72e2d6ff972d2f50d3%26_biz_s%3D70d473%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fcatching-rats-over-custom-protocols%26_biz_t%3D1657545317981%26_biz_i%3DAnalysis%2520of%2520top%2520non-HTTP%252FS%2520threats%2520%257C%2520Zscaler%2520Blog%26_biz_n%3D1%26rnd%3D84370%22%5D
.zscaler.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%7D
.zscaler.com/ Name: _fcdscst
Value: MTY1NzU0NTMxNzk5NA==
.linkedin.com/ Name: UserMatchHistory
Value: AQI_BTun7l7cQwAAAYHtZl5Mc90EGjcHVbizEweuswwLaL6x7umCIWeWRYx94O9NPSd38fbrdaYyDA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQI6EAfNrS-E-wAAAYHtZl5MQlLY8Vwspd2S1B5LYboqna24CWUOtov_dBVelVSJ0DCqFUOX_2uQl3yRi5F6Kg
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&719aec7c-6c5b-49cc-869c-0273bc40b799"
.linkedin.com/ Name: lidc
Value: "b=VGST05:s=V:r=V:a=V:p=V:g=2522:u=1:x=1:i=1657545317:t=1657631717:v=2:sig=AQGJV9rykrwqCzBirSO0XgtLK-XVGfPe"
.zscaler.com/ Name: _fbp
Value: fb.1.1657545318097.1684960867
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&20220711131518d07d63e4-7a78-41a5-83e1-8044343ffb16AQH9l9ob5wGMo2eLeqDL1nivstdCgo1r"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTc1NDUzMTg7MjswMjEt4HGM3jU9BNTXsKdgQaAQV83PEsN5ZNY0mTael12mpQ==
.www.zscaler.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Mon+Jul+11+2022+13%3A15%3A18+GMT%2B0000+(GMT)&version=6.34.0&isIABGlobal=false&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fcatching-rats-over-custom-protocols&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0&hosts=H36%3A1%2CH59%3A1%2CH41%3A1%2CH45%3A1%2CH46%3A1%2CH55%3A1%2CH53%3A0%2CH54%3A0%2CH1%3A0%2CH4%3A0%2CH76%3A0%2CH56%3A0%2CH58%3A0%2CH9%3A0%2CH60%3A0%2CH61%3A0%2CH62%3A0%2CH15%3A0%2CH20%3A0%2CH22%3A0%2CH65%3A0%2CH84%3A0%2CH51%3A0%2CH52%3A0%2CH17%3A0%2CH19%3A0%2CH64%3A0%2CH21%3A0%2CH66%3A0%2CH35%3A0&genVendors=
.www.zscaler.com/ Name: _rtfl_s_handshake_guid
Value: f1b8629c-a196-4767-b78d-f832746c4229
.doubleclick.net/ Name: IDE
Value: AHWqTUlPgJV4ORTl4B4KK5-FJqNqL_L_lfwOddOs-7Boln22IPYzJw2m19zH5xZB8OY
www.clarity.ms/ Name: CLID
Value: 2d6134cdf17846fc8c48710f7d646bfa.20220711.20230711
.zscaler.com/ Name: _clck
Value: j29euy|1|f32|0
.zscaler.com/ Name: _fcdscv
Value: eyJDdXN0b21lcklkIjoiNzMxYzMxNmEtYzQ2ZS00YTk0LTgxYTktN2NmYzBlYTBkNTNlIiwiVmlzaXRvciI6eyJFbWFpbCI6bnVsbCwiRXh0ZXJuYWxWaXNpdG9ySWQiOiI5NmNkMTcxMC00YjU3LTQxYmYtOGY4NC1iOTVmNGY0YWM1OWUifSwiVmlzaXRzIjpbXSwiQWN0aXZpdGllcyI6W10sIkRpYWdub3N0aWNNZXNzYWdlIjpudWxsfQ==
.zscaler.com/ Name: _rtfl_s_494419_specific_site_session
Value: X3RhMHlvTVVPMUNYN2FXQktFTzdmOTZfYWNkMzI0MTJiNDg3OGU2MDBkMzQ5Y2NiNWYzZDUwYzk1OTZjMmExOA==
.zscaler.com/ Name: _rtfl_s_unique_visitor_session
Value: X0hpbEloblJQUXhsVE5ld3BnV25IUGlfNjJhZTU5Mjg0ZGU1NTU4ZTVlN2EzZTcxYWU1MmFlNzYzZmM2NmM2YQ==
www.zscaler.com/ Name: _rtfl_s_specific_site_sessions_count
Value: 1
.zscaler.com/ Name: _clsk
Value: dyeyba|1657545319256|1|1|i.clarity.ms/collect
.mountain.com/ Name: guid
Value: 83026400-011b-11ed-a678-dd95b836bd84
.px.mountain.com/ Name: tt
Value: "H4sIAAAAAAAAAKtW8guKNzYyNrKMN7IwtlCyMtBBEjG3NAaLICswNDM1NzUxNTYyMDE01lEqU7IyqgUAABkn40YAAAA="
.mountain.com/ Name: rt
Value: "MzIzMjk6MTY1NzU0NTMyMA=="
.zscaler.com/ Name: _gat_UA-6177009-1
Value: 1
.c.bing.com/ Name: SRM_B
Value: 1043F3F2A6586EF13E25E22CA78A6F1D
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 1043F3F2A6586EF13E25E22CA78A6F1D
.c.clarity.ms/ Name: ANONCHK
Value: 0
.nr-data.net/ Name: JSESSIONID
Value: 236fd9699e8b6987

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://t.sf14g.com/sf14g.js
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12179156.fls.doubleclick.net
306-zej-256.mktoresp.com
adservice.google.com
adservice.google.de
apt.techtarget.com
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.bizible.com
cdn.cookielaw.org
connect.facebook.net
d.adroll.com
d2i34c80a0ftze.cloudfront.net
dx.mountain.com
epsilon.6sense.com
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
i.clarity.ms
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
lh5.googleusercontent.com
lh6.googleusercontent.com
match.adsrvr.org
munchkin.marketo.net
px.ads.linkedin.com
px.mountain.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
secure.adnxs.com
snap.licdn.com
st.fullcircleinsights.com
stats.g.doubleclick.net
t.sf14g.com
tracking.reactful.com
trk.techtarget.com
visitor.reactful.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.zscaler.com
match.adsrvr.org
104.92.72.193
104.92.74.202
13.107.42.14
13.224.189.101
142.250.186.166
142.250.186.34
151.101.2.137
152.195.15.58
162.247.241.14
18.198.216.61
185.89.210.82
192.28.144.124
20.234.93.27
2001:4860:4802:34::36
206.19.49.24
2600:9000:223f:5800:9:14eb:6280:93a1
2600:9000:225e:5e00:6:9280:1080:93a1
2606:4700:4400::6812:2a27
2606:4700:4400::ac40:929e
2606:4700::6810:9440
2606:4700::6812:1d4a
2620:1ec:21::14
2620:1ec:27::cafe:1834
2620:1ec:c11::200
2a00:1450:4001:800::2001
2a00:1450:4001:801::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80b::2004
2a00:1450:4001:812::2002
2a00:1450:4001:812::2013
2a00:1450:4001:828::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2003
2a00:1450:400c:c0c::9a
2a02:26f0:3500:16::215:149b
2a02:26f0:ef:288::1c91
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.210.219.79
35.81.162.201
52.167.85.21
54.160.32.126
54.229.182.75
54.69.255.140
0026207a95ec76029445ec7fd6eda7a06dfb1778cb84464e36f661711db17ea4
00e67a6bb1601297c954a9c6438eb956f4ca87253683fb348d1bda64cee7d1ca
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
0e5618bc46938d4c3e4832af45f797ea0887d28aeae59379f0e728198e2dd380
0f544883382e62ac1f82c7b7d53ee27a469e05ddb75035beb1516e15bb96d5ff
0f7832c8054c16e592d3697f5612969b692ac94197aa591b5487795f7c928c1b
0fcff9391b8f4560e9bc64c28dcd9101f66de7b93676ea8cc254980567f663db
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
119f048ed5f9b5525f08641a76aeed41fb4c20db5379cd4e256541d85d46c2d7
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
1fe70db1abbd6444383c5af5b2eba59a5592077dfe5fc617a3f362f87256fc46
21cdb5781b3df2669ff5d246344ef815b249cea62d10fbf9862ed37b67881ed8
21e19cf59aac059e03d0b9faa3cf9dc15e4eaa8285530911825a4032b29032d7
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2c07e30db528eba56d8a6ef279d770151b952681e1b5d6ba30a24ad26561d3b2
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
35839853e7230caa8a9102a3446ac98fe876746a0640db8945a204e6baeb1d78
40e7924dd89629298c36cf351cf6f417f6a956a65c2135975127d9e6b576f13c
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4d71e28edcd31a762462d68b69b58c84965188c5f19c64f9d55fe0520e33985d
4e05aa46ba994cd70d50cc1c0e1e1e798685f152eff2f9913f1afcf8635a57bf
50658afdf69a9ae3177f81fe2156fcd616e766a401c8407de929f0936d3bd517
5524f9883dd096f50c4ca94bf7bd6239b4e084132cd84b6d6d4a37b8a2803c64
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5775c8f225b4d3ed8d29863dc6d396951bb40910d357dba252f8055d5c2ade4f
5af5a6b85031bd2e34548dc036e0695c538c5bf869d8264fee3636d2d870ee09
5d23676da3d5b10007f7f675da723f274604cd88397dc25c4721519973994a71
60f91174dc2152b8e2b49e09ca5f210d1b63504a1096637c60c44d258d3b8569
64038699655eedf887e77452880932a27a9c34f532d0b127c9e168e43595e490
65dad26d197878fdddaaa0ab1990b6a0bc7f6853c6db2af3e1970ba6c2f5b2a8
6bab7a736539ca4dac9dced7d363d372f63f04e32c97757b4f28ead799dbc983
6eb6cf1735cd6883307a4abc86a49705b4a8b33f61885f9518c139bf61d84c09
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
6fba5ed9a21a948a1edf9f018055a8ed911df83da750fcb24177e2a3c539a085
720a63e7963de81a020bde7902533661f8726f750ad6eafd20207c39c57879c5
74c39b5ec5a61c19ff20d81c0418fabd61d6deb6ac0c967da28761d6b895ff7d
7918450c7e410828b4dd49f2caf420d2022cd213a46e4cb0491889cdfc998c7d
7969c427a8f0695bc83c6d5d26aa6a1bc7d78111fe39d90d696a9aa05a9b62b7
79e40ce5098ca3d5d3ed476b2b4e156829bdec21fb8c07bab967f6525f5c5677
7aaad78d13ba343554d09043d46b9f563fb3c06d4789f7faf5e45a7247458894
7d14a4c633d3a52778ebd715958f44ea892ef2ccceeb8507eaa39f2f42aa176c
81d2d0e306eadfabab1d22143191ef0256f3d1070c7f937b5bf6730e94eb72ed
82861a3f3928c4967bd85a091917c6434e904331ee1aed812160493e6ff889a9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8401c37fcdadbb93d6390a813044b8321e9cba1f46ea1b3346206f102021a4ed
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8ae30f6f2162279a812bf9e00efd0c985e20e76efece9444125b410f3a6822a6
8e038b564510a45dc11799f74da367733f3db7f9c0a0434f1e90c44ec5168278
979fad71a30e04878ea6f208924e89593d93fac949e1ddcdd824e265d840b32e
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d422a1a0206ceccf2eb9da369e20593a40b22befc48cc789de93dab51bf56f2
9db9265f8119cc29e3011eb69fb5d9bfb6b2b715890351480ac0904059af7f02
9e413fe14135b1fe89832925dad54fd79bef183a189868be478726d11f3942d1
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a6eee64573014e2458214e27623e2d52e7477ece71b125b40e41f81a3f3b6e44
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
af1ddcf5d9d49c15699ecb92692482e19f61ed13a306d5270376078bc6dd09d4
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
bfde04835e156a7a69e29669b61488cf42472ec818219b7ffa1354ba1d43a257
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c47947ad7254cdaf25c7b2867e3263326ce8b150722409702e11f697b2c3aab4
c82f1582e891374c4f9f68b74b820b845163206d4e701836b402277e35830e98
c94ae6b277a9ff5cec86f1c0f6e0564a0d7d384aea5d9f5958ce23e160572bad
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
cb1caaba147b88c19ce4892207f76445ec5a032a8c60079bfe7d10751bd6d9f2
cb7d8aad58bd3c6c1f5bbd95682340611f8d0628526e5a5731318a5036787b13
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56
d67a9423f14be1bf707ee75428d5fabc1d2894b64512f9c0a55b10334b118433
d9c71b61f4109ec817360a2e305d4b5aeaea05939d523e8b014a32774530db94
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e73ddd11aa6291b132bf22e8ad6083769149f9c146378d47de0a77416091e29b
e88dafe889a514ea8b9b07747f53d08b66a473b7caa78645b4aa2167563651e7
eaa42f47f6a654a47e81beab22e41b86f4cdce5306691610e8c5169c5407791a
ec455d2301383f9c81477d74ba1daf55eb98faebfca8c51b0d044fa1ce128829
ef18ecb20e0f46b943f837d346177eaf89bed6266816f83a467284e64297a396
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3ea4d050d59f8c2b1430206191937d9a821701dbfa4a3b2269a446b6dd49bff
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f8bdb531d36caf4bb43071d1be58a2d1b153d3a403f4b8f4e6a919dd46213f47
fb71a91ef4937bdac04520d7e7b1852bb28635ae850934d440360ccc8142c1a4
fd36ca2ca5c843fe2dee52d722f89cc9feec988d3ba6f11f185249ec7db9db23
fda79c7382b3cb7abc33562c86397455f93bfb3a45867d319722c90cb273e592
ff43b747c2cccca04b7dba8de743b42ba2b3c85a194e8b254eea902b173f558e