www.zscaler.com Open in urlscan Pro
2606:4700::6812:1d4a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Submission: On October 07 via api (October 7th 2024, 7:07:53 pm UTC) from BY — Scanned from US

Summary HTTP 243 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 79 IPs in 2 countries across 51 domains to perform 243 HTTP transactions. The main IP is 2606:4700::6812:1d4a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com. The Cisco Umbrella rank of the primary domain is 69289.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 28th 2024. Valid for: a year.

This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
55	2606:4700::68... 2606:4700::6812:1d4a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:23c... 2600:9000:23cb:9e00:c:d449:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
9	2606:4700::68... 2606:4700::6812:572a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2600:1f18:e8a... 2600:1f18:e8a:cd06:e361:a2ce:b047:17c	14618 (AMAZON-AES) (AMAZON-AES)
3	2607:f8b0:400... 2607:f8b0:4006:821::2008	15169 (GOOGLE) (GOOGLE)
3	157.240.241.1 157.240.241.1	32934 (FACEBOOK) (FACEBOOK)
5	2620:1ec:33:3... 2620:1ec:33:3::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	142.250.72.98 142.250.72.98	15169 (GOOGLE) (GOOGLE)
2 4	142.250.65.194 142.250.65.194	15169 (GOOGLE) (GOOGLE)
5	142.250.72.100 142.250.72.100	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2001:4860:480... 2001:4860:4802:36::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c06::9d	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81c::2002	15169 (GOOGLE) (GOOGLE)
7	104.17.72.206 104.17.72.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.251.40.136 142.251.40.136	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.2.132 151.101.2.132	54113 (FASTLY) (FASTLY)
1	23.204.6.193 23.204.6.193	16625 (AKAMAI-AS) (AKAMAI-AS)
13	23.196.3.184 23.196.3.184	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.204.24.143 18.204.24.143	14618 (AMAZON-AES) (AMAZON-AES)
2	3.217.147.72 3.217.147.72	14618 (AMAZON-AES) (AMAZON-AES)
6	104.19.147.8 104.19.147.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:26f... 2600:9000:26fa:da00:16:a497:9700:93a1	16509 (AMAZON-02) (AMAZON-02)
5	52.85.61.125 52.85.61.125	16509 (AMAZON-02) (AMAZON-02)
2	13.226.38.199 13.226.38.199	16509 (AMAZON-02) (AMAZON-02)
2	35.163.3.3 35.163.3.3	16509 (AMAZON-02) (AMAZON-02)
1 3	68.67.161.182 68.67.161.182	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:141b:1c0... 2600:141b:1c00:2e::17d1:48d1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	99.83.231.3 99.83.231.3	16509 (AMAZON-02) (AMAZON-02)
2	18.164.116.13 18.164.116.13	16509 (AMAZON-02) (AMAZON-02)
1	3.128.9.82 3.128.9.82	16509 (AMAZON-02) (AMAZON-02)
1	13.35.93.19 13.35.93.19	16509 (AMAZON-02) (AMAZON-02)
1	18.238.49.36 18.238.49.36	16509 (AMAZON-02) (AMAZON-02)
6	54.197.61.92 54.197.61.92	14618 (AMAZON-AES) (AMAZON-AES)
1	35.160.151.220 35.160.151.220	16509 (AMAZON-02) (AMAZON-02)
1 6	2600:9000:23c... 2600:9000:23cb:800:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:141b:1c0... 2600:141b:1c00:6::17df:d10d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:1247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.244.142.80 35.244.142.80	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	3.168.97.94 3.168.97.94	16509 (AMAZON-02) (AMAZON-02)
1	52.7.151.245 52.7.151.245	14618 (AMAZON-AES) (AMAZON-AES)
5	216.239.34.181 216.239.34.181	15169 (GOOGLE) (GOOGLE)
2	34.120.2.236 34.120.2.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2600:1901:1:7... 2600:1901:1:7c5::	15169 (GOOGLE) (GOOGLE)
2	142.250.80.2 142.250.80.2	15169 (GOOGLE) (GOOGLE)
1 2	142.250.81.230 142.250.81.230	15169 (GOOGLE) (GOOGLE)
1	142.251.40.134 142.251.40.134	15169 (GOOGLE) (GOOGLE)
3 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2606:4700:440... 2606:4700:4400::6812:2929	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
4	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	44.212.189.233 44.212.189.233	14618 (AMAZON-AES) (AMAZON-AES)
3	44.197.110.75 44.197.110.75	14618 (AMAZON-AES) (AMAZON-AES)
13 16	2600:1f18:61c... 2600:1f18:61c0:2205:85fa:8573:b199:2df2	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:61c... 2600:1f18:61c0:220a:6d89:c273:d52f:a25c	14618 (AMAZON-AES) (AMAZON-AES)
1	54.225.48.29 54.225.48.29	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:61c... 2600:1f18:61c0:2209:ab9:7223:3aa0:6217	14618 (AMAZON-AES) (AMAZON-AES)
1	35.211.202.130 35.211.202.130	15169 (GOOGLE) (GOOGLE)
2 3	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4 4	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 1	142.250.80.66 142.250.80.66	15169 (GOOGLE) (GOOGLE)
1 2	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	35.244.154.8 35.244.154.8	15169 (GOOGLE) (GOOGLE)
1 1	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1	69.173.146.5 69.173.146.5	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	70.42.32.95 70.42.32.95	13789 (INTERNAP-...) (INTERNAP-BLK3)
1	207.65.37.184 207.65.37.184	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	3.225.218.10 3.225.218.10	14618 (AMAZON-AES) (AMAZON-AES)
1	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
2	52.89.99.220 52.89.99.220	16509 (AMAZON-02) (AMAZON-02)
2	157.240.241.35 157.240.241.35	32934 (FACEBOOK) (FACEBOOK)
1	52.12.117.226 52.12.117.226	16509 (AMAZON-02) (AMAZON-02)
1	44.225.29.129 44.225.29.129	16509 (AMAZON-02) (AMAZON-02)
2 2	3.211.2.19 3.211.2.19	14618 (AMAZON-AES) (AMAZON-AES)
1	23.56.163.208 23.56.163.208	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:10:... 2606:4700:10::ac43:b9b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
243	79

55 2606:4700::6812:1d4a (United States)

ASN13335 (CLOUDFLARENET, US)

www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:23cb:9e00:c:d449:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

ob.iseaskies.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:1f18:e8a:cd06:e361:a2ce:b047:17c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.iseaskies.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:821::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.240.241.1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:33:3::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.72.98 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.65.194 (Plainview, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.72.100 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81c::2002 (United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.17.72.206 (None, )

ASN13335 (CLOUDFLARENET, US)

info.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.40.136 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.132 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.intellimize.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.204.6.193 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-204-6-193.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 23.196.3.184 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-196-3-184.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.204.24.143 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-204-24-143.compute-1.amazonaws.com

117186981.intellimizeio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.217.147.72 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-147-72.compute-1.amazonaws.com

api.intellimize.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.19.147.8 (None, )

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:26fa:da00:16:a497:9700:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.rudderlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.85.61.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-125.ewr53.r.cloudfront.net

cdn-app.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.38.199 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-38-199.ewr53.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.163.3.3 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-163-3-3.us-west-2.compute.amazonaws.com

log.intellimize.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.161.182 (Colonia, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:2e::17d1:48d1 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.83.231.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.164.116.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-13.jfk50.r.cloudfront.net

api.rudderstack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.128.9.82 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-128-9-82.us-east-2.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.93.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-19.jfk50.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.238.49.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-36.jfk52.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.197.61.92 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-61-92.compute-1.amazonaws.com

jukebox.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.160.151.220 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-160-151-220.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:23cb:800:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:6::17df:d10d (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1247 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.168.97.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-97-94.jfk52.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.151.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-151-245.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 216.239.34.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.2.236 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.2.120.34.bc.googleusercontent.com

analytics.revsure.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:1:7c5:: (United States)

ASN15169 (GOOGLE, US)

pixels.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.2 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.81.230 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f6.1e100.net

8541430.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.134 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2929 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.212.189.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-212-189-233.compute-1.amazonaws.com

44.212.189.233	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.197.110.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-197-110-75.compute-1.amazonaws.com

spcollector.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2600:1f18:61c0:2205:85fa:8573:b199:2df2 (Ashburn, United States) 13 redirects

ASN14618 (AMAZON-AES, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:61c0:220a:6d89:c273:d52f:a25c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

x.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.225.48.29 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-48-29.compute-1.amazonaws.com

ipv4.d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:61c0:2209:ab9:7223:3aa0:6217 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

x.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.211.202.130 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 130.202.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.197.193.217 (Seattle, United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.80.66 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.151.101 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.254.65 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.146.5 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.95 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.65.37.184 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.225.218.10 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.22.214 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.89.99.220 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-89-99-220.us-west-2.compute.amazonaws.com

px.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.241.35 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-lga3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.12.117.226 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-12-117-226.us-west-2.compute.amazonaws.com

gs.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.225.29.129 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-225-29-129.us-west-2.compute.amazonaws.com

px.steelhousemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.211.2.19 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-2-19.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.56.163.208 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-163-208.deploy.static.akamaitechnologies.com

su.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:b9b (United States)

ASN13335 (CLOUDFLARENET, US)

acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	zscaler.com www.zscaler.com — Cisco Umbrella Rank: 69289 info.zscaler.com — Cisco Umbrella Rank: 628703	2 MB
25	adroll.com 14 redirects s.adroll.com — Cisco Umbrella Rank: 3395 d.adroll.com — Cisco Umbrella Rank: 1624 x.adroll.com — Cisco Umbrella Rank: 4422 ipv4.d.adroll.com — Cisco Umbrella Rank: 12598	52 KB
14	pathfactory.com cdn-app.pathfactory.com — Cisco Umbrella Rank: 40946 jukebox.pathfactory.com — Cisco Umbrella Rank: 37778 spcollector.pathfactory.com — Cisco Umbrella Rank: 44732	343 KB
14	6sc.co j.6sc.co — Cisco Umbrella Rank: 5626 c.6sc.co — Cisco Umbrella Rank: 6951 ipv6.6sc.co — Cisco Umbrella Rank: 5794 b.6sc.co — Cisco Umbrella Rank: 3611	23 KB
14	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 stats.g.doubleclick.net — Cisco Umbrella Rank: 136 td.doubleclick.net — Cisco Umbrella Rank: 192 8541430.fls.doubleclick.net ad.doubleclick.net — Cisco Umbrella Rank: 150 cm.g.doubleclick.net — Cisco Umbrella Rank: 283	7 KB
12	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 147	320 B
12	iseaskies.com ob.iseaskies.com — Cisco Umbrella Rank: 444422 obs.iseaskies.com — Cisco Umbrella Rank: 497603	42 KB
9	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2568 tracking.crazyegg.com — Cisco Umbrella Rank: 4786 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 7957 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 7992	89 KB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 326	210 KB
8	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 www.linkedin.com — Cisco Umbrella Rank: 646 px4.ads.linkedin.com — Cisco Umbrella Rank: 6828	4 KB
7	adsrvr.org 5 redirects js.adsrvr.org — Cisco Umbrella Rank: 1442 insight.adsrvr.org — Cisco Umbrella Rank: 945 match.adsrvr.org — Cisco Umbrella Rank: 373	16 KB
6	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	5 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	581 KB
5	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4482 ws-assets.zoominfo.com — Cisco Umbrella Rank: 11155	30 KB
5	intellimize.co cdn.intellimize.co — Cisco Umbrella Rank: 37558 api.intellimize.co — Cisco Umbrella Rank: 33118 log.intellimize.co — Cisco Umbrella Rank: 32375	108 KB
5	bing.com bat.bing.com — Cisco Umbrella Rank: 348	15 KB
4	mountain.com dx.mountain.com — Cisco Umbrella Rank: 4802 px.mountain.com — Cisco Umbrella Rank: 5019 gs.mountain.com — Cisco Umbrella Rank: 9568	10 KB
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 446	1 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 5671	4 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 25487 ibc-flow.techtarget.com — Cisco Umbrella Rank: 23670	2 KB
3	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 479 ib.adnxs.com — Cisco Umbrella Rank: 267	3 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	77 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 243	1 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 415	986 B
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 495	570 B
2	openx.net 1 redirects us-u.openx.net — Cisco Umbrella Rank: 516	514 B
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 462	831 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 609	1 KB
2	spotify.com pixels.spotify.com — Cisco Umbrella Rank: 3275	271 B
2	revsure.cloud analytics.revsure.cloud — Cisco Umbrella Rank: 237227	80 B
2	rudderstack.com api.rudderstack.com — Cisco Umbrella Rank: 8363	1 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 14080	590 B
2	segment.com cdn.segment.com — Cisco Umbrella Rank: 1794	30 KB
2	rudderlabs.com cdn.rudderlabs.com — Cisco Umbrella Rank: 9868	36 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34	22 KB
2	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 89	3 KB
1	acsbapp.com acsbapp.com — Cisco Umbrella Rank: 3740 cdn.acsbapp.com Failed	96 KB
1	addthis.com su.addthis.com — Cisco Umbrella Rank: 8367	27 B
1	steelhousemedia.com px.steelhousemedia.com — Cisco Umbrella Rank: 13137	319 B
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 1107	366 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 867	586 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 881	360 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 413	1 KB
1	pippio.com 1 redirects pippio.com — Cisco Umbrella Rank: 751	635 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 399	183 B
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 3973	22 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
1	segment.io api.segment.io — Cisco Umbrella Rank: 1324	174 B
1	intellimizeio.com 117186981.intellimizeio.com — Cisco Umbrella Rank: 822121
1	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3657	2 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 498	309 B
243	51

	Domain	Requested by
55	www.zscaler.com	www.zscaler.com js.zi-scripts.com
16	d.adroll.com	13 redirects s.adroll.com
11	obs.iseaskies.com	ob.iseaskies.com www.zscaler.com
10	b.6sc.co	www.zscaler.com
9	cdn.cookielaw.org	www.zscaler.com cdn.cookielaw.org
7	info.zscaler.com	www.zscaler.com info.zscaler.com
7	analytics.google.com	www.googletagmanager.com
6	px.ads.linkedin.com	3 redirects snap.licdn.com
6	s.adroll.com	1 redirects www.googletagmanager.com s.adroll.com
6	jukebox.pathfactory.com	cdn-app.pathfactory.com
6	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
6	www.facebook.com	www.zscaler.com
6	www.googletagmanager.com	ob.iseaskies.com www.googletagmanager.com www.zscaler.com
5	cdn-app.pathfactory.com	www.zscaler.com cdn-app.pathfactory.com
5	td.doubleclick.net	www.googletagmanager.com
5	www.google.com	www.zscaler.com googleads.g.doubleclick.net
5	bat.bing.com	ob.iseaskies.com bat.bing.com www.zscaler.com www.googletagmanager.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	match.adsrvr.org	3 redirects js.adsrvr.org
4	googleads.g.doubleclick.net	2 redirects www.googletagmanager.com
3	pixel.tapad.com	2 redirects
3	spcollector.pathfactory.com	cdn-app.pathfactory.com
3	js.zi-scripts.com	www.zscaler.com js.zi-scripts.com
3	connect.facebook.net	ob.iseaskies.com connect.facebook.net
2	dpm.demdex.net	2 redirects
2	px.mountain.com	dx.mountain.com px.mountain.com
2	ib.adnxs.com	1 redirects
2	eb2.3lift.com	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	us-u.openx.net	1 redirects
2	idsync.rlcdn.com	2 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	x.adroll.com	s.adroll.com
2	insight.adsrvr.org	2 redirects
2	8541430.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	pixels.spotify.com	cdn.pdst.fm
2	ibc-flow.techtarget.com	trk.techtarget.com
2	analytics.revsure.cloud	cdn.rudderlabs.com
2	api.rudderstack.com	cdn.rudderlabs.com
2	epsilon.6sense.com	j.6sc.co
2	log.intellimize.co	cdn.intellimize.co
2	cdn.segment.com	www.zscaler.com cdn.segment.com
2	cdn.rudderlabs.com	www.zscaler.com
2	api.intellimize.co	cdn.intellimize.co
2	j.6sc.co	www.zscaler.com j.6sc.co
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googleadservices.com	1 redirects www.googletagmanager.com
1	acsbapp.com	www.zscaler.com
1	su.addthis.com
1	px.steelhousemedia.com
1	gs.mountain.com	px.mountain.com
1	sync.taboola.com
1	image2.pubmatic.com
1	sync.outbrain.com
1	pixel.rubiconproject.com
1	pippio.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	x.bidswitch.net
1	ipv4.d.adroll.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	ad.doubleclick.net
1	dx.mountain.com	www.zscaler.com
1	js.adsrvr.org	www.googletagmanager.com
1	cdn.pdst.fm	www.zscaler.com
1	trk.techtarget.com	www.zscaler.com
1	snap.licdn.com	www.googletagmanager.com
1	api.segment.io	cdn.segment.com
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	tracking.crazyegg.com	script.crazyegg.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	117186981.intellimizeio.com	cdn.intellimize.co
1	munchkin.marketo.net	www.zscaler.com
1	cdn.intellimize.co	www.zscaler.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	stats.g.doubleclick.net	www.googletagmanager.com
1	ob.iseaskies.com	www.zscaler.com
0	cdn.acsbapp.com Failed	acsbapp.com
243	82

This site contains links to these domains. Also see Links.

Domain
threatlabz.zscaler.com
help.zscaler.com
admin.zscaler.net
admin.zscalerone.net
admin.zscalertwo.net
admin.zscalerthree.net
admin.zscalerbeta.net
admin.zscloud.net
admin.private.zscaler.com
admin.zpatwo.net
securitypreview.zscaler.com
customer.zscaler.com
community.zscaler.com
ir.zscaler.com
www.facebook.com
twitter.com
www.linkedin.com
github.com
threatlibrary.zscaler.com
www.twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
www.zscaler.com DigiCert SHA2 Extended Validation Server CA	`2024-02-28` - `2025-02-23`	a year	crt.sh
*.iseaskies.com Amazon RSA 2048 M02	`2024-06-18` - `2025-07-18`	a year	crt.sh
cookielaw.org WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
*.google-analytics.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-16` - `2024-10-14`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
*.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.doubleclick.net WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
info.zscaler.com WE1	`2024-09-07` - `2024-12-06`	3 months	crt.sh
*.googleadservices.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
geolocation.onetrust.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
cdn.intellimize.co R10	`2024-09-11` - `2024-12-10`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
*.intellimizeio.com Amazon RSA 2048 M03	`2024-09-24` - `2025-10-22`	a year	crt.sh
api.intellimize.co Amazon RSA 2048 M03	`2024-09-24` - `2025-10-22`	a year	crt.sh
script.crazyegg.com Cloudflare Inc ECC CA-3	`2024-08-02` - `2024-12-31`	5 months	crt.sh
*.rudderlabs.com Amazon RSA 2048 M03	`2024-05-14` - `2025-06-12`	a year	crt.sh
*.pathfactory.com Amazon RSA 2048 M02	`2024-05-11` - `2025-06-08`	a year	crt.sh
*.segment.com Amazon RSA 2048 M03	`2023-11-14` - `2024-12-13`	a year	crt.sh
log.intellimize.co Amazon RSA 2048 M03	`2024-09-23` - `2025-10-22`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
epsilon.6sense.com Amazon RSA 2048 M02	`2024-10-02` - `2025-11-01`	a year	crt.sh
*.rudderstack.com Amazon RSA 2048 M02	`2024-09-21` - `2025-10-18`	a year	crt.sh
crazyegg.com Amazon RSA 2048 M02	`2024-06-30` - `2025-07-30`	a year	crt.sh
*.segment.io Amazon RSA 2048 M03	`2023-12-13` - `2025-01-11`	a year	crt.sh
s.adroll.com Amazon RSA 2048 M02	`2024-05-03` - `2025-06-01`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
trk.techtarget.com WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh
zi-scripts.com WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
cdn.pdst.fm WR3	`2024-09-13` - `2024-12-12`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2024-05-23` - `2025-06-24`	a year	crt.sh
*.revsure.cloud R11	`2024-09-12` - `2024-12-11`	3 months	crt.sh
ibc-flow.techtarget.com WR3	`2024-08-28` - `2024-11-26`	3 months	crt.sh
*.spotify.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-05` - `2025-02-04`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
zoominfo.com E5	`2024-09-14` - `2024-12-13`	3 months	crt.sh
44.212.189.233 Sectigo RSA Domain Validation Secure Server CA	`2024-01-26` - `2025-02-15`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M03	`2024-09-08` - `2025-10-07`	a year	crt.sh
*.adroll.com Amazon RSA 2048 M02	`2024-07-03` - `2025-07-31`	a year	crt.sh
acsbapp.com WE1	`2024-08-18` - `2024-11-16`	3 months	crt.sh

This page contains 11 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Frame ID: 6DD3BFE71172DFE6A301D51E990BB56F
Requests: 216 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-10SPJ4YJL9&gacid=1989145454.1728328063&gtm=45je4a20v883639532za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101529666~101671035~101747727&z=811798388
Frame ID: 12A550DFDA72C80DED6E1C88E076AAAC
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/812494211?random=1728328063589&cv=11&fst=1728328063589&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 68864D74C6D6DB42719CD6500CBDAB8E
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/812494211?random=1728328063639&cv=11&fst=1728328063639&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&ct_cookie_present=0
Frame ID: 63773A64C7EB5D3E01A70CF70ADE22AF
Requests: 1 HTTP requests in this frame

Frame: https://117186981.intellimizeio.com/storage.html
Frame ID: 9E0EB2CA95A4D141E550F5C449640A97
Requests: 1 HTTP requests in this frame

Frame: https://info.zscaler.com/index.php/form/XDFrame
Frame ID: 85A219C8203087AFB82DD83EB92CBB38
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/812494211?random=1728328065993&cv=11&fst=1728328065993&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967z871607006za201zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 21BEF67443766E4FC5D00366C22B24BE
Requests: 1 HTTP requests in this frame

Frame: https://8541430.fls.doubleclick.net/activityi;dc_pre=CPLv2eP7_IgDFbydgwgdZU4qag;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT;gdid=dYWJhMj;ps=1;pcor=275938303;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9189953520z871607006za201zb71607006;gcd=13l3l3l3l1l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT
Frame ID: 49659FECCD6CB230952B7A6160D73669
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT;gdid=dYWJhMj;ps=1;pcor=275938303;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9189953520z871607006za201zb71607006;gcd=13l3l3l3l1l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT
Frame ID: 371C73671AF9DC12CC065A7AD066FB7F
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/upb/?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&upid=27hmsyx&upv=1.1.0&paapi=1
Frame ID: 88ECB5F7C7189F20A1BB3CDEFB126A86
Requests: 1 HTTP requests in this frame

Frame: https://x.adroll.com/pxl/iframe_content.html?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS
Frame ID: 8602C1E339D7C8927B7EC6DEBB536762
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Pikabot Updates | ThreatLabz

Detected technologies

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

243
Requests

89 %
HTTPS

29 %
IPv6

51
Domains

82
Subdomains

79
IPs

2
Countries

3391 kB
Transfer

10590 kB
Size

95
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://threatlabz.zscaler.com/
Title: ThreatLabz

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/phone-support
Title: Support

Search URL Search Domain Scan URL

URL: https://admin.zscaler.net/
Title: Zscaler Cloud Portal | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalerone.net/
Title: Zscaler Cloud Portal One | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalertwo.net/
Title: Zscaler Cloud Portal Two | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalerthree.net/
Title: Zscaler Cloud Portal Three | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscalerbeta.net/
Title: Zscaler Cloud Portal Beta | Admin

Search URL Search Domain Scan URL

URL: https://admin.zscloud.net/
Title: admin.zscloud.net

Search URL Search Domain Scan URL

URL: https://admin.private.zscaler.com/
Title: Zscaler Private Access Cloud Portal One | Admin

Search URL Search Domain Scan URL

URL: https://admin.zpatwo.net/
Title: Zscaler Private Access Cloud Portal Two | Admin

Search URL Search Domain Scan URL

URL: https://threatlabz.zscaler.com/cloud-insights/cloud-activity-dashboard
Title: ThreatLabz Analytics

Search URL Search Domain Scan URL

URL: http://securitypreview.zscaler.com/
Title: Security Preview

Search URL Search Domain Scan URL

URL: https://customer.zscaler.com/
Title: Customer Success Center

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/
Title: Zenith Community

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/
Title: Zscaler Help Portal

Search URL Search Domain Scan URL

URL: https://ir.zscaler.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://tinyurl.com/23g8gtw8

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://tinyurl.com/23g8gtw8%20%E2%80%94%20The%20(D)Evolution%20of%20Pikabot%22

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://tinyurl.com/23g8gtw8

Search URL Search Domain Scan URL

URL: https://github.com/andrivet/ADVobfuscator
Title: ADVobfuscator

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/threats/204a445f-a80e-41ff-a263-fb263bcca35d
Title: Win32.Trojan.PikaBot

Search URL Search Domain Scan URL

URL: https://threatlibrary.zscaler.com/threats/5111e9e6-a6bb-41a8-b1e0-830ed29ef647
Title: Win32.Downloader.PikaBot

Search URL Search Domain Scan URL

URL: https://www.facebook.com/zscaler
Title: Visit us on Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zscaler
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.twitter.com/zscaler
Title: Follow us on Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ZscalerMarketing
Title: Subscribe our Youtube Channel

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://www.googleadservices.com/pagead/conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=778515817&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQI&pscrd=IhMI8Nbb4fv8iAMV4x9oCB1exh9qMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8 HTTP 302
https://www.google.com/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=778515817&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQI&pscrd=IhMI8Nbb4fv8iAMV4x9oCB1exh9qMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwDpaXnfLiMyGuflsluhJHdV3X9FFLFkng02aw&random=2558083346

Request Chain 86

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=240938949&cv=11&fst=1728328063639&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgiQybECSid0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMInaWs4vv8iAMVUQloCB3GwimhMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS9CWENoRUk4STJPdUFZUW5hR2w2NmEwNkpiQUFSSXRBSUM1VHB0WXhaOGExRzlUcHk1NU9jVHRvQjU1T1lTZ1huSkllcGdhaGhyX3d1bmhyZ1h4X2hocDkwTWY HTTP 302
https://www.google.com/pagead/1p-conversion/812494211/?random=240938949&cv=11&fst=1728328063639&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgiQybECSid0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMInaWs4vv8iAMVUQloCB3GwimhMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS9CWENoRUk4STJPdUFZUW5hR2w2NmEwNkpiQUFSSXRBSUM1VHB0WXhaOGExRzlUcHk1NU9jVHRvQjU1T1lTZ1huSkllcGdhaGhyX3d1bmhyZ1h4X2hocDkwTWY&is_vtc=1&cid=CAQSKQDpaXnfFfrTC5SZsuln5XBxCNF2c7jS8bWu-P0uGLrPv8CdWyYVwIbV&random=1905585511

Request Chain 172

https://8541430.fls.doubleclick.net/activityi;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT;gdid=dYWJhMj;ps=1;pcor=275938303;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9189953520z871607006za201zb71607006;gcd=13l3l3l3l1l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT HTTP 302
https://8541430.fls.doubleclick.net/activityi;dc_pre=CPLv2eP7_IgDFbydgwgdZU4qag;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT;gdid=dYWJhMj;ps=1;pcor=275938303;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9189953520z871607006za201zb71607006;gcd=13l3l3l3l1l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT

Request Chain 176

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1728328066116%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fd-evolution-PIKABOT%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookiesTest=true&liSync=true&e_ipv6=AQLgnU7in6I27wAAAZJoYWc1HHI_ppDL5Dx_PeybvHC2MeHkOL5YxWRkZj-NF_JffYntzg

Request Chain 177

https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 179

https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&upid=27hmsyx&upv=1.1.0&paapi=1 HTTP 302
https://match.adsrvr.org/track/upb/?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&upid=27hmsyx&upv=1.1.0&paapi=1

Request Chain 205

https://d.adroll.com/cm/b/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E

Request Chain 206

https://d.adroll.com/cm/experian/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3521&partner_device_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3521&partner_device_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=d162394c-d9c8-4fe3-ab5e-a503d0ba08ff%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=6d30d8aa-fa47-4d83-8646-ec04036a23d1&ttd_puid=d162394c-d9c8-4fe3-ab5e-a503d0ba08ff%2C%2C

Request Chain 207

https://d.adroll.com/cm/g/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=PvJdoxlmnAxikSCaAlgCOg HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 208

https://d.adroll.com/cm/index/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expiration=1759864067 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expiration=1759864067&C=1

Request Chain 209

https://d.adroll.com/cm/l/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=3ef25da319669c0c6291209a0258023a HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogM2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2EQABoNCIPjkLgGEgUI6AcQAEIASgA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=2c07ca7445a35960d77ccd3cc08f3e523f8bc835839b865d875e3fd359a8d35a791426b5417dce21&_=2 HTTP 307
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=2c07ca7445a35960d77ccd3cc08f3e523f8bc835839b865d875e3fd359a8d35a791426b5417dce21&rand=01815885

Request Chain 210

https://d.adroll.com/cm/n/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expires=365

Request Chain 211

https://d.adroll.com/cm/o/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=3ef25da319669c0c6291209a0258023a&gdpr=0&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=3ef25da319669c0c6291209a0258023a&gdpr=0&gdpr_consent=

Request Chain 212

https://d.adroll.com/cm/outbrain/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 213

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 214

https://d.adroll.com/cm/r/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

Request Chain 215

https://d.adroll.com/cm/taboola/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E

Request Chain 216

https://d.adroll.com/cm/triplelift/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

Request Chain 217

https://d.adroll.com/cm/x/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DM2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E

Request Chain 232

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=7098cc48-84df-11ef-839f-4b2406a5c8ae&gdpr=&gdpr_consent= HTTP 302
https://px.steelhousemedia.com/tdsync?tdid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&shguid=7098cc48-84df-11ef-839f-4b2406a5c8ae

Request Chain 233

https://insight.adsrvr.org/track/evnt/?adv=80b7kxf&ct=0:zz65l7w&fmt=3 HTTP 302
https://dpm.demdex.net/ibs:dpid=903&dpuuid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam HTTP 302
https://su.addthis.com/red/usync?pid=11124&puid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&url=https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fgeneric%3fttd_pid%3daddthis

243 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request d-evolution-PIKABOT Show response
www.zscaler.com/blogs/security-research/ 383 KB
69 KB 4541ms
4375ms Document
text/html 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

034bc13d04248ad9c63078d267ad70e5ccfbb39d41f3837aac74684b79592b04

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: https://.pathfactory.com https://explore.zscaler.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js https://ob.iseaskies.com https://obs.iseaskies.com .mountain.com https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://.pathfactory.com https://explore.zscaler.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://.pathfactory.com https://explore.zscaler.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://.pathfactory.com https://explore.zscaler.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://.adroll.com/ https://explore.zscaler.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

age: 4
cache-control: public,max-age=0,must-revalidate
cache-status: "Next.js"; fwd=miss, "Netlify Durable"; fwd=stale; ttl=-236636; stored, "Netlify Edge"; fwd=miss
cf-cache-status: DYNAMIC
cf-ray: 8cf02cd1b83e7ce0-LAX
content-encoding: br
content-security-policy: default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://explore.zscaler.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com;
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 19:07:40 GMT
netlify-vary: header=x-nextjs-data|x-next-debug-logging|Accept-Encoding,cookie=__prerender_bypass|__next_preview_data
server: cloudflare
strict-transport-security: max-age=31536000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN https://cms.zscaler.com
x-nf-request-id: 01J9M62FT3FARTNGRAN3N7A8AQ
x-powered-by: Next.js
x-xss-protection: 1; mode=block

GET
H2 200 1395e54b70b06b444656a2f40c135374.js Show response
ob.iseaskies.com/i/ 108 KB
40 KB 437ms
133ms Script
text/javascript 2600:9000:23cb:9e00:c:d449:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:9e00:c:d449:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: fa5c21a013b645f008573c41ffaea2cb09df3ec637e75c0d23902e3703d989dc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=43200
content-encoding: gzip
etag: "1af74-8/Ri3G7sU5wzfi4qukfwRHTHL3k"
age: 24442
via: 1.1 2c6a244ba6cf015578de7d0a0b6908d4.cloudfront.net (CloudFront)
expires: Tue, 08 Oct 2024 00:20:19 GMT
x-cache: Hit from cloudfront
content-length: 40386
x-amz-cf-id: hTuiWRSG33fMl2AOe1M7Aa__ufNtD28m8yJ8FsMKbilhDtuXWEN_tg==
date: Mon, 07 Oct 2024 12:20:19 GMT
content-type: text/javascript; charset=utf-8
x-amz-cf-pop: JFK50-P1
server: Caddy

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 356 KB
41 KB 252ms
97ms Script
application/javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/OtAutoBlock.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eddd884436be08bc6ecaff1ea001f0f68eea7fe12664000a6f3646e07961a061

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-md5: wwQGGjy2I9fD9PfR8JuF1w==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCE50A464C63D1
age: 43724
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Tue, 08 Oct 2024 19:07:41 GMT
date: Mon, 07 Oct 2024 19:07:41 GMT
content-type: application/javascript
last-modified: Sat, 05 Oct 2024 06:52:27 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: e773a91a-201e-001b-6ef3-16bd18000000
cf-ray: 8cf02cee2c5a2abd-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 41741
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 22 KB
8 KB 208ms
85ms Script
application/javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efad755939e511f2bc1feb0d58d6014006e8598a4d431f27a66dd59e14fc19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-md5: uiXk8gw/ehyoMvZ3GeQiaQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCE678825116DD
x-ms-lease-status: unlocked
age: 19918
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 13:35:43 GMT
date: Mon, 07 Oct 2024 19:07:41 GMT
content-type: application/javascript
last-modified: Mon, 07 Oct 2024 02:34:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: f0e7f7a7-801e-00f8-33bd-185897000000
cf-ray: 8cf02cee2c5c2abd-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7214
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 image
www.zscaler.com/_next/ 343 KB
343 KB 1940ms
1935ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fblog-tile-img-700x467-ransomware.jpg&w=3840&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5bf9e709edea93b24c7135cdc0dd210313fd00a76c4ce484cc9bd13f14add1c

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

cf-cache-status: DYNAMIC
age: 2
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:42 GMT
content-type: image/avif
last-modified: Mon, 07 Oct 2024 19:07:42 GMT
vary: Accept
strict-transport-security: max-age=31536000; preload
content-security-policy: script-src 'none'
cache-control: public,max-age=300
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cf-ray: 8cf02cedac507ce0-LAX
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges: bytes
access-control-allow-origin: *
content-length: 350832
x-nf-request-id: 01J9M62M5F7GTZCY99ZKAA95WV
cache-status: "Netlify Edge"; fwd=miss
server: cloudflare

GET
H2 200 219e54771de95554-s.p.woff2
www.zscaler.com/_next/static/media/ 37 KB
37 KB 125ms
113ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/219e54771de95554-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
cf-cache-status: DYNAMIC
etag: "ee94ab2a11412903ad9756e2edb68d05-ssl"
age: 134
x-content-type-options: nosniff
cf-ray: 8cf02ced4bad7ce0-LAX
accept-ranges: bytes
content-length: 37876
x-nf-request-id: 01J9M62M39FEQECYD250V4Z6EY
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: font/woff2
server: cloudflare

GET
H2 200 86085b213eb89904-s.p.woff2
www.zscaler.com/_next/static/media/ 39 KB
39 KB 130ms
118ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/86085b213eb89904-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
cf-cache-status: DYNAMIC
etag: "9430f4d344e4fa79ef6a839ba362694c-ssl"
age: 51
x-content-type-options: nosniff
cf-ray: 8cf02ced4bae7ce0-LAX
accept-ranges: bytes
content-length: 40264
x-nf-request-id: 01J9M62M3BJ5N3JS1NT1FT2QZ4
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: font/woff2
server: cloudflare

GET
H2 200 9cdafb0650413334-s.p.woff2
www.zscaler.com/_next/static/media/ 39 KB
40 KB 139ms
128ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/9cdafb0650413334-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
cf-cache-status: DYNAMIC
etag: "aa81c4751d270062c6783d25c81b8021-ssl"
age: 134
x-content-type-options: nosniff
cf-ray: 8cf02ced4baf7ce0-LAX
accept-ranges: bytes
content-length: 40336
x-nf-request-id: 01J9M62M3G59N3EYZB8PNKZ8DA
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: font/woff2
server: cloudflare

GET
H2 200 4012cc4b67ad157d-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
10 KB 198ms
187ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/4012cc4b67ad157d-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
cf-cache-status: DYNAMIC
etag: "93ae142d2bfd17c936f3d91401658758-ssl"
age: 107
x-content-type-options: nosniff
cf-ray: 8cf02cedac447ce0-LAX
accept-ranges: bytes
content-length: 9592
x-nf-request-id: 01J9M62M4NAFQHDZSP3MX43R8K
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: font/woff2
server: cloudflare

GET
H2 200 41998fdc1b8220a0-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
10 KB 200ms
189ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/41998fdc1b8220a0-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
cf-cache-status: DYNAMIC
etag: "672d4a5030823e96757755c555bf2027-ssl"
age: 134
x-content-type-options: nosniff
cf-ray: 8cf02cedac467ce0-LAX
accept-ranges: bytes
content-length: 9620
x-nf-request-id: 01J9M62M4PS9EDAP59MB6F7EHN
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: font/woff2
server: cloudflare

GET
H2 200 edb9f1eb1c1a7ead-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
9 KB 200ms
189ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/edb9f1eb1c1a7ead-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
cf-cache-status: DYNAMIC
etag: "e32ff74f0d5d916b5dda832b01fd5fc8-ssl"
age: 134
x-content-type-options: nosniff
cf-ray: 8cf02cedac487ce0-LAX
accept-ranges: bytes
content-length: 8780
x-nf-request-id: 01J9M62M4PN2HG4JVKCYW73Z14
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: font/woff2
server: cloudflare

GET
H2 200 ce9b84dce7581e2b-s.p.woff2
www.zscaler.com/_next/static/media/ 9 KB
9 KB 192ms
187ms Font
font/woff2 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/media/ce9b84dce7581e2b-s.p.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.zscaler.com
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
cf-cache-status: DYNAMIC
etag: "067a5289e0e684ba833d5d7b2beb3f51-ssl"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac4a7ce0-LAX
accept-ranges: bytes
content-length: 8764
x-nf-request-id: 01J9M62M4PJ6308R4WZSXQ40ET
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: font/woff2
server: cloudflare

GET
H2 200 df28e5a99f1a7a7a.css
www.zscaler.com/_next/static/css/ 113 KB
22 KB 126ms
121ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/df28e5a99f1a7a7a.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f3372fb7b8a9653d0a799e71dc3195aa3fc7a8b08273a079749f7787e510456

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"8871372d708cc020f47e8eaaf02b8302-ssl-df"
age: 134
x-content-type-options: nosniff
cf-ray: 8cf02ced3ba17ce0-LAX
x-nf-request-id: 01J9M62M3B99P0YVCTVRA2PM0J
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 a4fc5e556b7ae865.css
www.zscaler.com/_next/static/css/ 93 KB
10 KB 101ms
96ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/a4fc5e556b7ae865.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7df1146c5c321131210e8251e38568f46755aa3b4118ebf5194ffe6c83282fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"8147fd844bc625b7e92a58ab8367af1f-ssl-df"
age: 129
x-content-type-options: nosniff
cf-ray: 8cf02ced3ba37ce0-LAX
x-nf-request-id: 01J9M62M2K52EHAPE1HRR675J1
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 d05e43edad140bdd.css
www.zscaler.com/_next/static/css/ 75 KB
10 KB 129ms
125ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d05e43edad140bdd.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff1babc9b98b9a6646d0ce248a7be2b355c8335c400f9b05e6cc28850d0b5b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"057edd035f82f8bc7255fbb070176e21-ssl-df"
age: 187
x-content-type-options: nosniff
cf-ray: 8cf02ced3ba77ce0-LAX
x-nf-request-id: 01J9M62M3BR6SJ5KDXG4GZJ83A
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 60ab7ffa9f7999ec.css
www.zscaler.com/_next/static/css/ 849 B
387 B 116ms
112ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/60ab7ffa9f7999ec.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"4fd28ce5d07640308fd628361ee9dd2e-ssl"
age: 7
x-content-type-options: nosniff
cf-ray: 8cf02ced3ba87ce0-LAX
x-nf-request-id: 01J9M62M36EFSJE724DN7EHB75
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
server: cloudflare

GET
H2 200 54b114f76a2643a4.css
www.zscaler.com/_next/static/css/ 14 KB
2 KB 120ms
116ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/54b114f76a2643a4.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"9b8c484af22ed99c9052a8a53f1fb90c-ssl-df"
age: 8
x-content-type-options: nosniff
cf-ray: 8cf02ced3ba97ce0-LAX
x-nf-request-id: 01J9M62M3E3J9V1HC1Y9D85MBG
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 e8412e4ec0acca6a.css
www.zscaler.com/_next/static/css/ 16 KB
2 KB 123ms
119ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/e8412e4ec0acca6a.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73361e78167bac3a8446cff21dd031c985a1a99ed5a33a4a51fca994342cdb02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"163b3b00d159c584c4f3433da5d8c8bf-ssl-df"
age: 180
x-content-type-options: nosniff
cf-ray: 8cf02ced3bab7ce0-LAX
x-nf-request-id: 01J9M62M3BFHZSFKNRXB5Q1D12
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 455227249223c84c.css
www.zscaler.com/_next/static/css/ 7 KB
1 KB 2310ms
2306ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/455227249223c84c.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"c7271019cbe209844cca8826be137418-ssl-df"
age: 2
x-content-type-options: nosniff
cf-ray: 8cf02ced4bac7ce0-LAX
x-nf-request-id: 01J9M62M3AC44C4WW5D5WB2B53
date: Mon, 07 Oct 2024 19:07:43 GMT
cache-status: "Netlify Edge"; fwd=stale
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 59cb0a1d87010ab3.css
www.zscaler.com/_next/static/css/ 19 KB
3 KB 192ms
188ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/59cb0a1d87010ab3.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c57780c294c4ac3bb4790f10f11ab4afe4e323819d2ae1278de9cc6b390fc7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"9036d3452601bc5060c3cd0511dd853c-ssl-df"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac4b7ce0-LAX
x-nf-request-id: 01J9M62M4RS8FZKJQKBPX4355V
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 d34fc117d4462dbb.css
www.zscaler.com/_next/static/css/ 7 KB
1 KB 193ms
190ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d34fc117d4462dbb.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"a2957e3f52eaaa2164c4c260e8a99bde-ssl-df"
age: 180
x-content-type-options: nosniff
cf-ray: 8cf02cedac4d7ce0-LAX
x-nf-request-id: 01J9M62M54715RWPBY0WTH2PJC
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 c688bfb319a77543.css
www.zscaler.com/_next/static/css/ 96 KB
13 KB 190ms
187ms Stylesheet
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/c688bfb319a77543.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d8db1e6933ea20fefa725b8f886ee547bf40b730b6f2ab25e917640aaf9f37b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"b8ac6b347d5bacbe00c4e2ea1c0eb70f-ssl-df"
age: 134
x-content-type-options: nosniff
cf-ray: 8cf02cedac4e7ce0-LAX
x-nf-request-id: 01J9M62M4QMNCXVENTJFSDSKMQ
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 7566.1aab9269b62f298f.js Show response
www.zscaler.com/_next/static/chunks/ 10 KB
4 KB 176ms
170ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/7566.1aab9269b62f298f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53383e308071f119680221c3529389b52db8b9fd233bac6f244c5912c2950598

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"ebac2132655b225bc4dd4a83ed087f65-ssl-df"
age: 4
x-content-type-options: nosniff
cf-ray: 8cf02cedac517ce0-LAX
x-nf-request-id: 01J9M62M5J536BXZ1F5FST7YFA
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 6804.777ea7ad2bf59dcd.js Show response
www.zscaler.com/_next/static/chunks/ 8 KB
3 KB 2364ms
2359ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6804.777ea7ad2bf59dcd.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd8134b4043cb1ce2a1641c56a93561d99bb541ff9820b3c0e115e1b70dd9be3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"c31c4e287a21317606022d71dc9b58eb-ssl-df"
age: 2
x-content-type-options: nosniff
cf-ray: 8cf02cedac537ce0-LAX
x-nf-request-id: 01J9M62M5KZPPJ3VQ8GRTZGEV5
date: Mon, 07 Oct 2024 19:07:43 GMT
cache-status: "Netlify Edge"; fwd=stale
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 537.8ad21235b8edef2f.js Show response
www.zscaler.com/_next/static/chunks/ 604 B
434 B 175ms
170ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/537.8ad21235b8edef2f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"eb0384336b3b3bd6ecd5fe6de7da10a3-ssl"
age: 186
x-content-type-options: nosniff
cf-ray: 8cf02cedac557ce0-LAX
x-nf-request-id: 01J9M62M5QYXVA5X3FKVMTHJAC
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
server: cloudflare

GET
H2 200 8338.059e5172eb1cf859.js Show response
www.zscaler.com/_next/static/chunks/ 115 KB
37 KB 2186ms
2181ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/8338.059e5172eb1cf859.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fbeee7b066c53e5cb023ba504ccb291d1db541e0965ec796fb049f28d8b4eb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"944f666863a743f58c17f7ee94abaaf1-ssl-df"
age: 2
x-content-type-options: nosniff
cf-ray: 8cf02cedac577ce0-LAX
x-nf-request-id: 01J9M62M5T976NRS7EPG9T33Q9
date: Mon, 07 Oct 2024 19:07:43 GMT
cache-status: "Netlify Edge"; fwd=stale
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 287.e61532ac21fee4b0.js Show response
www.zscaler.com/_next/static/chunks/ 4 KB
2 KB 167ms
162ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/287.e61532ac21fee4b0.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a07312906d3f7010bfca350c49ea96966131e417f225305c42c2cad3201c6501

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"c97af7786f4769c319b39988a357f803-ssl-df"
age: 180
x-content-type-options: nosniff
cf-ray: 8cf02cedac587ce0-LAX
x-nf-request-id: 01J9M62M4XFDQ1RQRYKMWJ9MCP
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 9775.864cadc11d0a4959.js Show response
www.zscaler.com/_next/static/chunks/ 3 KB
1 KB 165ms
160ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/9775.864cadc11d0a4959.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b677e677ced8c4a836aed76512f225e795edc1b19123c4cf94a765f8fe89d192

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"f4974b41a1ca9de478aa67bb323de449-ssl-df"
age: 180
x-content-type-options: nosniff
cf-ray: 8cf02cedac5a7ce0-LAX
x-nf-request-id: 01J9M62M4QXAXSFETET0ZZR6V4
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 1306.3de21e0b58c1dbf6.js Show response
www.zscaler.com/_next/static/chunks/ 7 KB
3 KB 180ms
176ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/1306.3de21e0b58c1dbf6.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36abed3d20085dbc2ef2778631d3f5efd0e8000db1925e2de3a18649671d4e02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"4341edcd3cc895da095a035c6f37094f-ssl-df"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac5b7ce0-LAX
x-nf-request-id: 01J9M62M5NQHKN5ZPN1VERB58D
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 2284.c5d0a6b845f2ee47.js Show response
www.zscaler.com/_next/static/chunks/ 3 KB
2 KB 165ms
161ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/2284.c5d0a6b845f2ee47.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b026ac8e9b650f8a85c8a082f913b04eaa7dde4bf82bef0512f352891b3e0758

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"2caf290570b3ed54cb6e58790db6b04c-ssl-df"
age: 7
x-content-type-options: nosniff
cf-ray: 8cf02cedac5c7ce0-LAX
x-nf-request-id: 01J9M62M4QS2C16J9D1R6XEQR5
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 893.54805bf89f589fdc.js Show response
www.zscaler.com/_next/static/chunks/ 42 KB
14 KB 178ms
175ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/893.54805bf89f589fdc.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76c645171496c5a2725d98c02c1628dc97fad5696e805bd1714846488c2ec7a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"e165934725b6b0fdf9d2a609bbd40dfd-ssl-df"
age: 134
x-content-type-options: nosniff
cf-ray: 8cf02cedac5e7ce0-LAX
x-nf-request-id: 01J9M62M5JKBVRZ6ECYDEBCER7
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 webpack-33a8d678fefac9b5.js Show response
www.zscaler.com/_next/static/chunks/ 11 KB
6 KB 179ms
175ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/webpack-33a8d678fefac9b5.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27994b9f6b7bb5288e9e4e749a4abe9973e852b0d8404bd890b45bb8a4050577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"d23f84839c874bdccf684f82748d53e1-ssl-df"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac607ce0-LAX
x-nf-request-id: 01J9M62M5SK52GKT1NK7T22KV7
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 framework-0e8d27528ba61906.js Show response
www.zscaler.com/_next/static/chunks/ 138 KB
45 KB 180ms
176ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/framework-0e8d27528ba61906.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd06da99f01b4d5e3fc4c54e4e3cf4ae18803c08bc113e4cb923638d6e683278

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"15c5453fde673f8d2d1a785c3079ec8f-ssl-df"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac627ce0-LAX
x-nf-request-id: 01J9M62M5RWXWFRMV2ER84SG3J
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 main-bf56e129e9a973c7.js Show response
www.zscaler.com/_next/static/chunks/ 110 KB
33 KB 179ms
176ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

774e08566a15a9afbb217705a2ca66fa20dc5b34885b6977d428220993147106

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"2f0931eeb810ed6316e8583b33333205-ssl-df"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac657ce0-LAX
x-nf-request-id: 01J9M62M5S34E68MHAVXKNFVKY
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 _app-4ee777d4cd72eaea.js Show response
www.zscaler.com/_next/static/chunks/pages/ 420 KB
136 KB 169ms
166ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/pages/_app-4ee777d4cd72eaea.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc35e2c681f28348ee2d8dbbdd2c54dda9eee8541271f9fc4dd4a8b51ecc592b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"d2d3c1ba515a87c7802fcfd7bd0481db-ssl-df"
age: 129
x-content-type-options: nosniff
cf-ray: 8cf02cedac667ce0-LAX
x-nf-request-id: 01J9M62M51NRDS5NF67S9MYXBZ
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 8402-ea954f022c14243d.js Show response
www.zscaler.com/_next/static/chunks/ 228 KB
63 KB 167ms
164ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/8402-ea954f022c14243d.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e12c02cd9e833878d4a8cb23d11f1964e9f6e8349e11bbae7c2f144596a5db6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"0a59ff228ce59fca220d0ed96dfa31aa-ssl-df"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac697ce0-LAX
x-nf-request-id: 01J9M62M538WSMDVWVAT1J9GSN
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5865-09ac5a68cb70c7f3.js Show response
www.zscaler.com/_next/static/chunks/ 135 KB
38 KB 212ms
210ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5865-09ac5a68cb70c7f3.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c3dfb68ff11fe295d20cdd98826c65161cf5d480d25f72b10d9a182f9e2a1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"29d1cb8e65d6157cd30fa2bb784eb560-ssl-df"
age: 129
x-content-type-options: nosniff
cf-ray: 8cf02cedac6d7ce0-LAX
x-nf-request-id: 01J9M62M5QZY37CMH8ZAFSA33D
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 544-5e0177eb88eaebc3.js Show response
www.zscaler.com/_next/static/chunks/ 74 KB
19 KB 166ms
164ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/544-5e0177eb88eaebc3.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb7d77be4c764da38c117e792075ad4aa2c0cf133f20be795dbdc9b50a11e1a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"759f60213e12db18fd162e9558aa389f-ssl-df"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac6f7ce0-LAX
x-nf-request-id: 01J9M62M57FG71ZA8Y1GM3WZ57
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 152-d76abd8bd106946f.js Show response
www.zscaler.com/_next/static/chunks/ 139 KB
31 KB 179ms
177ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/152-d76abd8bd106946f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e600b4627639b0a3855e49742ec16e1457470c341291907dad0348e715cb643

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"e95a34204f6ee61a2e375dd72b776210-ssl-df"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac737ce0-LAX
x-nf-request-id: 01J9M62M5JD0FCA8MMAHSNH7EK
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 %5B...slug%5D-218fa5ec72aca7fb.js Show response
www.zscaler.com/_next/static/chunks/pages/blogs/ 3 KB
2 KB 1912ms
1910ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/pages/blogs/%5B...slug%5D-218fa5ec72aca7fb.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2112436c0cd10289a8aee652a5a1bad029b0575272ac9d7bc1d724203247e06b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"153830af65e1823e69fee6225f2e8714-ssl-df"
age: 1
x-content-type-options: nosniff
cf-ray: 8cf02cedac747ce0-LAX
x-nf-request-id: 01J9M62M53GPM31097E0MCFYQQ
date: Mon, 07 Oct 2024 19:07:42 GMT
cache-status: "Netlify Edge"; fwd=stale
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 _buildManifest.js Show response
www.zscaler.com/_next/static/s16B4l5_QyQCqA9omng_o/ 3 KB
1 KB 165ms
163ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/s16B4l5_QyQCqA9omng_o/_buildManifest.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ebbbfd7704d7ef939cad696b7342b0553466b742df9e2c9905566ba0534f940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"beb3bf9811840e2e5cd8f57abec8d0fa-ssl-df"
age: 183
x-content-type-options: nosniff
cf-ray: 8cf02cedac757ce0-LAX
x-nf-request-id: 01J9M62M53M9NBCF60W2PXTVAA
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 _ssgManifest.js Show response
www.zscaler.com/_next/static/s16B4l5_QyQCqA9omng_o/ 449 B
344 B 171ms
170ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/s16B4l5_QyQCqA9omng_o/_ssgManifest.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42717a207578018b81bd5bfb13fd41672e8081f2fa517e078b437c080885bb3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"d483bd250a3ef832dcda9d330b187d08-ssl"
age: 33
x-content-type-options: nosniff
cf-ray: 8cf02cedac767ce0-LAX
x-nf-request-id: 01J9M62M586E7GZB9WSRMG1EX9
date: Mon, 07 Oct 2024 19:07:41 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
server: cloudflare

GET
H2 200 email-decode.min.js Show response
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
817 B 156ms
156ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"67000b37-4d7"
x-content-type-options: nosniff
cf-ray: 8cf02cedac7a7ce0-LAX
expires: Wed, 09 Oct 2024 19:07:41 GMT
date: Mon, 07 Oct 2024 19:07:41 GMT
content-type: application/javascript
last-modified: Fri, 04 Oct 2024 15:35:19 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 ct Show response
obs.iseaskies.com/ 4 KB
2 KB 428ms
153ms Script
text/javascript 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/ct?id=60409&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1728328061726&hl=2&op=0&ag=566412661&rand=7481027598909652716967809901208914018041869929737870295100995488762920797920801821827&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDg1MzJdLFsiYWJuY2giLDMyXSxbLTEzLCItIl0sWy0yMywiKyJdLFstMzEsImZhbHNlIl0sWy01MCwiLSJdLFstNjEsIntcIndnc2xcIjpcIjQ7cGFja2VkXzR4OF9pbnRlZ2VyX2RvdF9wcm9kdWN0O3VucmVzdHJpY3RlZF9wb2ludGVyX3BhcmFtZXRlcnM7cG9pbnRlcl9jb21wb3NpdGVfYWNjZXNzO3JlYWRvbmx5X2FuZF9yZWFkd3JpdGVfc3RvcmFnZV90ZXh0dXJlcztcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFstNDksIi0iXSxbLTU1LCIwIl0sWy02NiwiZ2VvbG9jYXRpb24sY2h1YWZ1bGx2ZXJzaW9ubGlzdCxjcm9zc29yaWdpbmlzb2xhdGVkLHNjcmVlbndha2Vsb2NrLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LHNoYXJlZHN0b3JhZ2VzZWxlY3R1cmwsY2h1YWFyY2gsY29tcHV0ZXByZXNzdXJlLGNocHJlZmVyc3JlZHVjZWR0cmFuc3BhcmVuY3ksdXNiLGNoc2F2ZWRhdGEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUsc2hhcmVkc3RvcmFnZSxydW5hZGF1Y3Rpb24sY2h1YWZvcm1mYWN0b3JzLGNoZG93bmxpbmssb3RwY3JlZGVudGlhbHMscGF5bWVudCxjaHVhLGNodWFtb2RlbCxjaGVjdCxhdXRvcGxheSxjYW1lcmEscHJpdmF0ZXN0YXRldG9rZW5pc3N1YW5jZSxhY2NlbGVyb21ldGVyLGNodWFwbGF0Zm9ybXZlcnNpb24saWRsZWRldGVjdGlvbixwcml2YXRlYWdncmVnYXRpb24saW50ZXJlc3Rjb2hvcnQsY2h2aWV3cG9ydGhlaWdodCxsb2NhbGZvbnRzLGNodWFwbGF0Zm9ybSxtaWRpLGNodWFmdWxsdmVyc2lvbix4cnNwYXRpYWx0cmFja2luZyxjbGlwYm9hcmRyZWFkLGdhbWVwYWQsZGlzcGxheWNhcHR1cmUsa2V5Ym9hcmRtYXAsam9pbmFkaW50ZXJlc3Rncm91cCxjaHdpZHRoLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24sYnJvd3Npbmd0b3BpY3MsZW5jcnlwdGVkbWVkaWEsZ3lyb3Njb3BlLHNlcmlhbCxjaHJ0dCxjaHVhbW9iaWxlLHdpbmRvd21hbmFnZW1lbnQsdW5sb2FkLGNoZHByLGNocHJlZmVyc2NvbG9yc2NoZW1lLGNodWF3b3c2NCxhdHRyaWJ1dGlvbnJlcG9ydGluZyxmdWxsc2NyZWVuLGlkZW50aXR5Y3JlZGVudGlhbHNnZXQscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGhpZCxjaHVhYml0bmVzcyxzdG9yYWdlYWNjZXNzLHN5bmN4aHIsY2hkZXZpY2VtZW1vcnksY2h2aWV3cG9ydHdpZHRoLHBpY3R1cmVpbnBpY3R1cmUsbWFnbmV0b21ldGVyLGNsaXBib2FyZHdyaXRlLG1pY3JvcGhvbmUiXSxbLTY5LCJMaW51eCB4ODZfNjR8R29vZ2xlIEluYy58OHwxNnx8MCJdLFstNywiLSJdLFstMzMsIi0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNjcsIi0iXSxbLTE1LCItIl0sWy0yNSwiLSJdLFstMjcsIlsxNTAsMTAsMCxcIjRnXCIsbnVsbF0iXSxbLTQ2LCIwIl0sWy01MSwiLSJdLFstNTMsIjEwMCJdLFstMTAsIi0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwib2c6dGl0bGVcIixcIm9nOmRlc2NyaXB0aW9uXCIsXCJ0d2l0dGVyOnRpdGxlXCIsXCJ0d2l0dGVyOmRlc2NyaXB0aW9uXCJdfSJdLFstMjYsIntcInRqaHNcIjo2NzQ1OTU5LFwidWpoc1wiOjQyMDUzODcsXCJqaHNsXCI6NDI5NDcwNTE1Mn0iXSxbLTI5LCItIl0sWy0zOSwiW1wiMjAwMzAxMDdcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDUsdHJ1ZSx0cnVlLG51bGwsMCx0cnVlLHRydWVdIl0sWy01NCwie1wiaFwiOltcIl8zXCIsXCIyODcyODk5MzIwXCJdLFwiZFwiOltdLFwiYlwiOltcIjExNzY3Mjg3ODdcIixcIjM0OTc4MTAxNzVcIl0sXCJzXCI6MX0iXSxbLTYwLDIwN10sWy03MSwiYTAxMTAwMTAxMDAxMDAxMDEwMDAxMDEwMDExMTExMDEwMDAwMTAiXSxbLTgsIi0iXSxbLTI4LCJlbi1VUyxlbiJdLFstMzAsIltcInZcIiwwXSJdLFstMzYsIltcIjQvM1wiLFwiNC8zXCJdIl0sWy02NCwiWzAsXCJcIixbXV0iXSxbLTQsIjxodG1sIGxhbmc9XCJlblwiPjxoZWFkPjxtZXRhIGNoYXJzZXQ9XCJ1dGYtOFwiPjxtZXRhIG5hbWU9XCJ2aWV3cG9ydFwiIGNvbnRlbnQ9XCJ3aWR0aD1kZXZpY2Utd2lkdGhcIj48c2NyaXB0IGFzeW5jPVwiXCIgc3JjPVwiaHR0cHM6Ly9vYi5pc2Vhc2tpZXMuY29tL2kvMTM5NWU1NGI3MGIwNmI0NDQ2NTZhMmY0MGMxMzUzNzQuanNcIiBkYXRhLWNoPVwiY2hlcTRwcGNcIiBjbGFzcz1cImpzeC0xNTMxNjM5MzM1IGN0X2NsaWNrdHJ1ZV82MDQwOVwiPjwvc2NyaXB0PjxsaW5rIHJlbD1cInByZWNvbm5lY3RcIiBocmVmPVwiLy9pbmZvLnpzY2FsZXIuY29tXCIgY2xhc3M9XCJqc3gtMTUzMTYzOTMzNVwiPjxzY3JpcHQgaWQ9XCJjb29raWVsYXctT3RBdXRvQmxvY2stc2NyaXB0XCIgdHlwZT1cInRleHQvamF2YXNjcmlwdFwiIHNyYz1cImh0dHBzOi8vY2RuLmNvb2tpZWxhdy5vcmcvY29uc2VudC8zZTg5NDk3MC1lM2U5LTQ3ODMtODVlOS03YzM4ZWVkYmZiYmYvT3RBdXRvQmxvY2suanNcIiBkZWZlcj1cIlwiIGNsYXNzPVwianN4LTE1MzE2MzkzMzVcIj48L3NjcmlwdD48c2NyaXB0IGlkPVwiY29va2llbGF3LW90U0RLU3R1Yi1zY3JpcHRcIiBzcmM9XCJodHRwczovL2Nkbi5jb29raWVsYXcub3JnL3NjcmlwdHRlbXBsYXRlcy9vdFNES1N0dWIuanNcIiBkYXRhLWxhbmd1YWdlPVwiZW5cIiBkYXRhLWRvY3VtZW50LWxhbmd1YWdlPVwidHJ1ZVwiIHR5cGU9XCJ0ZXh0L2phdmFzY3JpcHRcIiBkYXRhLWRvbWFpbi1zY3JpcHQ9XCIzZTg5NDk3MC1lM2U5LTQ3ODMtODVlOS03YzM4ZWVkYmZiYmZcIiBkZWZlcj1cIlwiIGNsYXNzPVwianN4LTE1MzE2MzkzMzVcIj48L3NjcmlwdD48c2NyaXB0IGlkPVwiY29va2llbGF3LU9wdGFub25XcmFwcGVyLXNjcmlwdFwiIGNsYXNzPVwianN4LTE1MzE2MzkzMzVcIj5cbiAgICAgICAgICAgICAgICBmdW5jdGlvbiBPcHRhbm9uV3JhcHBlcigpIHsgfVxuICAgICAgICAgICAgICA8L3NjcmlwdD48dGl0bGU%2BUGlrYWJvdCBVcGRhdGVzIHwgVGhyZWF0TGFiejwvdGl0bGU%2BPG1ldGEgbmFtZT1cImRlc2NyaXB0aW9uXCIgY29udGVudD1cIlVwZGF0ZXMgdG8gUGlrYWJvdCBicmluZyBsZXNzIGFkdmFuY2VkIHN0cmluZyBvYmZ1c2NhdGlvbiBhbmQgYSBtb2RpZmllZCBuZXR3b3JrIHByb3RvY29sXCI%2BPGxpbmsgcmVsPVwiY2Fub25pY2FsXCIgaHJlZj1cImh0dHBzOi8vd3d3LnpzY2FsZXIuY29tL2Jsb2dzL3NlY3VyaXR5LXJlc2VhcmNoL2QtZXZvbHV0aW9uLXBpa2Fib3RcIj48bGluayBocmVmPVwiaHR0cHM6Ly93d3cuenNjYWxlci5jb20vYmxvZ3Mvc2VjdXJpdHktcmVzZWFyY2gvZC1ldm9sdXRpb24tcGlrYWJvdFwiIHJlbD1cImFsdGVybmF0ZVwiIGhyZWZsYW5nPVwiZW5cIj48bGluayBocmVmPVwiaHR0cHM6Ly93d3cuenNjYWxlci5jb20vanAvYmxvZ3Mvc2VjdXJpdHktcmVzZWFyY2gvZC1ldm9sdXRpb24tcGlrYWJvdFwiIHJlbD1cImFsdGVybmF0ZVwiIGhyZWZsYW5nPVwiamFcIj48bGluayBocmVmPVwiaHR0cHM6Ly93d3cuenNjYWxlci5jb20vZnIvYmxvZ3Mvc2VjdXJpdHktcmVzZWFyY2gvZC1ldm9sdXRpb24tcGlrYWJvdFwiIHJlbD1cImFsdGVybmF0ZVwiIGhyZWZsYW5nPVwiZW4tZnJcIj48bGluayBocmVmPVwiaHR0cHM6Ly93d3cuenNjYWxlci5jb20vZGUvYmxvZ3Mvc2VjdXJpdHktcmVzZWFyY2gvZC1ldm9sdXRpb24tcGlrYWJvdFwiIHJlbD1cImFsdGVybmF0ZVwiIGhyZWZsYW5nPVwiZW4tZGVcIj48bGluayBocmVmPVwiaHR0cHM6Ly93d3cuenNjYWxlci5jb20vaXQvYmxvZ3Mvc2VjdXJpdHktcmVzZWFyY2gvZC1ldm9sdXRpb24tcGlrYWJvdFwiIHJlbD1cImFsdGVybmF0ZVwiIGhyZWZsYW5nPVwiZW4taXRcIj48bGluayBocmVmPVwiaHR0cHM6Ly93d3cuenNjYWxlci5jb20vbXgvYmxvZ3Mvc2VjdXJpdHktcmVzZWFyY2gvZC1ldm9sdXRpb24tcGlrYWJvdFwiIHJlbD1cImFsdGVybmF0ZVwiIGhyZWZsYW5nPVwiZW4tbXhcIj48bGluayBocmVmPVwiaHR0cHM6Ly93d3cuenNjYWxlci5jb20vYnIvYmxvZ3Mvc2VjdXJpdHktcmVzZWFyY2gvZC1ldm9sdXRpb24tcGlrYWJvdFwiIHJlbD1cImFsdGVybmF0ZVwiIGhyZWZsYW5nPVwiZW4tYnJcIj48bGluayBocmVmPVwiaHR0cHM6Ly93d3cuenNjYWxlci5jb20vZXMvYmxvIl0sWy0xNywiMTYiXSxbLTE4LCJbMCwwLDAsMV0iXSxbLTU4LCItIl0sWy02MywiLSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiaW50ZWwgaW5jLlwiLFwiclwiOlwiaW50ZWwgaXJpcyBvcGVuZ2wgZW5naW5lXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjcsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjoxOTMwODIwMjc5LFwic2VjXCI6XCJcIn0iXSxbLTIsIjI0LGVBSFdYMS9mM3F6Q3Zia3V5bVF3Z2xJYUYzcElzZ0lJalNRKzhpS2dxSTBvc0lBaXBGRUVRUklrVWdkRVFRcFVvSlNBdENBcVNIOUd5eTdaV1orZXIvZCtlOTJid3NDU0QvMWUiXSxbLTEyLCJudWxsIl0sWy0xOSwiWzMwLDMwLDMwLDMwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjg1LDE2MDAsMTIwMCwwLDAsMCwwLFwiLVwiLFwiLVwiLDE2MDAsMTIwMF0iXSxbLTIwLCItIl0sWy0yMSwiLSJdLFstMzgsImwsLTEsLTEsMCwwLDIsMCwxOSwxNDcsNDQ1MywtMSwwLCwsNTI5Myw1Mjk0Il0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAxMTAwMTAxMTAxMDAwMDAxMCJdLFstNDUsIjYyMCw2NzcsMCwwLDAsNTYyLDAsMCw2NDgsMCwwLDAsMCwwLDAsMCwwLDAsMCw2ODQsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTQ4LCIwLDAiXSxbLTU3LCJXRTBaVjF4T2NWaFhYVlZjU3hjRldsWlVTVXhOWEYwSEdXSllTaGxZU1VsVlFHUVpFVnhQV0ZVWldFMFpCVmhYVmxkQVZGWk1TZ2NaRVFNT0F3Z01DUW9KQVJBVkdRVllWMVpYUUZSV1RFb0hBd2dCQXdvSkVCVllUUmw0UzB0WVFCZEtYQmtSVVUxTlNVb0RGaFpXV3hkUVNseFlTbEpRWEVvWFdsWlVGbEFXQ0FvQURGd01EVnNPQ1ZzSkQxc05EUTBQREE5WUMxOE5DVm9JQ2d3S0RnMFhVMG9EQ0FNUEFRZ0lEUkFWV0UwWlN4a1JVVTFOU1VvREZoWldXeGRRU2x4WVNsSlFYRW9YV2xaVUZsQVdDQW9BREZ3TURWc09DVnNKRDFzTkRRMFBEQTlZQzE4TkNWb0lDZ3dLRGcwWFUwb0RDQU1PQ3c0T0RSQT0iXSxbLTU5LCJkZWZhdWx0Il0sWy03MCwiLSJdLFstMSwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNSwiLSJdLFstMTQsIi0iXSxbLTE2LCIwIl0sWy0yNCwiW10iXSxbLTM0LCItIl0sWy00NywiUGFjaWZpYy9Ib25vbHVsdSxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTYyLCI4MCJdLFstNjgsIi0iXSxbMzcsIlszMzE2MjI0MDQ5LGZ1bmN0aW9uKG5ld1ZhbHVlKSB7XG4gICAgICAgICAgICAgIGFkZENvbnRlbnRXaW5kb3dQcm94eSh0aGlzKVxuICAgICAgICAgICAgICAvLyBSZXNldCBwcm9wZXJ0eSwgdGhlIGhvb2sgaXMgb25seSBuZWVkZWQgb25jZVxuICAgICAgICAgICAgICBPYmplY3QuZGVmaW5lUHJvcGVydHkoaWZyYW1lLCAnc3JjZG9jJywge1xuICAgICAgICAgICAgICAgIGNvbmZpZ3VyYWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgd3JpdGFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHZhbHVlOiBfc3JjZG9jXG4gICAgICAgICAgICAgIH0pXG4gICAgICAgICAgICAgIF9pZnJhbWUuc3JjZG9jID0gbmV3VmFsdWVcbiAgICAgICAgICAgIH1dIl0sWyJibmNoIiwxODZdLFstNiwiLSJdLFstOSwiKyJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTMyLCItIl0sWy0zNSwiWzE3MjgzMjgwNjE3MjIsMTBdIl0sWy00MCwiMzMiXSxbLTQxLCItIl0sWy00NCwiMCwwLDAsNSJdLFstNTIsIi0iXSxbLTY1LCItIl0sWyJkZGIiLCIwLDIzLDAsMiwwLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsNDYsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDEsMSwwLDAsMCwwLDAsMiwxMCwwLDksMCwyLDEsMCwwLDAsMSwwLDEsMCwxLDAsMTQsMCwwLDAsMCwwLDAsMCwwLDAsMSwwIl0sWyJjYiIsIjAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDgsMCwwLDEsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMywxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCw5LDEsMCwwLDAsMCwwLDAsMCwwLDEiXV0%3D&dep=0&pre=0&sdd=%7B%7D&cri=3Ld6YgsP19&pto=5326&ver=62&gac=-&mei=&ap=&fe=1&duid=1.1728328061.kveDrs7uJRAHJOat&suid=1.1728328061.dohWBp2vHk8UXyiC&tuid=1.1728328061.urhBtdTFBgf3HCtK&fbc=-&gtm=-&it=39%2C4554%2C576&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 034670cb9e3af1fbed10543f9a300275601ed7e988c793f71ddc9557d02ab139

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: https://www.zscaler.com
content-encoding: gzip
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-length: 1318
date: Mon, 07 Oct 2024 19:07:42 GMT
content-type: text/javascript

GET 92adaeb5-3cc4-45a0-9fdf-b4979f0da065
https://www.zscaler.com/ Frame 0
0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 344 KB
112 KB 463ms
175ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9

Requested by

Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7680afb36c4d51ede32810262853ca53f0177c29b5cbc0a578ce408657f4a991

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 07 Oct 2024 19:07:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:42 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 114335
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
58 KB 296ms
134ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:42 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=130, rtx=0, c=24, mss=1232, tbw=8182, tp=13, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: suZiWV8YV16f7SZusDvYLJQGvpSFcsMGnRIfNPzSp8QifLom2qVIAWvodb+8w5L66WU0pa0+XrykDN3jT3S6ww==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59131
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
15 KB 425ms
102ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "803483b3aaadb1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1CBD747F3AC94C5A8035E9306527342D Ref B: CO1EDGE2607 Ref C: 2024-10-07T19:07:42Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14402
date: Mon, 07 Oct 2024 19:07:42 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 15:43:41 GMT
vary: Accept-Encoding

GET
H3

200

/
www.google.com/pagead/1p-conversion/812494211/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=778515817&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWx...
https://www.google.com/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=778515817&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQI&pscrd...

42 B
64 B

436ms
165ms

Image
image/gif

142.250.72.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=778515817&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQI&pscrd=IhMI8Nbb4fv8iAMV4x9oCB1exh9qMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwDpaXnfLiMyGuflsluhJHdV3X9FFLFkng02aw&random=2558083346

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Server

142.250.72.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 07 Oct 2024 19:07:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://www.google.com/pagead/1p-conversion/812494211/?label=v1JUCMXA-c8ZEIPbtoMD&guid=ON&script=0&ct_cookie_present=false&random=778515817&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQI&pscrd=IhMI8Nbb4fv8iAMV4x9oCB1exh9qMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS8&is_vtc=1&cid=CAQSGwDpaXnfLiMyGuflsluhJHdV3X9FFLFkng02aw&random=2558083346
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 42
date: Mon, 07 Oct 2024 19:07:42 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 tc_imp.gif
obs.iseaskies.com/tracker/ 43 B
79 B 133ms
132ms Image
image/gif 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.iseaskies.com/tracker/tc_imp.gif?e=37dfbd8ee84e001268e6c437e2478c9f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5811896d2e17071a10acf9f29f674e8bd5dc0e7a3c48ab7d730d8e39d96ac251380720975b055c645256c1bf3d4f77be26bb25cb43e2916af05665ff0b2d7e1bda55ed43f497d7df3cbb2807ff7ecaa8556d8e0e3143714493d60264f360b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf7278ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e8289b36ec5345ad2afca794a1ef4346aadc64135e689ad258700ae47b7871fcb4ed9d36d9a6d279c9b22da6198cefab6cdb3f11338ae6bf2fbb9234e2bfb94248efe01e0141a54954309da8dcec8cff18021853bd79fa29873f867342483692c978490446ad6a774bf0ce9845b9d7aa33270607def16923b9c89ee79bfc7609452a79fdbd87683550435ac0f4f1d3e483e9fec5485059a8c8764fdcd2bbd872f9adabab03d9fb7e358766e8ff91e1c9bf7471a03feacba74f762cfab58afa07da060b26fc4158d4386ec65984435eebccc74232d375259570542f4a5f538c008a5585c5f3baee63c83c14d52bac18ba8b67edffff8eec4a4bdfb204c3ff25b85b45f728243651bd77f5c716cf678b37719c2ebc77f8b60d7258cb72dcdb80e99670e2120017d0f9dc0e4df3a67568605469dd0c5a6b3cd5a1983b1be7f8ad2757bd9bf0e2e3dbcc88d442ba5269b5e9818eb3c991adbce12e6e174b7efca919f02188d914319fd27e29facb955d93560040f86695d51b6a1578cee1cca9f9ad60092dfe0414e3501c666a360c21cebf27b8a200764186e6f75f35b90803457b16cc2aff533d8d108ce2c01eb45185aedbf8709229d358e9c0cc845715658b650419ebd952c9245349a9901f58e99aefc1d890c117b4aac157005c5cf524eb03dfbec9578cdc1e60d5e75be78605555dd1d51fa8bae4544d2707bd0948e5ddb94e78d4b28ba2ca95829059d5c297ec9c25b02d883a1c4e8b110e826b4319676839d08c4f1ea7261ba944ac382ace387e1dcc93d4788e23947c27ceb4aef02beb770f1919ac77be4d789bbae0b&cri=3Ld6YgsP19&ts=441&cb=1728328062167
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
date: Mon, 07 Oct 2024 19:07:42 GMT
pragma: no-cache
content-type: image/gif

GET 0f6a583b-0119-4c60-8930-b233e97d48cb
https://www.zscaler.com/ Frame 0
0

GET
H2 200 295018432.js Show response
bat.bing.com/p/action/ 371 B
427 B 102ms
102ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/295018432.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0e0c8cedb72a7e5a3080203509132486e267e5d1b0c5c6eae78ac16f7928ff01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E2639E29CB804EE3B793EB2BEB87ED62 Ref B: CO1EDGE2607 Ref C: 2024-10-07T19:07:42Z
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 19:07:42 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H3 200 1778897272132032 Show response
connect.facebook.net/signals/config/ 80 KB
16 KB 184ms
183ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1778897272132032?v=2.9.170&r=stable&domain=www.zscaler.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

9b0c767358df0c4abfbdbbf942642c0a99c6a2a30e6efce507727f764cf5496c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'unsafe-inline' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:42 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=131, rtx=0, c=77, mss=1232, tbw=71098, tp=68, tpl=0, uplat=51, ullat=0
pragma: public
x-fb-debug: g/ttRshYfxLy+SpbhWC9vWaIqnuExp5Akq+08rCMlHJfBT0/UmjXMFTOsVRYB0DNPWvjbMmxAKTfONR7DJTu+Q==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 /
www.facebook.com/tr/ 0
270 B 409ms
132ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1778897272132032&ev=CHEQ&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&rl=&if=false&ts=1728328062826&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728328062823.262621782154733197&ler=empty&cdl=API_unavailable&it=1728328062619&coo=false&rqm=GET

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=131, rtx=0, c=10, mss=1297, tbw=2918, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 488ms
212ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1778897272132032&ev=CHEQ&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&rl=&if=false&ts=1728328062826&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728328062823.262621782154733197&ler=empty&cdl=API_unavailable&it=1728328062619&coo=false&rqm=FGET

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423112509439582381"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423112509439582381"}],"group":"network-errors"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: ggFPvKC6eIBxeowsICbDPes6RQbuAkUrdXTkb2kiO+ZXLucFsPpwnGMi0EiI6lsVcruq1HAOp5mJ/3Dd1OBw0w==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7423112509439582381", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
cache-control: private, no-store, no-cache, must-revalidate
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=131, rtx=0, c=10, mss=1297, tbw=3232, tp=-1, tpl=-1, uplat=73, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

POST
H2 204 collect
analytics.google.com/g/ 0
0 262ms
99ms Fetch
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4a20v883639532za200&_p=1728328062164&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&cid=1989145454.1728328063&ecid=2125701858&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728328063&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&dt=Pikabot%20Updates%20%7C%20ThreatLabz&en=CQ&_fv=1&_nsi=1&_ss=1&_ee=1&up.cq_category=bots&tfd=6639
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.zscaler.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
554 B 412ms
141ms Ping
text/plain 2607:f8b0:4004:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=1989145454.1728328063&gtm=45je4a20v883639532za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101671035~101747727
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.zscaler.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 12A5 0
0 451ms
169ms Document
text/html 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-10SPJ4YJL9&gacid=1989145454.1728328063&gtm=45je4a20v883639532za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101529666~101671035~101747727&z=811798388

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 19:07:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 202 KB
73 KB 188ms
184ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-6177009-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f41954a2fc47731f779222d4412fc91423f4b25aaba150f299d0d1bc4fc59dad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 07 Oct 2024 19:07:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 18:23:07 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 74739
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 290 KB
97 KB 177ms
175ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

752fc4c483c910180a1cff93b98a210ef57346dbf246805cde5c2728b87a55dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 07 Oct 2024 19:07:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 18:23:07 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 98750
x-xss-protection: 0
server: Google Tag Manager

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
16 B 151ms
147ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.zscaler.com/

Response headers

access-control-allow-origin: https://www.zscaler.com
content-length: 0
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
147 B 135ms
133ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.zscaler.com/

Response headers

access-control-allow-origin: https://www.zscaler.com
content-length: 0
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 image
www.zscaler.com/_next/ 4 KB
4 KB 114ms
113ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=%2Fassets%2Fimages%2Fdefault-avatar.png&w=96&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09ffe1ebce8835c9b4d8232b59214200e95e6c2d2a3d67aba4d3f578051cd3a8

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

cf-cache-status: DYNAMIC
age: 150
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: image/avif
last-modified: Mon, 07 Oct 2024 19:05:13 GMT
vary: Accept
strict-transport-security: max-age=31536000; preload
content-security-policy
cache-control: public,max-age=0,must-revalidate
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cf-ray: 8cf02cfbbedd7ce0-LAX
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3824
x-nf-request-id: 01J9M62PB051A7A12Z7PTPQRJB
cache-status: "Netlify Edge"; fwd=stale
server: cloudflare

GET
H2 200 figure_1_4.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/ 57 KB
58 KB 271ms
270ms Image
image/png 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/figure_1_4.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fe9ec953a481215d1cb1859845485b5842e61e0a20d650ba35f688bb885e944

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

cf-cache-status: REVALIDATED
etag: "cfU6pFrOWFlVne2pARDhOA5Ue91gWqs-rDoNB_ezzVDw"
cf-bgj: imgq:0,h2pri
cf-resized: internal=ok/d q=0 n=137+108 c=0+0 v=2024.9.4 l=58674 f=false
warning: cf-images 299 "cache-control is too restrictive", cf-images 299 "original is 19982B smaller"
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: image/png
last-modified: Mon, 12 Feb 2024 17:19:53 GMT
vary: Accept, Accept-Encoding
priority: u=4;i=?0,cf-chb=(37;u=2;i=?0 507;u=5;i=?0)
strict-transport-security: max-age=31536000; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control: max-age=300
cf-ray: 8cf02cfbbede7ce0-LAX
accept-ranges: bytes
content-length: 58674
server: cloudflare

GET
H2 200 figure_2_4.png
www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/ 25 KB
25 KB 972ms
971ms Image
image/png 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/cdn-cgi/image/format=auto/sites/default/files/images/blogs/figure_2_4.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6f2f47cfaaf607ca160352f152ff7c8c8364ffc29c2a7fb9d1f2cd02fc32055

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

cf-cache-status: MISS
etag: "cfNpP2jy3IbQMtNgKHh3UWcN1e1gWqs-rDoNB_ezzVDw"
cf-bgj: imgq:0,h2pri
cf-resized: internal=ok/d q=0 n=513+152 c=0+0 v=2024.10.0 l=25586 f=false
warning: cf-images 299 "cache-control is too restrictive", cf-images 299 "original is 109B smaller"
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: image/png
last-modified: Mon, 12 Feb 2024 17:22:27 GMT
vary: Accept, Accept-Encoding
priority: u=4;i=?0,cf-chb=(37;u=2;i=?0 507;u=5;i=?0)
strict-transport-security: max-age=31536000; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control: max-age=300
cf-ray: 8cf02cfbcee07ce0-LAX
accept-ranges: bytes
content-length: 25586
server: cloudflare

GET
H2 200 3e894970-e3e9-4783-85e9-7c38eedbfbbf.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/ 6 KB
2 KB 260ms
116ms XHR
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/3e894970-e3e9-4783-85e9-7c38eedbfbbf.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ab49fd90ca814517ecccd0199152e764e8fcb16e0fd6ed91358d3aea88f753f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-md5: HpD+28GsI57ANX5weGb5dA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCE50A42B7B0F7
age: 42895
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Tue, 08 Oct 2024 19:07:43 GMT
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: application/json
last-modified: Sat, 05 Oct 2024 06:52:21 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 4506cec4-a01e-000a-41f3-168a03000000
cf-ray: 8cf02cfcbc8d0fb5-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1854
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 7763.d758ee891eda7402.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
754 B 95ms
93ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/7763.d758ee891eda7402.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-33a8d678fefac9b5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"0500e040eba5ed9e5d82333085bd8bd7-ssl-df"
age: 133
x-content-type-options: nosniff
cf-ray: 8cf02cfc7fcf7ce0-LAX
x-nf-request-id: 01J9M62PEDTGCKMGVDQD7A2AWA
date: Mon, 07 Oct 2024 19:07:43 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5551.c4fb596d5a66633e.js Show response
www.zscaler.com/_next/static/chunks/ 1000 B
784 B 2219ms
2218ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/5551.c4fb596d5a66633e.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-33a8d678fefac9b5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"b43ee5b23a7cf90ba2dca725f4930f2a-ssl"
age: 2
x-content-type-options: nosniff
cf-ray: 8cf02cfc7fd07ce0-LAX
x-nf-request-id: 01J9M62PEDYFPBP5A4148NGFFN
date: Mon, 07 Oct 2024 19:07:45 GMT
cache-status: "Netlify Edge"; fwd=stale
content-type: application/javascript; charset=UTF-8
server: cloudflare

GET
H2 200 6023.ccb3fff03c4fa91a.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
725 B 96ms
95ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6023.ccb3fff03c4fa91a.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-33a8d678fefac9b5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"39ccbb757c413d78d0f9a1a8014d51bb-ssl-df"
age: 133
x-content-type-options: nosniff
cf-ray: 8cf02cfc7fd17ce0-LAX
x-nf-request-id: 01J9M62PEEEDPTCVBYMZJFHS0K
date: Mon, 07 Oct 2024 19:07:43 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 790.d7dc94c2ef6f512f.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
835 B 94ms
94ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/790.d7dc94c2ef6f512f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-33a8d678fefac9b5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"6ff1ada259784a3388a9c23908ebebdc-ssl-df"
age: 133
x-content-type-options: nosniff
cf-ray: 8cf02cfc7fd37ce0-LAX
x-nf-request-id: 01J9M62PEE50TZZT8SN8DXC76P
date: Mon, 07 Oct 2024 19:07:43 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 6831.3072668993ea221f.js Show response
www.zscaler.com/_next/static/chunks/ 1 KB
723 B 97ms
97ms Script
application/javascript 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/chunks/6831.3072668993ea221f.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/webpack-33a8d678fefac9b5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"7c416a32791e45716f8ef3dec7caa745-ssl-df"
age: 100
x-content-type-options: nosniff
cf-ray: 8cf02cfc7fd67ce0-LAX
x-nf-request-id: 01J9M62PEKKE15HE4V4FR9K5JC
date: Mon, 07 Oct 2024 19:07:43 GMT
cache-status: "Netlify Edge"; hit
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 forms2.min.js Show response
info.zscaler.com/js/forms2/js/ 199 KB
67 KB 380ms
128ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/js/forms2.min.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0602c4fb1597b7e6e111fe79777e195cacbc73774fcaf233a7835b33372dceae

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "2f40283-31b91-62370c030d900"
age: 2318
x-content-type-options: nosniff
cf-ray: 8cf02cfece48cf4d-SJC
expires: Mon, 07 Oct 2024 23:07:43 GMT
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: application/x-javascript
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 396 KB
125 KB 177ms
176ms Script
application/javascript 142.251.40.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.136 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

fa059430738cdbf7a8c346c42f832af2f8e0e241e586fdb5ec0d71dd58a0a775

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Mon, 07 Oct 2024 19:07:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 18:23:07 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 127563
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 image
www.zscaler.com/_next/ 20 KB
20 KB 786ms
785ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2F----category-images%2FantiVirus%2Fzscaler-blog-antivirus-4%25402x_0.jpg&w=600&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03e5ad9078ac2743c1a71b9bf1f8b61c1682f78f142aa8d0ec63d4b42c9f77ea

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

cf-cache-status: DYNAMIC
age: 2
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: image/avif
last-modified: Mon, 07 Oct 2024 19:07:44 GMT
vary: Accept
strict-transport-security: max-age=31536000; preload
content-security-policy: script-src 'none'
cache-control: public,max-age=300
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cf-ray: 8cf02cfd48d07ce0-LAX
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20171
x-nf-request-id: 01J9M62PJQE2BP717V60ZDC3DY
cache-status: "Netlify Edge"; fwd=stale
server: cloudflare

GET
H2 200 image
www.zscaler.com/_next/ 55 KB
55 KB 116ms
115ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fblog-tile-img-700x467-generic-code.jpg&w=600&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c27a7c526472e28e86e6ddffb1ab014c73fecaff290dce62b86d1896a88e97eb

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

cf-cache-status: DYNAMIC
age: 556
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: image/avif
last-modified: Mon, 07 Oct 2024 18:58:27 GMT
vary: Accept
strict-transport-security: max-age=31536000; preload
content-security-policy: script-src 'none'
cache-control: public,max-age=300
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cf-ray: 8cf02cfd48d17ce0-LAX
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56164
x-nf-request-id: 01J9M62PJYX5793B8RN1ZYMH4A
cache-status: "Netlify Edge"; fwd=miss
server: cloudflare

GET
H2 200 image
www.zscaler.com/_next/ 31 KB
31 KB 477ms
477ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2F----category-images%2Fbotnets%2Fzscaler-blog-botnets-1%25402x.jpg&w=600&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35f7f766216b5d4b77d11c9556216ea6dca0c02cb480af3f8e37425aa55199d8

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

cf-cache-status: DYNAMIC
age: 0
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: image/avif
last-modified: Mon, 07 Oct 2024 19:07:43 GMT
vary: Accept
strict-transport-security: max-age=31536000; preload
content-security-policy: script-src 'none'
cache-control: public,max-age=300
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cf-ray: 8cf02cfd48d27ce0-LAX
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges: bytes
access-control-allow-origin: *
content-length: 32068
x-nf-request-id: 01J9M62PJKXZCV6V3F7S7XH9GC
cache-status: "Netlify Edge"; fwd=miss
server: cloudflare

GET
H2 200 a4fc5e556b7ae865.css Show response
www.zscaler.com/_next/static/css/ 93 KB
93 B 90ms
89ms Fetch
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/a4fc5e556b7ae865.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7df1146c5c321131210e8251e38568f46755aa3b4118ebf5194ffe6c83282fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"8147fd844bc625b7e92a58ab8367af1f-ssl-df"
age: 129
x-content-type-options: nosniff
cf-ray: 8cf02cfd48d67ce0-LAX
x-nf-request-id: 01J9M62PJV5S35CPAFK8H4VGWF
date: Mon, 07 Oct 2024 19:07:43 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 d05e43edad140bdd.css Show response
www.zscaler.com/_next/static/css/ 75 KB
93 B 91ms
89ms Fetch
text/css 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/_next/static/css/d05e43edad140bdd.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff1babc9b98b9a6646d0ce248a7be2b355c8335c400f9b05e6cc28850d0b5b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"057edd035f82f8bc7255fbb070176e21-ssl-df"
age: 187
x-content-type-options: nosniff
cf-ray: 8cf02cfd48d77ce0-LAX
x-nf-request-id: 01J9M62PJWZMAQZGJSKC1TB6EW
date: Mon, 07 Oct 2024 19:07:43 GMT
cache-status: "Netlify Edge"; hit
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 233ms
75ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-6177009-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: gzip
age: 4692
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:49:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 17:49:31 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 5 KB
2 KB 178ms
177ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1728328063589&cv=11&fst=1728328063589&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

1d58425769217cb47be85d239260e430b96bbaad508ce06e269ce4633a515a9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2374
date: Mon, 07 Oct 2024 19:07:43 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 812494211
td.doubleclick.net/td/rul/ Frame 6886 0
0 179ms
179ms Document
text/html 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/812494211?random=1728328063589&cv=11&fst=1728328063589&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 19:07:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/812494211/ 6 KB
3 KB 158ms
158ms Script
text/javascript 142.250.72.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/812494211/?random=1728328063639&cv=11&fst=1728328063639&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f2.1e100.net

Software

cafe /

Resource Hash

a959f8b2ed719935a773a8aceec009ba524c7cb69b95cae370414c9f4bd6a8cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 2700
date: Mon, 07 Oct 2024 19:07:43 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 812494211
td.doubleclick.net/td/rul/ Frame 6377 0
0 173ms
172ms Document
text/html 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/812494211?random=1728328063639&cv=11&fst=1728328063639&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&ct_cookie_present=0

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 19:07:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 image
www.zscaler.com/_next/ 215 KB
216 KB 1080ms
1078ms Image
image/avif 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fblog-tile-img-700x467-ransomware.jpg&w=1920&q=75

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee854e0f94d3a28c8d68a2d25586e453969668db0e27d665cb7509b2d9f50b35

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

cf-cache-status: DYNAMIC
age: 2
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: image/avif
last-modified: Mon, 07 Oct 2024 19:07:44 GMT
vary: Accept
strict-transport-security: max-age=31536000; preload
content-security-policy: script-src 'none'
cache-control: public,max-age=300
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cf-ray: 8cf02cfe3a227ce0-LAX
netlify-vary: query=url|crop|fit|fm|h|height|position|q|quality|timestamp|w|width
accept-ranges: bytes
access-control-allow-origin: *
content-length: 220602
x-nf-request-id: 01J9M62PQA39B06QQNZM7W9W4X
cache-status: "Netlify Edge"; fwd=miss
server: cloudflare

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 71 B
309 B 375ms
196ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4da8a6638ad70698ad3d01aa0ef124aebe35c297685c0796b174822f597b1d09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: application/json
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8cf02cffffe77c24-LAX
access-control-allow-origin: *
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H2 200 117186981.js Show response
cdn.intellimize.co/snippet/ 487 KB
107 KB 255ms
74ms Script
application/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.intellimize.co/snippet/117186981.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/_next/static/chunks/main-bf56e129e9a973c7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1c2450a344cc27a7fd79d867fc73d4f595d481e56bfbcfe29b49a8e9e9e29c43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, must-revalidate
content-encoding: gzip
etag: "05df5304203870cf484581c4b3553500c--gzip"
age: 231
x-timer: S1728328064.909787,VS0,VE1
via: 1.1 varnish
accept-ranges: bytes
x-cache: HIT
content-length: 108923
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: application/javascript;charset=utf-8
x-served-by: cache-lax-kwhp1940074-LAX
x-cache-hits: 1
vary: Intellimize-Namespace, Intellimize-StatusModule, Accept-Encoding

GET
H3 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
64 B 168ms
167ms Image
image/gif 142.250.72.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1728328063589&cv=11&fst=1728327600000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfrK_6S0HQCoa_Huf8VesAGMcvwOBHvzZX05AExdZX6jW85AvN&random=104004742&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.72.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 07 Oct 2024 19:07:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3

200

/
www.google.com/pagead/1p-conversion/812494211/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=240938949&cv=11&fst=1728328063639&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l...
https://www.google.com/pagead/1p-conversion/812494211/?random=240938949&cv=11&fst=1728328063639&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=10167...

42 B
64 B

168ms
168ms

Image
image/gif

142.250.72.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/812494211/?random=240938949&cv=11&fst=1728328063639&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgiQybECSid0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMInaWs4vv8iAMVUQloCB3GwimhMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS9CWENoRUk4STJPdUFZUW5hR2w2NmEwNkpiQUFSSXRBSUM1VHB0WXhaOGExRzlUcHk1NU9jVHRvQjU1T1lTZ1huSkllcGdhaGhyX3d1bmhyZ1h4X2hocDkwTWY&is_vtc=1&cid=CAQSKQDpaXnfFfrTC5SZsuln5XBxCNF2c7jS8bWu-P0uGLrPv8CdWyYVwIbV&random=1905585511

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Server

142.250.72.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 07 Oct 2024 19:07:44 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://www.google.com/pagead/1p-conversion/812494211/?random=240938949&cv=11&fst=1728328063639&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&label=v1JUCMXA-c8ZEIPbtoMD&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&gtm_ee=1&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgiQybECSid0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMInaWs4vv8iAMVUQloCB3GwimhMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhhodHRwczovL3d3dy56c2NhbGVyLmNvbS9CWENoRUk4STJPdUFZUW5hR2w2NmEwNkpiQUFSSXRBSUM1VHB0WXhaOGExRzlUcHk1NU9jVHRvQjU1T1lTZ1huSkllcGdhaGhyX3d1bmhyZ1h4X2hocDkwTWY&is_vtc=1&cid=CAQSKQDpaXnfFfrTC5SZsuln5XBxCNF2c7jS8bWu-P0uGLrPv8CdWyYVwIbV&random=1905585511
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 42
date: Mon, 07 Oct 2024 19:07:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
419 B 104ms
99ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1332018074&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&ul=en-us&de=UTF-8&dt=Pikabot%20Updates%20%7C%20ThreatLabz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1275368225&gjid=1207040905&cid=1989145454.1728328063&tid=UA-6177009-1&_gid=489379032.1728328064&_r=1&gtm=457e4a20z8883639532za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&jsscut=1&z=1217791425

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.zscaler.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:43 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.zscaler.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
2 KB 748ms
234ms Script
application/x-javascript 23.204.6.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.6.193 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-204-6-193.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Content-Encoding: gzip
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Connection: keep-alive
Accept-Ranges: bytes
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length: 729
Date: Mon, 07 Oct 2024 19:07:44 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 6934ae2b-4c76-4229-97d0-8f637b004b88.js Show response
j.6sc.co/j/ 4 KB
2 KB 724ms
223ms Script
application/javascript 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-196-3-184.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: gzip
etag: "afb8c61166e7f50fe6d7ab7b6377733c"
x-amz-version-id: uLuCr1hhLpJjZt0sFSB89FSJa4YqIrE7
expires: Mon, 07 Oct 2024 19:37:44 GMT
x-amz-cf-id: zmHzYsWG3YY-Wnx-R-GSjOKezJdWBZSIU9lnIKVP1fu2MVgQIcH86w==
date: Mon, 07 Oct 2024 19:07:44 GMT
last-modified: Tue, 02 May 2023 17:36:47 GMT
vary: Accept-Encoding
content-type: application/javascript
x-amz-meta-content-type: application/json
cache-control: private, max-age=1800
accept-ranges: bytes
content-length: 1178
x-amz-cf-pop: JFK50-P6
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202409.1.0/ 457 KB
111 KB 94ms
94ms Script
application/javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81a50b09cb85e4ff68788f763b8dcdc549414cecf42ca228a55ab77c971f1286

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-md5: Mq8sWt7aN99kE/VZ97+T8Q==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCE1C01C720462
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 61705
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/javascript
last-modified: Tue, 01 Oct 2024 02:24:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 18b5e165-501e-00d8-056e-14345b000000
cf-ray: 8cf02d00ab1c2abd-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 113760
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 storage.html
117186981.intellimizeio.com/ Frame 9E0E 0
0 530ms
153ms Document
text/html 18.204.24.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://117186981.intellimizeio.com/storage.html

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.204.24.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-204-24-143.compute-1.amazonaws.com

Software

/ Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 5628
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 19:07:44 GMT
etag: W/"15fc-Uk1A5QrccB7iUltcerqKsVx8Uo0"
strict-transport-security: max-age=15552000; includeSubDomains
x-powered-by: Express

POST
H2 200 117186981 Show response
api.intellimize.co/context-v2/ 582 B
663 B 556ms
161ms Fetch
application/json 3.217.147.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.intellimize.co/context-v2/117186981

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.217.147.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-217-147-72.compute-1.amazonaws.com

Software

Resource Hash

dfa0c4945ca8300301ccd1bf48c46b2fc1b75b8fb0f76d35c3704c35134d3438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.zscaler.com
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/json
vary: Accept-Encoding, Origin

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 135ms
133ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.zscaler.com/

Response headers

access-control-allow-origin: https://www.zscaler.com
content-length: 0
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 getForm Show response
info.zscaler.com/index.php/form/ 6 KB
2 KB 111ms
110ms Script
application/javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=7971&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&callback=jQuery371012646057165087488_1728328063974&_=1728328063975
Requested by: Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0416551b4774020f8529fc662df505361fe640c8fdc432e9a2c82b5d74cc1ae2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cf-ray: 8cf02d017900cf4d-SJC
cached: true
content-encoding: gzip
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 getForm Show response
info.zscaler.com/index.php/form/ 6 KB
2 KB 102ms
101ms Script
application/javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=1944&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&callback=jQuery371012646057165087488_1728328063976&_=1728328063977
Requested by: Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9472a35859944100861f094b0b0b7e3bbaefcd8c041e765c30efda1bcbba07fa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cf-ray: 8cf02d017904cf4d-SJC
cached: true
content-encoding: gzip
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/0190bafd-b0a2-7437-b479-4ee8be7d3331/ 211 KB
36 KB 106ms
106ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/0190bafd-b0a2-7437-b479-4ee8be7d3331/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

116fd48e3b985abdfd9d18e7d0b99e08018f4b86bda69514f22df0f5352b5179

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-md5: NLPS42P7tPKREE7X03MLmA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCE50A46054A59
age: 42045
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Tue, 08 Oct 2024 19:07:44 GMT
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/json
last-modified: Sat, 05 Oct 2024 06:52:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: ad8790ab-001e-0007-3df3-16650f000000
cf-ray: 8cf02d01bb990fb5-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 36875
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 forms2.css
info.zscaler.com/js/forms2/css/ 13 KB
3 KB 123ms
123ms Stylesheet
text/css 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/css/forms2.css

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "301120-3437-62370c030d900"
age: 1534
x-content-type-options: nosniff
cf-ray: 8cf02d0229d3cf4d-SJC
expires: Mon, 07 Oct 2024 23:07:44 GMT
accept-ranges: bytes
content-length: 2623
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: text/css
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 forms2-theme-round.css
info.zscaler.com/js/forms2/css/ 4 KB
1 KB 103ms
102ms Stylesheet
text/css 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/css/forms2-theme-round.css

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "30111f-e46-62370c030d900"
age: 6574
x-content-type-options: nosniff
cf-ray: 8cf02d0229d4cf4d-SJC
expires: Mon, 07 Oct 2024 23:07:44 GMT
accept-ranges: bytes
content-length: 968
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: text/css
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 6635.js Show response
script.crazyegg.com/pages/scripts/0097/ 7 KB
3 KB 258ms
97ms Script
text/javascript 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21abbc4eb5809f0a7787d61130694af28a7ae193c77efeddead9a44871708960

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-bgj: minify
cf-cache-status: HIT
age: 7814
cf-polished: origSize=6996
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: text/javascript
last-modified: Mon, 07 Oct 2024 16:57:30 GMT
vary: Accept-Encoding
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8cf02d03ab53ceb9-SJC
access-control-allow-origin: *
ce-version: 11.5.293
server: cloudflare

GET
H2 200 rudder-analytics.min.js Show response
cdn.rudderlabs.com/v1.1/ 124 KB
36 KB 570ms
151ms Script
application/javascript 2600:9000:26fa:da00:16:a497:9700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26fa:da00:16:a497:9700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f00bcec7905b2b58275c21018b38b6b381d91ae0a47a4ab091843e9d8434e3fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

vary: Accept-Encoding
cache-control: max-age=3600
content-encoding: br
etag: W/"1964272a93ab9d666763e63dce857c09"
age: 1091
via: 1.1 db3aadb774ec5a569953130c5f0264d0.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: -ZIKzRHqTzNM_NuRR_XslJS9sRR32qiDKrO-CX3XKPXx3UI8Ch1B1w==
date: Mon, 07 Oct 2024 18:49:34 GMT
content-type: application/javascript
last-modified: Thu, 03 Oct 2024 10:34:34 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P1
x-amz-server-side-encryption: AES256

GET
H2 200 jukebox.js Show response
cdn-app.pathfactory.com/production/jukebox/current/ 1 MB
315 KB 431ms
147ms Script
application/javascript 52.85.61.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-125.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 76e23459d85448d82eb9efc5e6fc0cf092be8cc7f3fe53a834828c3981c1df2f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

vary: Accept-Encoding
cache-control: max-age=43200
content-encoding: gzip
x-amz-version-id: null
etag: W/"aa420909e693ad6935b58aab3bb6ef79"
age: 24060
via: 1.1 a034e5b3e703810e3023d56d31897ebc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: uC_IkFs6de2BmZ-Qj3jZe9lLbEdEShAGFLGtnVz3HYJHw2R4kQOOpw==
date: Mon, 07 Oct 2024 12:26:44 GMT
content-type: application/javascript
last-modified: Wed, 25 Sep 2024 18:05:13 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/ls5n6kuHTzTz5mrQOaETWLapAF9XBXuI/ 103 KB
29 KB 574ms
164ms Script
text/javascript 13.226.38.199
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/ls5n6kuHTzTz5mrQOaETWLapAF9XBXuI/analytics.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.38.199 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-38-199.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9f55eaa5439e74776935de31e1873860df2be6585c83eb2bc518820db3d1ca16

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
x-amz-version-id: tb5aoJ7jG1YatB2G.iIhDsHt9hKybc.q
etag: W/"cea53a484bdbd25de97e27dfc1b84c26"
age: 47
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: 4_5Ya6wuMnI78wAvIZn3MhFkECWftzL8gPFZ_-xCALvo0zWkh6Qr7A==
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 12 Sep 2024 19:42:21 GMT
x-amz-replication-status: COMPLETED
cache-control: public, max-age=120
via: 1.1 b759e26bde22770788987f2078515d9a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: EWR53-C2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202409.1.0/assets/ 13 KB
3 KB 90ms
90ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202409.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-md5: RGlYb2KBTfdkPpxIxwwu0g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCE1C018E3D8DC
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 42045
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/json
last-modified: Tue, 01 Oct 2024 02:23:54 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 344e23aa-401e-00e5-5ff3-16817d000000
cf-ray: 8cf02d02ace90fb5-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3003
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202409.1.0/assets/ 5 KB
2 KB 85ms
85ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202409.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-md5: fyGpUoUy0eZkGUgUg6MkZA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCE1C019EA37CF
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 42045
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/json
last-modified: Tue, 01 Oct 2024 02:23:56 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 071389e4-901e-008a-2df3-1629a9000000
cf-ray: 8cf02d02aceb0fb5-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1738
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202409.1.0/assets/ 24 KB
4 KB 86ms
86ms Fetch
text/css 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202409.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-md5: HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 42045
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: text/css
last-modified: Tue, 01 Oct 2024 02:24:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 66711a3c-301e-0062-70f3-16d452000000
cf-ray: 8cf02d02acee0fb5-LAX
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

POST
H2 204 collect
analytics.google.com/g/ 0
0 99ms
98ms Fetch
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4a20v883639532z871607006za200&_p=1728328062164&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&gdid=dYWJhMj&cid=1989145454.1728328063&ecid=2125701858&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&ec_mode=a&_s=2&sid=1728328063&sct=1&seg=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&dt=Pikabot%20Updates%20%7C%20ThreatLabz&en=page_view&ep.author_name=Nikolaos%20Pantazopoulos&ep.blog_child_category=Threatlabz%20Research&ep.blog_parent_category=Security%20Research&ep.content_group=Blogs&epn.hit_timestamp=1728328064405&epn.loading_time_seconds=0&ep.nid=75241&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&ep.site_classification=marketing&ep.z_error=false&_et=1370&up.clientid=(not%20set)&up.debug_info=id%3DGTM-5SLZFK%26v%3D533%26debug%3Dfalse&up.firmographic_name_domain=(not%20set)%20((not%20set))&up.firmographic_location=(not%20set)%3B%20(not%20set)%3B%20(not%20set)%3B%20&up.firmographic_revenue=(not%20set)&up.firmographic_employee=(not%20set)&tfd=8014
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.zscaler.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 XDFrame Show response
info.zscaler.com/index.php/form/ Frame 85A2 2 KB
872 B 164ms
162ms Document
text/html 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/index.php/form/XDFrame

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 8cf02d039b66cf4d-SJC
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 19:07:44 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 204 0
bat.bing.com/action/ 0
228 B 246ms
245ms Image
text/plain 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=295018432&Ver=2&mid=da5b5121-1f98-4d17-9580-9126496adb74&sid=6e3019a084df11ef9b1d2dde57791790&vid=6e30534084df11efa98197032b223b9d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Pikabot%20Updates%20%7C%20ThreatLabz&p=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&r=&evt=pageLoad&sv=1&cdb=AQAQ&rn=912040

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8152A69017674347860D85F42B81DF37 Ref B: CO1EDGE2607 Ref C: 2024-10-07T19:07:44Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 19:07:44 GMT

GET
H2 204 0
bat.bing.com/action/ 0
359 B 104ms
103ms Image
text/plain 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=295018432&Ver=2&mid=da5b5121-1f98-4d17-9580-9126496adb74&sid=6e3019a084df11ef9b1d2dde57791790&vid=6e30534084df11efa98197032b223b9d&vids=0&msclkid=N&ec=CHEQ&el=Invalid_Users&ev=0&ea=Invalid_Users&en=Y&p=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&sw=1600&sh=1200&sc=24&evt=custom&cdb=AQAQ&rn=349189

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AB9472909902409BA114FAC2B0588516 Ref B: CO1EDGE2607 Ref C: 2024-10-07T19:07:44Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 19:07:44 GMT

GET
H2 200 zscaler-variation-icon-white.png
cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a45-0895-769c-98f3-3c1fe55032d8/4236b48d-ea25-4244-9a2c-7169994f2a39/ 1 KB
2 KB 87ms
87ms Image
mage/png 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/0ab9c0b7-247a-4ae1-b653-bc1c2e1efb99/018e5a45-0895-769c-98f3-3c1fe55032d8/4236b48d-ea25-4244-9a2c-7169994f2a39/zscaler-variation-icon-white.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-md5: AjwaatmEihRgIitZTQhd5w==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
etag: 0x8DC4977A9B3C7D0
age: 16839
cf-cache-status: HIT
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: mage/png
last-modified: Thu, 21 Mar 2024 07:22:27 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: ad137d8c-001e-003f-3b67-7bf120000000
cf-ray: 8cf02d03df0d2abd-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1448
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H3 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
64 B 162ms
161ms Image
image/gif 142.250.72.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1728328063589&cv=11&fst=1728328063589&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967za200zb883639532&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.72.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 07 Oct 2024 19:07:44 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 www.zscaler.com.json Show response
script.crazyegg.com/pages/data-scripts/0097/6635/site/ 101 KB
11 KB 207ms
125ms XHR
application/json 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6635/site/www.zscaler.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae37c378332e58282f1bc7ba114f3b2406e069499f9b6c49a2d4ce77c19ac5c3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: HIT
age: 7778
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/json
last-modified: Mon, 07 Oct 2024 16:58:06 GMT
vary: Accept-Encoding
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8cf02d04db95cebd-SJC
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10812
ce-version: 11.5.293
server: cloudflare

POST
H2 200 117186981 Show response
api.intellimize.co/prediction/ 68 B
379 B 137ms
136ms Fetch
application/json 3.217.147.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.intellimize.co/prediction/117186981

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.217.147.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-217-147-72.compute-1.amazonaws.com

Software

Resource Hash

02063dd115384c5f2a2aff143cbf85ceeff43b7fe2d02fd7843d8bf3038104a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.zscaler.com
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/json
vary: Accept-Encoding, Origin

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 135ms
135ms Script
application/javascript 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

3a600a8b86e938acf4c39f392719678cbeee228d2ee698fbf3f310e99db4347a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66f5de53-111c3"
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 22:07:44 GMT
accept-ranges: bytes
content-length: 18820
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Thu, 26 Sep 2024 22:21:07 GMT

GET
H2 200 forms2.min.js Show response
info.zscaler.com/js/forms2/js/ Frame 85A2 199 KB
0 0ms
0ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.zscaler.com/js/forms2/js/forms2.min.js

Requested by

Host: info.zscaler.com
URL: https://info.zscaler.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0602c4fb1597b7e6e111fe79777e195cacbc73774fcaf233a7835b33372dceae

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://info.zscaler.com/index.php/form/XDFrame

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "2f40283-31b91-62370c030d900"
age: 2318
x-content-type-options: nosniff
cf-ray: 8cf02cfece48cf4d-SJC
expires: Mon, 07 Oct 2024 23:07:43 GMT
date: Mon, 07 Oct 2024 19:07:43 GMT
content-type: application/x-javascript
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 549a6814898f6b7cf24792d03d7de2b7.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 103 KB
35 KB 103ms
102ms Script
text/javascript 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/549a6814898f6b7cf24792d03d7de2b7.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9e1f73d998e105fcf2b3362487f420e7364e7828795c9317f5cbb0a7e28bb5b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
content-encoding: gzip
cf-bgj: minify
cf-cache-status: HIT
age: 7817
cf-ray: 8cf02d05ede3ceb9-SJC
cf-polished: origSize=105507
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:44 GMT
content-type: text/javascript
last-modified: Fri, 27 Sep 2024 12:54:28 GMT
vary: Accept-Encoding
server: cloudflare

POST
H2 200 logger
log.intellimize.co/ 3 B
316 B 318ms
102ms Ping
application/json 35.163.3.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://log.intellimize.co/logger

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.163.3.3 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-163-3-3.us-west-2.compute.amazonaws.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.zscaler.com
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/json
vary: Accept-Encoding, Origin

POST
H2 200 logger
log.intellimize.co/ 3 B
315 B 319ms
102ms Ping
application/json 35.163.3.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://log.intellimize.co/logger

Requested by

Host: cdn.intellimize.co
URL: https://cdn.intellimize.co/snippet/117186981.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.163.3.3 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-163-3-3.us-west-2.compute.amazonaws.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.zscaler.com
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/json
vary: Accept-Encoding, Origin

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
703 B 434ms
147ms XHR
application/json 68.67.161.182
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.161.182 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 162.245.206.245; 162.245.206.245; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.zscaler.com
an-x-request-uuid: b5a9342c-fbe8-4428-952e-5dfac05be380
content-length: 11
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 07 Oct 2024 19:07:45 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 145ms
134ms XHR
text/html 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-196-3-184.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.zscaler.com
content-length: 7
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 18 B
309 B 445ms
134ms XHR
text/html 2600:141b:1c00:2e::17d1:48d1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2e::17d1:48d1 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 1fdddb377d6442ed4a9ea71787b84b868c358163da4c5ecbdc55a65ea280a713

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2a04:c604:615:1::6
expires: Mon, 07 Oct 2024 19:07:45 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1728328065161_399550033_1823778843_16_748_134_152_219";dur=1
access-control-allow-origin: https://www.zscaler.com
content-length: 18
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/html
vary: Origin

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/ls5n6kuHTzTz5mrQOaETWLapAF9XBXuI/ 675 B
1 KB 422ms
135ms Fetch
application/json 13.226.38.199
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/ls5n6kuHTzTz5mrQOaETWLapAF9XBXuI/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/ls5n6kuHTzTz5mrQOaETWLapAF9XBXuI/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.38.199 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-38-199.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a40d1546fd476759f8530c4d04bd302d2ef93dbec0f59ce4a146c19d3da74620

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

access-control-max-age: 3000
x-amz-version-id: vbyMOf9yBJyaAGRLekZ4NEK7jzYsiY2N
etag: "109f07df7e363973c100541ce10289a8"
age: 6783
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: d1uHTRD-6u_Uv088_Vex0GOJfVopJrH6UVw14dRr_oXoZoew42ouxg==
date: Mon, 07 Oct 2024 17:14:43 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 12 Sep 2024 19:42:23 GMT
x-amz-replication-status: COMPLETED
cache-control: public, max-age=10800
via: 1.1 c704491f877b150c768ef14eb188ed46.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 675
x-amz-cf-pop: EWR53-C2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 660 B
590 B 257ms
107ms XHR
application/json 99.83.231.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash: 1362ad7199ef6585442f4cb16faba76503e5cf440ca0a82490f19497cd6a75bc

Request headers

Authorization: Token 1dc729230d6b8d19bab5e6236d81f60c4dca0823
X-6s-CustomID: WebTag 6934ae2b-4c76-4229-97d0-8f637b004b88
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com
content-encoding: gzip
x-6si-region
access-control-allow-credentials: true
access-control-allow-origin: https://www.zscaler.com
content-length: 331
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/json
vary: Origin, Accept-Encoding

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 253ms
80ms Preflight 99.83.231.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.zscaler.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
content-length: 0
date: Mon, 07 Oct 2024 19:07:45 GMT
timing-allow-origin: https://6sense.com
x-6si-region

GET
H2 200 / Show response
api.rudderstack.com/sourceConfig/ 526 B
1 KB 144ms
142ms XHR
application/json 18.164.116.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rudderstack.com/sourceConfig/?p=cdn&v=2.48.19&writeKey=2iW16CYfMWw5tCRDZVbyXGVWLNR

Requested by

Host: cdn.rudderlabs.com
URL: https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.116.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-116-13.jfk50.r.cloudfront.net

Software

Resource Hash

3b5008724c1f81d00251e8462e2bd516bc4b697e4e0a4da0dba7215f0c74c007

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Authorization: Basic MmlXMTZDWWZNV3c1dENSRFpWYnlYR1ZXTE5SOg==
Referer: https://www.zscaler.com/

Response headers

x-request-id: 245023e0-84df-11ef-84c4-ed8af5b62ab4
access-control-expose-headers: X-Request-ID
age: 126
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: DKRtgd9juGhd7cLJPODQszx9Q4ZC9EjKs2DNE5VcvvUPhDH_QI8Idw==
date: Mon, 07 Oct 2024 19:05:39 GMT
content-type: application/json; charset=utf-8
vary: Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
access-control-allow-credentials: true
x-download-options: noopen
via: 1.1 ae4e162eb9c0a598fcb6475e70daa530.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 526
x-xss-protection: 1; mode=block
x-amz-cf-pop: JFK50-P6

OPTIONS
H2 204 /
api.rudderstack.com/sourceConfig/ Frame 0
0 427ms
132ms Preflight 18.164.116.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rudderstack.com/sourceConfig/?p=cdn&v=2.48.19&writeKey=2iW16CYfMWw5tCRDZVbyXGVWLNR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.116.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-116-13.jfk50.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: *
access-control-max-age: 900
age: 175
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:04:50 GMT
vary: Origin
via: 1.1 ae4e162eb9c0a598fcb6475e70daa530.cloudfront.net (CloudFront)
x-amz-cf-id: oiGc28NMfUWVgB-doxLMGnMGcdzm-KRGkxDfRCq6DkbCJlxlzVDDag==
x-amz-cf-pop: JFK50-P6
x-cache: Hit from cloudfront
x-request-id: 06f1d460-84df-11ef-acce-e52088b8ee83

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 203ms
142ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A44%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.28

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:45 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 233ms
172ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22ab9750bca4342498694e239e304dd3a9%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2019%3A07%3A44%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%221dc729230d6b8d19bab5e6236d81f60c4dca0823%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2019%3A07%3A44%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2019%3A07%3A44%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2019%3A07%3A44%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%226934ae2b-4c76-4229-97d0-8f637b004b88%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2019%3A07%3A44%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2019%3A07%3A44%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2019%3A07%3A44%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.28

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:45 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 133ms
131ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.zscaler.com/

Response headers

access-control-allow-origin: https://www.zscaler.com
content-length: 0
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H3 200 www.zscaler.com.json Show response
script.crazyegg.com/pages/data-scripts/0097/6635/sampling/ 154 B
358 B 95ms
94ms XHR
application/json 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6635/sampling/www.zscaler.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/549a6814898f6b7cf24792d03d7de2b7.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aef6de5ec7f540dbb35027a93f1e45dd100aa31309a1e659ed2ba08abc8cd3d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: HIT
age: 7779
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/json
last-modified: Mon, 07 Oct 2024 16:58:06 GMT
vary: Accept-Encoding
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8cf02d07aecbcebd-SJC
accept-ranges: bytes
access-control-allow-origin: *
content-length: 145
ce-version: 11.5.293
server: cloudflare

GET 268ba05c-849c-40d9-acaa-c25854a10b68
https://www.zscaler.com/ Frame 0
0

GET
H2 200 clock Show response
tracking.crazyegg.com/ 41 B
148 B 411ms
149ms XHR
text/plain 3.128.9.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1&tk=80f93ae68d664369d14c6654f4ff8042&u=976635&s=366477&p=%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&v=44bcbef503c3034968930660db606cbb0da648c4&f=zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-pikabot&ul=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/549a6814898f6b7cf24792d03d7de2b7.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.128.9.82 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-128-9-82.us-east-2.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 5a8bf1c99af0f8603282867326008c7e3754270f051178b6c3ecb9b2d7478d9b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-store
access-control-allow-origin: *
content-length: 41
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/plain
server: awselb/2.0

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ 19 B
462 B 407ms
132ms XHR
application/json 13.35.93.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/549a6814898f6b7cf24792d03d7de2b7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-19.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Access-Control-Allow-Origin
etag: "d06f04fccf68d0b228a5923187ce1afd"
age: 10584120
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: w7hoN4-9mDKS6PmViCh_gGBQfX1Rn8z4vMmMHyYXhe7_uy9FhnAyjQ==
date: Fri, 07 Jun 2024 07:05:46 GMT
content-type: application/json
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
via: 1.1 9ad14e3f9b528d4215643d5af359b816.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19
x-amz-cf-pop: JFK50-P8
server: AmazonS3

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ 19 B
462 B 418ms
135ms XHR
application/json 18.238.49.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/549a6814898f6b7cf24792d03d7de2b7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.49.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-49-36.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Access-Control-Allow-Origin
etag: "d06f04fccf68d0b228a5923187ce1afd"
age: 4196348
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: Nf0NqezZynE79NPfgthPMMxi4uWmdhPPGBEB7s1x84O6qdYfEaOWmQ==
date: Tue, 20 Aug 2024 05:28:38 GMT
content-type: application/json
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
via: 1.1 d2b8f634cf8ac5ec77dee366297223bc.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19
x-amz-cf-pop: JFK52-P3
server: AmazonS3

OPTIONS
H2 200 init
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 400ms
131ms Preflight 54.197.61.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/init?image=&title=&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&clientId=LB-C77DA94E-11109
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.61.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-61-92.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.zscaler.com
access-control-expose-headers
access-control-max-age: 7200
date: Mon, 07 Oct 2024 19:07:45 GMT

GET
H2 200 init Show response
jukebox.pathfactory.com/api/public/v1/ 2 KB
1 KB 431ms
177ms XHR
application/json 54.197.61.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/init?image=&title=&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&clientId=LB-C77DA94E-11109

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.61.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-61-92.compute-1.amazonaws.com

Software

Resource Hash

f7c5b53c0c987810b73a24d75835c7c05b1e9dce209466c244cb3ef96e710b1a

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 7200
x-request-id: 6c414122-cb94-49b3-bfbb-aaf064ae695d
access-control-expose-headers
content-encoding: gzip
etag: W/"f7c5b53c0c987810b73a24d75835c7c0"
x-content-type-options: nosniff
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: application/json; charset=utf-8
vary: Accept, Origin, Accept-Encoding
x-runtime: 0.045710
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.zscaler.com

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 143ms
142ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=ipv6&q=%7B%22address%22%3A%222a04%3Ac604%3A615%3A1%3A%3A6%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a04%3Ac604%3A615%3A1%3A%3A6&v=1.1.28

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:45 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
16 B 134ms
132ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.zscaler.com/

Response headers

access-control-allow-origin: https://www.zscaler.com
content-length: 0
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
174 B 309ms
98ms Fetch
application/json 35.160.151.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/ls5n6kuHTzTz5mrQOaETWLapAF9XBXuI/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.160.151.220 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-160-151-220.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000
access-control-allow-origin: https://www.zscaler.com
content-length: 21
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/json
vary: Origin

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 88 KB
28 KB 458ms
150ms Script
text/javascript 2600:9000:23cb:800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0641409d1c3cdd9d398534537a3e3d0e158460b7c1e4238cbcd3f14d401a4896

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Access-Control-Max-Age: 600
Content-Encoding: gzip
X-Amz-Version-Id: .Fua6NBvbeFgt3YS8TrI.AAUhGMnBc.Y
Etag: W/"134913a92e99352a5bf756fefc528ffc"
Age: 1792
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: kiPKynHbWfPr1L1UtMYCLVGzHgg4ajoMW5AQMtflUb2azM5-UNzQBg==
Date: Mon, 07 Oct 2024 18:37:55 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Last-Modified: Mon, 30 Sep 2024 15:57:53 GMT
Access-Control-Allow-Headers: *
Transfer-Encoding: chunked
Cache-Control: max-age=3600, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 fcf7ae9d0acd31cfede668ccef6e2ace.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Amz-Cf-Pop: JFK50-P1
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 433ms
137ms Script
application/javascript 2600:141b:1c00:6::17df:d10d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d10d Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=77435
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Mon, 07 Oct 2024 19:07:45 GMT
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 290 KB
96 KB 171ms
171ms Script
application/javascript 142.251.40.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-812494211&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.136 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

a3503429dd448bce757b6024acfd1ff59e630912efc0d731231f498747303d50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Mon, 07 Oct 2024 19:07:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 18:23:07 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 98729
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
0 1ms
1ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: private,max-age=1800
content-encoding: gzip
etag: "803483b3aaadb1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1CBD747F3AC94C5A8035E9306527342D Ref B: CO1EDGE2607 Ref C: 2024-10-07T19:07:42Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14402
date: Mon, 07 Oct 2024 19:07:42 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 15:43:41 GMT
vary: Accept-Encoding

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 218 KB
78 KB 191ms
190ms Script
application/javascript 142.251.40.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-8541430&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.136 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

0efb6cd8769db3db5a13e6c0118238f6bfd7114e84459aea4fc9499887b6876b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Mon, 07 Oct 2024 19:07:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 18:23:07 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 80035
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 285ms
110ms Script
text/javascript 2606:4700::6812:1247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1247 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: public, max-age=1200
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 42116
via: 1.1 google
cf-ray: 8cf02d0b896b2acd-LAX
expires: Mon, 07 Oct 2024 19:27:45 GMT
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/javascript
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 177ms
87ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

server: cloudflare
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
etag: W/"b2877da906a3216c4f3fc4030b205e54"
age: 33932
via: 1.1 da2461b9060bf6aac3082da0d5161794.cloudfront.net (CloudFront)
cf-ray: 8cf02d0b0d561020-LAX
x-cache: Hit from cloudfront
x-amz-cf-id: NFqZUcWAZWuEGwUXlAlFrtWz25BGClxt6gMBNm1mn6DqN84vd6xMhg==
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/javascript
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
vary: Accept-Encoding
x-amz-cf-pop: LAX50-P4

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 22 KB
22 KB 226ms
70ms Script
text/javascript 35.244.142.80
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
x-goog-hash: crc32c=NZyeaA==, md5=Tt3uyVr9qWmz0bL7lwwesQ==
etag: "4eddeec95afda969b3d1b2fb970c1eb1"
age: 2170
x-goog-stored-content-encoding: identity
expires: Mon, 07 Oct 2024 19:31:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 22096
date: Mon, 07 Oct 2024 18:31:35 GMT
last-modified: Tue, 25 Jun 2024 13:55:49 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY0h8sISF9k28Ko_zmatHWXMtUlVAubM0cnTTPkHWaZIg25EuNLPZn5IUMiD0luY2gpVzTg
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1719323749654301
content-length: 22096
server: UploadServer

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 49 KB
12 KB 431ms
145ms Script
application/x-javascript 3.168.97.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.168.97.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-168-97-94.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8b9d0d77fab58e1e1ec4fd77f06ecebedf37e54ad7b3a3f0d6641de0204fcaa9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: W/"6456d197d494e7ee00da27310d2f1993"
Age: 63178
Connection: keep-alive
Via: 1.1 bcba63317be8c4e9a4e9a6f5ec2b6c14.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: jycM7Mh4p16GmUB96uFZSMv0p7hmupB9wVCMS_mvQgHFvScValsdzA==
Date: Mon, 07 Oct 2024 01:34:48 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 03 Oct 2024 02:53:02 GMT
Server: AmazonS3
X-Amz-Cf-Pop: JFK52-P6
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 19 KB
6 KB 530ms
133ms Script
application/javascript 52.7.151.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cb=55707508224138344term=value
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.151.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-151-245.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 02a0f616e6a419dab41683866f390d5be86f9d9309c8540a3109e32f71cb9216

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

transfer-encoding: chunked
content-encoding: gzip
x-envoy-upstream-service-time: 3
expires: Thu, 01 Jan 1970 00:00:00 GMT
be: spx-prod
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/javascript;charset=utf-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: istio-envoy

GET
H2 200 rudder-analytics.min.js Show response
cdn.rudderlabs.com/v1.1/ 124 KB
0 0ms
0ms Script
application/javascript 2600:9000:26fa:da00:16:a497:9700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26fa:da00:16:a497:9700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f00bcec7905b2b58275c21018b38b6b381d91ae0a47a4ab091843e9d8434e3fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

vary: Accept-Encoding
cache-control: max-age=3600
content-encoding: br
etag: W/"1964272a93ab9d666763e63dce857c09"
age: 1091
via: 1.1 db3aadb774ec5a569953130c5f0264d0.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: -ZIKzRHqTzNM_NuRR_XslJS9sRR32qiDKrO-CX3XKPXx3UI8Ch1B1w==
date: Mon, 07 Oct 2024 18:49:34 GMT
content-type: application/javascript
last-modified: Thu, 03 Oct 2024 10:34:34 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P1
x-amz-server-side-encryption: AES256

GET
H2 200 /
www.facebook.com/tr/ 0
121 B 135ms
132ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&rl=&if=false&ts=1728328065639&sw=1600&sh=1200&v=2.9.170&r=stable&ec=1&o=12318&fbp=fb.1.1728328062823.262621782154733197&cs_est=true&ler=empty&cdl=API_unavailable&it=1728328062619&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=136, rtx=0, c=10, mss=1297, tbw=6732, tp=-1, tpl=-1, uplat=0, ullat=1
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
1 KB 181ms
179ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&rl=&if=false&ts=1728328065639&sw=1600&sh=1200&v=2.9.170&r=stable&ec=1&o=12318&fbp=fb.1.1728328062823.262621782154733197&cs_est=true&ler=empty&cdl=API_unavailable&it=1728328062619&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423112516194384876"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423112516194384876"}],"group":"network-errors"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x3b296dc5458c63f9","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"3":["3001895343270814"]},"debug_reporting":true,"debug_key":"797425130702650173"}
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: 0SrVOqsqUUXbzCB4w0Bu/b0m0H/oTSy0hPHPk/2GXos5CRcYx/Ugpg6nMZvVVKZslf1XBcpGRn8LTiJeYGiMcA==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7423112516194384876", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
cache-control: private, no-store, no-cache, must-revalidate
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=136, rtx=0, c=10, mss=1297, tbw=6897, tp=-1, tpl=-1, uplat=47, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 favicon-32x32.ico
www.zscaler.com/favicons/ 4 KB
987 B 144ms
138ms Other
image/vnd.microsoft.icon 2606:4700::6812:1d4a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/favicons/favicon-32x32.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d4a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public,max-age=0,must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"875ed25f85201afbfc383f6b833f32c5-ssl"
age: 85
x-content-type-options: nosniff
cf-ray: 8cf02d0a99ed7ce0-LAX
x-nf-request-id: 01J9M62RN2HEJRE4W8E6QY766G
date: Mon, 07 Oct 2024 19:07:45 GMT
cache-status: "Netlify Edge"; hit
content-type: image/vnd.microsoft.icon
server: cloudflare

POST
H3 204 collect
analytics.google.com/g/ 0
0 98ms
96ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4a20v883639532z871607006za200&_p=1728328062164&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&gdid=dYWJhMj&cid=1989145454.1728328063&ecid=2125701858&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sid=1728328063&sct=1&seg=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&dt=Pikabot%20Updates%20%7C%20ThreatLabz&_s=3&tfd=9328
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.zscaler.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/plain
server: Golfe2

POST
H3 204 collect
analytics.google.com/g/ 0
0 97ms
96ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4a20v883639532z871607006za200&_p=1728328062164&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&gdid=dYWJhMj&cid=1989145454.1728328063&ecid=2125701858&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=Ag&_s=4&sid=1728328063&sct=1&seg=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&dt=Pikabot%20Updates%20%7C%20ThreatLabz&en=form_interaction&ep.author_name=Nikolaos%20Pantazopoulos&ep.blog_child_category=Threatlabz%20Research&ep.blog_parent_category=Security%20Research&ep.content_group=Blogs&epn.hit_timestamp=1728328065718&ep.loading_time_seconds=0&ep.nid=75241&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&ep.site_classification=marketing&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=1944&epn.event_action=3&_et=8&tfd=9332
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.zscaler.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/plain
server: Golfe2

POST
H3 204 collect
analytics.google.com/g/ 0
0 96ms
96ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4a20v883639532za200&_p=1728328062164&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&gdid=dYWJhMj&cid=1989145454.1728328063&ecid=2125701858&ul=en-us&sr=1600x1200&are=1&frm=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pae=1&_eu=AAg&_s=5&sid=1728328063&sct=1&seg=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&dt=Pikabot%20Updates%20%7C%20ThreatLabz&en=marketo_form_view&ep.author_name=Nikolaos%20Pantazopoulos&ep.blog_child_category=Threatlabz%20Research&ep.blog_parent_category=Security%20Research&ep.content_group=Blogs&epn.hit_timestamp=1728328065718&ep.loading_time_seconds=0&ep.nid=75241&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&ep.site_classification=marketing&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=1944&epn.event_action=3&_et=2&tfd=9353
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.zscaler.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/plain
server: Golfe2

POST
H3 204 collect
analytics.google.com/g/ 0
0 100ms
100ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4a20v883639532z871607006za200&_p=1728328062164&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&gdid=dYWJhMj&cid=1989145454.1728328063&ecid=2125701858&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=Ag&_s=6&sid=1728328063&sct=1&seg=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&dt=Pikabot%20Updates%20%7C%20ThreatLabz&en=form_interaction&ep.author_name=Nikolaos%20Pantazopoulos&ep.blog_child_category=Threatlabz%20Research&ep.blog_parent_category=Security%20Research&ep.content_group=Blogs&epn.hit_timestamp=1728328065739&ep.loading_time_seconds=0&ep.nid=75241&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&ep.site_classification=marketing&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=7971&epn.event_action=3&_et=11&tfd=9357
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.zscaler.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/plain
server: Golfe2

OPTIONS
H2 204 page
analytics.revsure.cloud/v1/ Frame 0
0 293ms
120ms Preflight 34.120.2.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.revsure.cloud/v1/page
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.2.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.2.120.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymousid,authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: anonymousid,authorization,content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.zscaler.com
access-control-max-age: 900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:45 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google

POST
H2 200 page Show response
analytics.revsure.cloud/v1/ 2 B
80 B 144ms
141ms XHR
text/plain 34.120.2.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.revsure.cloud/v1/page
Requested by: Host: cdn.rudderlabs.com
URL: https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.2.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.2.120.34.bc.googleusercontent.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

AnonymousId: MmZjYjUwMTUtYmYxOS00ODg1LWI1Y2EtNTlmMGYyMWMzM2Rj
Authorization: Basic MmlXMTZDWWZNV3c1dENSRFpWYnlYR1ZXTE5SOg==
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.zscaler.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: text/plain; charset=utf-8
vary: Origin

GET ee99d0bd-c596-4586-963f-36e4d23ba347
https://www.zscaler.com/ Frame 0
0

GET
H3 200 5fc42c93de2eab0609c4aca20003d15e.js Show response
script.crazyegg.com/pages/versioned/trackingpagestate-scripts/ 20 KB
8 KB 99ms
99ms Script
text/javascript 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/trackingpagestate-scripts/5fc42c93de2eab0609c4aca20003d15e.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7701282ea59743a1d336ee5ede4e6805ca9572c28ad013fa956fb39f18de0d69

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
content-encoding: gzip
cf-bgj: minify
cf-cache-status: HIT
age: 7819
cf-ray: 8cf02d0b6c77ceb9-SJC
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/javascript
last-modified: Thu, 03 Oct 2024 17:43:53 GMT
vary: Accept-Encoding
server: cloudflare

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 188ms
115ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://www.zscaler.com
apigw-requestid: fSysWhjjPHcEMNg=
cf-cache-status: DYNAMIC
cf-ray: 8cf02d0c0b26db59-LAX
date: Mon, 07 Oct 2024 19:07:45 GMT
server: cloudflare
vary: Origin
via: 1.1 79bb2c81d48dba236286a1c7e99eb6f4.cloudfront.net (CloudFront)
x-amz-cf-id: tm55tBh8aDAoZxn-uvgBo56KM8oJQ7Q_N86geixkREAfEs7iabfCsQ==
x-amz-cf-pop: LAX50-P4
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
559 B 118ms
117ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1bd0f17fcc9806bc57f287b9f65bb309de268110957f9d2a73614af6ae0984fc

Request headers

Authorization: Bearer e6609b6e9a1669129391
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT

Response headers

server: cloudflare
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"cb-VJEWFbvrnaHzCkpxO54gBvnUNsw"
via: 1.1 2ec67fd94557d4806c5b473c972cb654.cloudfront.net (CloudFront)
cf-ray: 8cf02d0ccc04db59-LAX
apigw-requestid: fSysXgW4PHcESWA=
access-control-allow-origin: https://www.zscaler.com
x-cache: Miss from cloudfront
x-amz-cf-id: M1rgrLcPMWAue2rgfsS5HcDGV5diJgaGf_6oMfqrcLTRyV3_4i826Q==
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
vary: Origin
x-amz-cf-pop: LAX50-P4

GET
H3 200 46f6ad988f8cf57218f3c18f0e8273fb.js Show response
script.crazyegg.com/pages/versioned/tracking-scripts/ 95 KB
31 KB 103ms
103ms Script
text/javascript 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/tracking-scripts/46f6ad988f8cf57218f3c18f0e8273fb.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6635.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fc84674bc35b739d5e31f0540890fd8b8dbd23f96931a65e0de4c5d83c1925a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
content-encoding: gzip
cf-bgj: minify
cf-cache-status: HIT
age: 7820
cf-ray: 8cf02d0c1d1cceb9-SJC
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: text/javascript
last-modified: Fri, 27 Sep 2024 12:54:37 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
441 B 157ms
154ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1728328065928&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
ibc_rate_tier: 2334982
Referer: https://www.zscaler.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-encoding: identity
expires: Mon, 07 Oct 2024 20:07:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 43
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: image/gif
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
vary: Origin
x-guploader-uploadid: AHmUCY1Wl4M_yYUG6Nq4iUnMCPSkc6jeyAXuunJaXVanKJFhWX1ponmqd4-FC1cst9fPT7ULLBo
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1670534369365034
content-length: 43
server: nginx/1.20.2

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 308ms
143ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1728328065928&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 07 Oct 2024 19:07:46 GMT
expires: Mon, 07 Oct 2024 19:07:46 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: AHmUCY0QNpiL0GHUVKowyof5zRGEhbhj-uCSYb-rAiJNdXaDgk7O0VDYnaMNySn13ePci92mRjs

OPTIONS
H2 200 ingest
pixels.spotify.com/v1/ Frame 0
0 274ms
118ms Preflight 2600:1901:1:7c5::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixels.spotify.com/v1/ingest
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:1:7c5:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-origin: https://www.zscaler.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 07 Oct 2024 19:07:46 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

POST
H2 200 ingest Show response
pixels.spotify.com/v1/ 52 B
271 B 125ms
122ms Fetch
application/json 2600:1901:1:7c5::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.spotify.com/v1/ingest

Requested by

Host: cdn.pdst.fm
URL: https://cdn.pdst.fm/ping.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:7c5:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

b9c3a3a5543d46f275eeb107f39abb8b65c8d7327f657b5d48f6b3ee5dd2911a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

strict-transport-security: max-age=31536000
grpc-status: 0
content-encoding: gzip
x-envoy-upstream-service-time: 1
x-content-type-options: nosniff
via: HTTP/2 edgeproxy, 1.1 google
grpc-accept-encoding: gzip,x-snappy-framed
access-control-allow-origin: https://www.zscaler.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/json
vary: Accept-Encoding
grpc-encoding: identity
server: envoy

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 154ms
153ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A44%20GMT%22%2C%22timeSpent%22%3A%221007%22%2C%22totalTimeSpent%22%3A%221007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a04%3Ac604%3A615%3A1%3A%3A6&v=1.1.28

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:46 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 5 KB
2 KB 173ms
172ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1728328065993&cv=11&fst=1728328065993&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967z871607006za201zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-812494211&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

82cb48259676d52012779b374e0d3110729d6631ab48cf5ab565b8320396dd03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2380
date: Mon, 07 Oct 2024 19:07:46 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 812494211
td.doubleclick.net/td/rul/ Frame 21BE 0
0 176ms
175ms Document
text/html 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/812494211?random=1728328065993&cv=11&fst=1728328065993&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967z871607006za201zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-812494211&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.2 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 19:07:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=CPLv2eP7_IgDFbydgwgdZU4qag;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-...
8541430.fls.doubleclick.net/ Frame 4965
Redirect Chain

https://8541430.fls.doubleclick.net/activityi;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2F...
https://8541430.fls.doubleclick.net/activityi;dc_pre=CPLv2eP7_IgDFbydgwgdZU4qag;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler....

0
0

165ms
163ms

Document
text/html

142.250.81.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8541430.fls.doubleclick.net/activityi;dc_pre=CPLv2eP7_IgDFbydgwgdZU4qag;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT;gdid=dYWJhMj;ps=1;pcor=275938303;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9189953520z871607006za201zb71607006;gcd=13l3l3l3l1l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-8541430&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.230 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 386
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 19:07:46 GMT
expires: Mon, 07 Oct 2024 19:07:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 19:07:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8541430.fls.doubleclick.net/activityi;dc_pre=CPLv2eP7_IgDFbydgwgdZU4qag;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT;gdid=dYWJhMj;ps=1;pcor=275938303;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9189953520z871607006za201zb71607006;gcd=13l3l3l3l1l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activityi;fledge=1;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT;gdid=dY...
td.doubleclick.net/td/fls/rul/ Frame 371C 0
0 179ms
176ms Document
text/html 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT;gdid=dYWJhMj;ps=1;pcor=275938303;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9189953520z871607006za201zb71607006;gcd=13l3l3l3l1l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-8541430&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.2 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 19:07:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activity;register_conversion=1;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIK...
ad.doubleclick.net/ 0
22 B 348ms
196ms Image
image/png 142.251.40.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=8541430;type=zscal00;cat=zscal0;ord=1003107037895;npa=0;auiddc=296090303.1728328064;u1=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT;gdid=dYWJhMj;ps=1;pcor=275938303;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9189953520z871607006za201zb71607006;gcd=13l3l3l3l1l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.134 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 07 Oct 2024 19:07:46 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"14657830610944092817"}],"aggregatable_trigger_data":[{"filters":[{"14":["94252198"]}],"key_piece":"0x8ca35ae971f61f88","source_keys":["12","13","14","15","16","17","18","19","20","21","638536600","638536601","638536602","638536603","640991192","640991193","640991194","640991195"]},{"key_piece":"0xeb9f7a80f9f46f0a","not_filters":{"14":["94252198"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","638536600","638536601","638536602","638536603","640991192","640991193","640991194","640991195"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"638536600":43,"638536601":43,"638536602":43,"638536603":4237,"640991192":65,"640991193":65,"640991194":65,"640991195":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"563535273957950231","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"14657830610944092817","filters":[{"14":["94252198"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"14657830610944092817","filters":[{"14":["94252198"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"14657830610944092817","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"14657830610944092817","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["8541430"]}}
content-type: image/png
x-xss-protection: 0
server: cafe

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
765 B 265ms
119ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Referer: https://www.zscaler.com/

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 000623e7bc7291d211eff7b8be7502b9
x-msedge-ref: Ref A: FDFCBF24416B4187872CD19C833742BE Ref B: LAX311000108021 Ref C: 2024-10-07T19:07:46Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYj57xykdIR7/e4vnUCuQ==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 19:07:45 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1728328066116%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblog...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookiesTest=true&liSync=true&e_ipv6=...

0
489 B

296ms
137ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookiesTest=true&liSync=true&e_ipv6=AQLgnU7in6I27wAAAZJoYWc1HHI_ppDL5Dx_PeybvHC2MeHkOL5YxWRkZj-NF_JffYntzg
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 34E8C3074F2B4354BD125CB6591F8108 Ref B: LAX311000112029 Ref C: 2024-10-07T19:07:47Z
x-li-fabric: prod-lor1
x-li-uuid: AAYj57x/FBbAwPnKtcnTEg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1728328066116&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookiesTest=true&liSync=true&e_ipv6=AQLgnU7in6I27wAAAZJoYWc1HHI_ppDL5Dx_PeybvHC2MeHkOL5YxWRkZj-NF_JffYntzg
x-msedge-ref: Ref A: 2623573A6FE64AC78930931495F129F7 Ref B: LAX311000111023 Ref C: 2024-10-07T19:07:46Z
x-li-fabric: prod-lor1
x-li-uuid: AAYj57x7COrDSH+r4Yu3Pw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 07 Oct 2024 19:07:46 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

260ms
132ms

Script
application/javascript

2600:9000:23cb:800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Protocol: HTTP/1.1
Server: 2600:9000:23cb:800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Access-Control-Max-Age: 600
X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 26935
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: cEJVBKdsFp4AqrZ-WVJeEcjyFIRxr8dWtTDoX816K8dbuK5kKFPiOg==
Date: Mon, 07 Oct 2024 11:38:52 GMT
Content-Type: application/javascript
Vary: Accept-Encoding
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Access-Control-Allow-Headers: *
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 0
X-Amz-Cf-Pop: JFK50-P1
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

Redirect headers

Access-Control-Max-Age: 600
Age: 22444
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: xT_If41m1BuBTj8PA8pz8sdA3JAK0SQOz3lZipUclnMyC8XE1ZfV3w==
Date: Mon, 07 Oct 2024 12:53:42 GMT
Content-Type: application/xml
Access-Control-Allow-Headers: *
Location: https://s.adroll.com/j/pre/index.js
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 fcf7ae9d0acd31cfede668ccef6e2ace.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
Content-Length: 0
X-Amz-Cf-Pop: JFK50-P1
Server: AmazonS3

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/ 0
808 B 278ms
143ms Script
text/javascript 2600:9000:23cb:800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Access-Control-Max-Age: 600
X-Amz-Version-Id: WXoWnw3cjdC69cTPX8tPPgntsh1VkEUA
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 109
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: nmoVty_j1ngFKwbKGK4-fuhS2ebEgv99qHHRfOxh3AD61eJRkca5zQ==
Date: Mon, 07 Oct 2024 19:07:46 GMT
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Last-Modified: Sat, 05 Oct 2024 12:20:24 GMT
Access-Control-Allow-Headers: *
Cache-Control: max-age=3600, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 fcf7ae9d0acd31cfede668ccef6e2ace.cloudfront.net (CloudFront)
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 0
X-Amz-Cf-Pop: JFK50-P1
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

GET
H2

200

/
match.adsrvr.org/track/upb/ Frame 88EC
Redirect Chain

https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&upid=27hmsyx&upv=1.1.0&paapi=1
https://match.adsrvr.org/track/upb/?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&upid=27hmsyx&upv=1.1.0&paapi=1

0
0

97ms
94ms

Document
text/html

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/upb/?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&upid=27hmsyx&upv=1.1.0&paapi=1
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html
date: Mon, 07 Oct 2024 19:07:46 GMT
server: Kestrel
vary: Accept-Encoding

Redirect headers

content-length: 375
date: Mon, 07 Oct 2024 19:07:46 GMT
location: https://match.adsrvr.org/track/upb/?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&upid=27hmsyx&upv=1.1.0&paapi=1
server: Kestrel

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ Frame 0
0 279ms
179ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.zscaler.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8cf02d0e3df81692-SJC
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 19:07:46 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 90 KB
27 KB 219ms
118ms Script
application/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
cf-cache-status: DYNAMIC
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
age: 1994
content-encoding: gzip
x-goog-stored-content-encoding: identity
expires: Mon, 07 Oct 2024 19:34:32 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 91778
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: application/javascript
last-modified: Thu, 16 May 2024 10:14:37 GMT
x-guploader-uploadid: AHmUCY3b3nf-XgTdPxtk1HLs58ZxWpUnojph8pqG9ng9Wk4tsBynrQ2-kpIgWE0ujF2Lqs3BwXU
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
cf-ray: 8cf02d0e3a2d9453-SJC
x-goog-generation: 1715854477710382
server: cloudflare

GET
H3 200 / Show response
ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/ 3 KB
2 KB 314ms
220ms Fetch
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/64e6fa9ecd8305533d00dac1/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

ae105750fe6d4a9ff64d6723ed7c6d33af70b309bdfcee04b86e2d32cc46caec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: 4cc1c066b795ad8f0d511728328066
_vtok: MTYyLjI0NS4yMDYuMjQ1
visited-url: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Referer: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8cf02d0ffed4965e-SJC
access-control-allow-origin: https://www.zscaler.com
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 133ms
131ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.zscaler.com/

Response headers

access-control-allow-origin: https://www.zscaler.com
content-length: 0
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H3 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
64 B 160ms
159ms Image
image/gif 142.250.72.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1728328065993&cv=11&fst=1728327600000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v882815967z871607006za201zb71607006&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&hn=www.googleadservices.com&frm=0&tiba=Pikabot%20Updates%20%7C%20ThreatLabz&did=dYWJhMj&gdid=dYWJhMj&npa=0&pscdl=noapi&auid=296090303.1728328064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfBJaLlM0OCBZ2cqQR-P06Ii0DnxeH3KNvMvrl6Xx6aBdcDDlK&random=2610904249&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.72.100 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 07 Oct 2024 19:07:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H/1.1 200
OK is Show response
44.212.189.233/ 32 B
437 B 595ms
135ms Fetch
text/plain 44.212.189.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://44.212.189.233/is?cb=1728328066178
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cb=55707508224138344term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.212.189.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-212-189-233.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 8124544e0d4c275d07a116b2b775cc3554d6ad47304af14b8218006f0e2e202e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

x-envoy-upstream-service-time: 2
connection: close
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
x-application-context: application:prod:8080
content-length: 32
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: text/plain;charset=utf-8
server: istio-envoy
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header

GET
H2 200 font-awesome.min.css
cdn-app.pathfactory.com/web-fonts/font-awesome/ 28 KB
7 KB 140ms
139ms Stylesheet
text/css 52.85.61.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/font-awesome/font-awesome.min.css
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-125.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 14b6cfd9b2a41bf5ee498086b1fbe2e8a31b1f99d5e040d55bdbe2d95702b6ac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

vary: Accept-Encoding
content-encoding: gzip
x-amz-version-id: null
etag: W/"d96f1330ac4b04ce0b20d2206236e62c"
age: 86330
via: 1.1 a034e5b3e703810e3023d56d31897ebc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: ffUQE-2Mbvupov620ASWK3We2L5SR6ofHcJRERELlVpFsIKcmLxOng==
date: Sun, 06 Oct 2024 19:08:57 GMT
content-type: text/css
last-modified: Mon, 27 Mar 2023 14:54:50 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 roboto_lato.css
cdn-app.pathfactory.com/web-fonts/roboto_lato/ 5 KB
1 KB 140ms
140ms Stylesheet
text/css 52.85.61.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/roboto_lato.css
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-125.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a3e647bd139028a8b14cd0c42545d61fe316a4a42436a5602b44df99d8d416f3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

vary: Accept-Encoding
content-encoding: gzip
x-amz-version-id: null
etag: W/"6339b6205ef670ae453a1fa9e8740fd8"
age: 86330
via: 1.1 a034e5b3e703810e3023d56d31897ebc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: ys97a2FokBMlL_lFYKhPt242SJn0zCFt6nvxQovTTMjvsxcZr4VO8A==
date: Sun, 06 Oct 2024 19:08:57 GMT
content-type: text/css
last-modified: Mon, 27 Mar 2023 14:55:14 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

HEAD
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ 0
0 555ms
129ms Fetch
image/gif 44.197.110.75
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.110.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-110-75.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Content-Length: 43
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Mon, 07 Oct 2024 19:07:46 GMT
Content-Type: image/gif
Server: akka-http/10.0.9

GET
H2 204 website_forms Show response
jukebox.pathfactory.com/api/public/v1/ 0
409 B 169ms
155ms XHR
text/plain 54.197.61.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/website_forms?pfVisitorUuid=&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&clientId=LB-C77DA94E-11109

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.61.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-61-92.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 7200
x-request-id: 95822dc9-41f9-483f-a97e-c15a59b65559
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.zscaler.com
date: Mon, 07 Oct 2024 19:07:46 GMT
vary: Origin
x-runtime: 0.015477

OPTIONS
H2 200 website_forms
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 131ms
130ms Preflight 54.197.61.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/website_forms?pfVisitorUuid=&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&clientId=LB-C77DA94E-11109
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.61.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-61-92.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.zscaler.com
access-control-expose-headers
access-control-max-age: 7200
date: Mon, 07 Oct 2024 19:07:46 GMT

GET
H2 200 ULSJHTPGTZGY3EPPZSKHKS Show response
d.adroll.com/consent/check/ 567 B
1 KB 413ms
128ms Script
application/javascript 2600:1f18:61c0:2205:85fa:8573:b199:2df2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS?flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&_s=95b1c495139301524d03a8295aca82c0&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:61c0:2205:85fa:8573:b199:2df2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: d877144ebb70b3513aaa378f49bd4d47e5ff59a8d876511016d54ab3ad9ce019

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-length: 567
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 19:07:46 GMT
pragma: no-cache
content-type: application/javascript
server: nginx/1.22.1

GET
BLOB 200
OK 7e73be81-6b60-4cd9-ae7a-892d8d4c4fb4
https://www.zscaler.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.zscaler.com/7e73be81-6b60-4cd9-ae7a-892d8d4c4fb4
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif
Content-Length: 43

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 321 B
618 B 182ms
180ms Fetch
application/json 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Authorization: bearer 370c892e688e1744cd312ed1426b3a
Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"141-mLq6O+j3ZcyvZxAx4AvrvpOh24w"
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8cf02d112ff4965e-SJC
access-control-allow-origin: https://www.zscaler.com
x-powered-by: Express
server: cloudflare

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 198ms
195ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.zscaler.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8cf02d0fefd21692-SJC
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 19:07:46 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 iframe_content.html
x.adroll.com/pxl/ Frame 8602 0
0 399ms
131ms Document
text/html 2600:1f18:61c0:220a:6d89:c273:d52f:a25c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://x.adroll.com/pxl/iframe_content.html?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&advertisable=ULSJHTPGTZGY3EPPZSKHKS
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f18:61c0:220a:6d89:c273:d52f:a25c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.zscaler.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
ad-auction-allowed: true
content-encoding: zstd
content-length: 427
content-type: text/html
date: Mon, 07 Oct 2024 19:07:46 GMT
last-modified: Fri, 04 Oct 2024 21:57:34 GMT

GET
H2 200 22OEOVE2YNFA3EKSRERISY Show response
d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/ 446 B
1 KB 129ms
129ms Script
text/plain 2600:1f18:61c0:2205:85fa:8573:b199:2df2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookie=&adroll_s_ref=&keyw=&p0=5168&xa4=1
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:61c0:2205:85fa:8573:b199:2df2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 317e8773ed812f65272fb15d1e555d5653a0cfb59f5272172308a2ee93d54119

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

x-segment-display-name: Visitors to Unsegmented Pages
x-rule-type: p
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-conversion-currency
x-conversion-value: 0.00
x-segment-eid: XYPZFM5QENHXRH7RBBI5PW
x-advertisable-eid: ULSJHTPGTZGY3EPPZSKHKS
x-segment-name: *
content-length: 446
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 19:07:46 GMT
x-pixel-eid: 22OEOVE2YNFA3EKSRERISY
server: nginx/1.22.1
x-rule: *

GET
H2 200 22OEOVE2YNFA3EKSRERISY
ipv4.d.adroll.com/px4/ULSJHTPGTZGY3EPPZSKHKS/ 42 B
176 B 422ms
130ms Image
image/gif 54.225.48.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ipv4.d.adroll.com/px4/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cookie=&adroll_s_ref=&keyw=&p0=5168&xa4=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.48.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-48-29.compute-1.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-length: 42
date: Mon, 07 Oct 2024 19:07:47 GMT
pragma: no-cache
content-type: image/gif
server: nginx/1.22.1

GET 5d95f95c-7c10-43fb-aff2-ae9b421be89e
https://www.zscaler.com/ 0
0

GET
H2 200 sp.lite.js Show response
cdn-app.pathfactory.com/libraries/tracker/3.19.0/ 43 KB
15 KB 138ms
136ms Script
application/javascript 52.85.61.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/sp.lite.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-125.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 25462e537585513efd706d55cf4cd890b30f382ab96c0f6df75c41c1095d58ed

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

vary: Accept-Encoding
content-encoding: gzip
x-amz-version-id: null
etag: W/"1aed05295e6c59943103b6fa7150f848"
age: 67275
via: 1.1 a034e5b3e703810e3023d56d31897ebc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: s-49cTzWdC7A9_fEesNxBoCyP9bAYtoM5iRbXE90RZMTywRXVHzIUQ==
date: Mon, 07 Oct 2024 00:26:32 GMT
content-type: application/javascript
last-modified: Wed, 03 Jan 2024 16:25:31 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK XYPZFM5QENHXRH7RBBI5PW.js Show response
s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/ 7 KB
3 KB 135ms
134ms Script
text/javascript 2600:9000:23cb:800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7c00d4632bbc34c55332b5a4838113b408118e09c53070ef83fcfcf35d3a1bb9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Access-Control-Max-Age: 600
Content-Encoding: gzip
X-Amz-Version-Id: wPN2_8_nJq.d_5einW5an5sSwoYt.pm2
Etag: W/"da1ba64a60716e15f06d860c2e98705e"
Age: 3322
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: MwGWtgNkXMpbXzk9DALY96V4HlNHokYBpqEA77KFeG6Qi6dtilmqZA==
Date: Mon, 07 Oct 2024 18:15:06 GMT
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Last-Modified: Tue, 06 Aug 2024 01:46:52 GMT
Access-Control-Allow-Headers: *
Transfer-Encoding: chunked
Cache-Control: max-age=3600, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Amz-Cf-Pop: JFK50-P1
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

GET
H2 200 trigger
x.adroll.com/attribution/ 2 B
467 B 390ms
133ms Image
text/plain 2600:1f18:61c0:2209:ab9:7223:3aa0:6217
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.adroll.com/attribution/trigger?fpc=8baa9456e82e724a445120e115bbd84b&advertisable_eid=ULSJHTPGTZGY3EPPZSKHKS&conversion_type=PageView&conversion_value=0.00&currency=USC&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f18:61c0:2209:ab9:7223:3aa0:6217 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-length: 2
date: Mon, 07 Oct 2024 19:07:47 GMT
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0","priority":"0","deduplication_key":"9498402374244119637","filters":{"source_type":["event"]}},{"trigger_data":"0","priority":"0","deduplication_key":"9498402374244119637","filters":{"source_type":["navigation"]}}],"debug_key":"5600491328318625418","debug_reporting":true,"filters":{"0":["ULSJHTPGTZGY3EPPZSKHKS"]}}
content-type: text/plain; charset=utf-8

GET
H2 200 link-click.js Show response
cdn-app.pathfactory.com/libraries/tracker/3.19.0/plugin/ 6 KB
3 KB 135ms
134ms Script
application/javascript 52.85.61.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/plugin/link-click.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/sp.lite.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-125.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0927046a7f82a1f6e6e48d1115be04d8e053922775f03d0fdecef3b60e92f8cb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

vary: Accept-Encoding
content-encoding: gzip
x-amz-version-id: null
etag: W/"312554e163da7d1fad8823ce4ad2d17c"
age: 67270
via: 1.1 a034e5b3e703810e3023d56d31897ebc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: ASL6xihD0tCMTaZwMqIH9Y7Fs5PzViMrCGR4g7_vV-rz76W8RQ2cWw==
date: Mon, 07 Oct 2024 00:26:37 GMT
content-type: application/javascript
last-modified: Wed, 03 Jan 2024 16:25:40 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 8 KB
3 KB 133ms
132ms Script
text/javascript 2600:9000:23cb:800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 203987ff8bd021893a06303e163eeb294647081d8376b725bdacbc414cc4d035

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Access-Control-Max-Age: 600
Content-Encoding: gzip
X-Amz-Version-Id: kaomAQKNRR_7Pb.3Bms_Xue6LaAItEu.
Etag: W/"4a64112c69b3c4b3f104f38d9547a094"
Age: 239
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: GiK4KIIrCdlN8louAYk_bxxru46n9RCcUbFKeGU5ATgDWSTszd86NQ==
Date: Mon, 07 Oct 2024 19:03:49 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Last-Modified: Wed, 21 Jun 2023 16:22:01 GMT
Access-Control-Allow-Headers: *
Transfer-Encoding: chunked
Cache-Control: max-age=300, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Amz-Cf-Pop: JFK50-P1
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

GET
H3 200 476377582537549 Show response
connect.facebook.net/signals/config/ 25 KB
3 KB 201ms
200ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/476377582537549?v=2.9.170&r=stable&domain=www.zscaler.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112%2C199%2C198%2C200%2C205%2C206%2C207%2C203%2C195%2C131%2C133%2C162%2C194%2C196%2C121%2C156%2C144%2C150%2C188%2C189%2C128%2C231%2C115%2C125%2C126%2C232%2C164%2C118%2C234%2C165%2C135%2C122%2C153%2C147%2C113%2C127

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

c4709decb7d2124dc7bf1cad75988772215d9c9203bca3a72766fc9315ca9b1c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'unsafe-inline' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=131, rtx=0, c=91, mss=1232, tbw=87994, tp=84, tpl=0, uplat=67, ullat=0
pragma: public
x-fb-debug: JlloFyyN3+3ak1+5vR0ALxgdItXjGPyNak0bpXPf3xpdaKV5U9Ricty6652/BaDjzIAF8CvPRzmQc7BQADXMjw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2

200

sync
x.bidswitch.net/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PI...
https://x.bidswitch.net/sync?dsp_id=44&user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E

43 B
183 B

431ms
144ms

Image
image/gif

35.211.202.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E
Protocol: H2
Server: 35.211.202.130 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 130.202.211.35.bc.googleusercontent.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: image/gif

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://x.bidswitch.net/sync?dsp_id=44&user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E
content-length: 96
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 19:07:47 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H3

200

receive
pixel.tapad.com/idsync/ex/
Redirect Chain

https://d.adroll.com/cm/experian/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolu...
https://pixel.tapad.com/idsync/ex/receive?partner_id=3521&partner_device_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3521&partner_device_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=d162394c-d9c8-4fe3-ab5e-a503d0ba08ff%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=6d30d8aa-fa47-4d83-8646-ec04036a23d1&ttd_puid=d162394c-d9c8-4fe3-ab5e-a503d0ba08ff%2C%2C

95 B
124 B

100ms
100ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=6d30d8aa-fa47-4d83-8646-ec04036a23d1&ttd_puid=d162394c-d9c8-4fe3-ab5e-a503d0ba08ff%2C%2C

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 95
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: image/png
server: Jetty(11.0.13)

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=6d30d8aa-fa47-4d83-8646-ec04036a23d1&ttd_puid=d162394c-d9c8-4fe3-ab5e-a503d0ba08ff%2C%2C
content-length: 359
date: Mon, 07 Oct 2024 19:07:47 GMT
server: Kestrel

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PI...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=PvJdoxlmnAxikSCaAlgCOg
https://d.adroll.com/cm/g/in

42 B
821 B

129ms
128ms

Image
image/gif

2600:1f18:61c0:2205:85fa:8573:b199:2df2
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Server: 2600:1f18:61c0:2205:85fa:8573:b199:2df2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-result: g.-1.-1.-1
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: image/gif
server: nginx/1.22.1

Redirect headers

cache-control: no-cache, must-revalidate
location: https://d.adroll.com/cm/g/in
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 225
date: Mon, 07 Oct 2024 19:07:47 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolutio...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expiration=1759864067
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expiration=1759864067&C=1

43 B
340 B

92ms
91ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expiration=1759864067&C=1
Protocol: H2
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NC%2B44dfivn6eyPQ1dqM%2FhvC2co0sedOZcDDONPRSPzjKaGLGxZCfJ06hm65cTFyj32IjzjyQ4MDaJF1DRvNStMP%2Fb4IUt%2B6GQ9YQyLZWSiawZgPfRlqVa9yVJT4u7VOrfjCSAKN%2BUsszxw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf02d14edec1510-LAX
expires: 0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: image/gif
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: no-cache
location: /rum?cm_dsp_id=105&external_user_id=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expiration=1759864067&C=1
cf-cache-status: DYNAMIC
pragma: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBNUFlUmGbekg9DhbkwU5tzbR1A3dUiQoXr%2FXCxFGaNGESFENrvNsCA6ODdJP4HaD7YI0hOLP2SVjGQVYMwP4g2kGFrH0dlNfT9n%2FZqjiZ3j6EkKYdAfTrBueWR4O2IgrsiogChn2iqFxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf02d145d5a1510-LAX
expires: 0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Mon, 07 Oct 2024 19:07:47 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2

200

db_sync
px.ads.linkedin.com/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PI...
https://idsync.rlcdn.com/377928.gif?partner_uid=3ef25da319669c0c6291209a0258023a
https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogM2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2EQABoNCIPjkLgGEgUI6AcQAEIASgA
https://pippio.com/api/sync?pid=5324&it=1&iv=2c07ca7445a35960d77ccd3cc08f3e523f8bc835839b865d875e3fd359a8d35a791426b5417dce21&_=2
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=2c07ca7445a35960d77ccd3cc08f3e523f8bc835839b865d875e3fd359a8d35a791426b5417dce21&rand=01815885

0
143 B

111ms
111ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/db_sync?pid=10339&puuid=2c07ca7445a35960d77ccd3cc08f3e523f8bc835839b865d875e3fd359a8d35a791426b5417dce21&rand=01815885
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 73BC8D674C374228B40B1C0523312D51 Ref B: LAX311000111023 Ref C: 2024-10-07T19:07:47Z
x-li-fabric: prod-lor1
x-li-uuid: AAYj57yJDNKfUSPD64RDkQ==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 07 Oct 2024 19:07:47 GMT

Redirect headers

cache-control: no-cache, no-store
timing-allow-origin: *
location: https://px.ads.linkedin.com/db_sync?pid=10339&puuid=2c07ca7445a35960d77ccd3cc08f3e523f8bc835839b865d875e3fd359a8d35a791426b5417dce21&rand=01815885
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
date: Mon, 07 Oct 2024 19:07:47 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PI...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expires=365

42 B
1 KB

387ms
128ms

Image
image/gif

69.173.146.5
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expires=365
Protocol: HTTP/1.1
Server: 69.173.146.5 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a63e28342bd5b2027f26e8b97631d66b
Pragma: no-cache
content-length: 42
Content-Type: image/gif

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&expires=365
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 19:07:47 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PI...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=3ef25da319669c0c6291209a0258023a&gdpr=0&gdpr_consent=
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=3ef25da319669c0c6291209a0258023a&gdpr=0&gdpr_consent=

43 B
171 B

98ms
97ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=3ef25da319669c0c6291209a0258023a&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 07 Oct 2024 19:07:46 GMT
content-type: image/gif
vary: Accept
server: OXGW/0.0.0

Redirect headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=3ef25da319669c0c6291209a0258023a&gdpr=0&gdpr_consent=
p3p: CP="CUR ADM OUR NOR STA NID"
content-length: 0
date: Mon, 07 Oct 2024 19:07:46 GMT
server: OXGW/0.0.0

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolu...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
360 B

448ms
148ms

Image
text/plain

70.42.32.95
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.outbrain.com/cookie-sync?p=adroll&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=&us_privacy=1YN-

Protocol

HTTP/1.1

Server

70.42.32.95 , United States, ASN13789 (INTERNAP-BLK3, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
content-length: 0
date: Mon, 07 Oct 2024 19:07:47 GMT
x-traceid: 2f7a11b300e47c1f3e7c3131dd80023e

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=&us_privacy=1YN-
content-length: 137
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 19:07:47 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolu...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXy...

42 B
586 B

400ms
133ms

Image
image/gif

207.65.37.184
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: H2
Server: 207.65.37.184 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-store, no-cache, private
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: image/gif; charset=utf-8
server: nginx

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
content-length: 212
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 19:07:47 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PI...
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

0
130 B

132ms
132ms

Image
text/html

3.225.218.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

Protocol

Server

3.225.218.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-225-218-10.compute-1.amazonaws.com

Software

ATS/9.1.10.137 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Mon, 07 Oct 2024 19:07:47 GMT
age: 0
content-type: text/html
server: ATS/9.1.10.137

Redirect headers

strict-transport-security: max-age=31536000
location: https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
content-length: 0
date: Mon, 07 Oct 2024 19:07:47 GMT
age: 0
server: ATS/9.1.10.137

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolut...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E

0
366 B

429ms
139ms

Image
text/plain

141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E
Protocol: H2
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

x-fastly-to-nlb-rtt: 137878
date: Mon, 07 Oct 2024 19:07:47 GMT
server: nginx
access-control-allow-credentials: true

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 19:07:47 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evo...
https://eb2.3lift.com/xuid?mid=4714&xuid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

37 B
476 B

137ms
136ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
Protocol: H2
Server: 52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: image/gif

Redirect headers

cache-control: no-cache, no-store, must-revalidate
location: /xuid?ld=1&mid=4714&xuid=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Mon, 07 Oct 2024 19:07:47 GMT

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=8baa9456e82e724a445120e115bbd84b-1728328066648&flg=1&pv=48812116609.030754&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PI...
https://ib.adnxs.com/setuid?entity=172&code=M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DM2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E

43 B
1 KB

141ms
140ms

Image
image/gif

68.67.161.182
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DM2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E

Protocol

Server

68.67.161.182 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 162.245.206.245; 162.245.206.245; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: a648c171-89bb-47fa-8870-ad03dd47d20d
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 07 Oct 2024 19:07:47 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, private
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DM2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 162.245.206.245; 162.245.206.245; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 1d286e9e-6f92-4651-bf9c-7b4feadd2acf
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 07 Oct 2024 19:07:47 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 144ms
144ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A45%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222008%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a04%3Ac604%3A615%3A1%3A%3A6&v=1.1.28

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:47 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H/1.1 200
OK st Show response
px.mountain.com/ 2 KB
1 KB 410ms
102ms Script
application/javascript 52.89.99.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=1989145454.1728328063&shpt=Pikabot%20Updates%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221728328063%22%7D%2C%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%221989145454.1728328063%22%2C%22shpt%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221989145454.1728328063%22%2C%22dcm_gid%22%3A%22489379032.1728328064%22%2C%22mntnis%22%3A%22%2FHaH9sXGU1nxXcuIzdVu89ApfUULW21P%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A4%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1989145454.1728328063&dcm_gid=489379032.1728328064&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221728328063%22%7D%2C%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cb=55707508224138344term%3Dvalue&shoid=%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Csegment%3Dtrue%2Cga4%3Dtrue
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cb=55707508224138344term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.89.99.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-99-220.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 76fd1ee7974308fe5fd89f36a472e30e1ddf2f8465fed557f8f03dca2f25ea2a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

transfer-encoding: chunked
content-encoding: gzip
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: application/javascript;charset=utf-8
server: istio-envoy

OPTIONS
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ Frame 0
0 128ms
127ms Preflight 44.197.110.75
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.110.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-110-75.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.zscaler.com
Access-Control-Max-Age: 5
Connection: keep-alive
Content-Length: 0
Date: Mon, 07 Oct 2024 19:07:47 GMT
Server: akka-http/10.0.9

OPTIONS
H2 200 tp2
jukebox.pathfactory.com/com.snowplowanalytics.snowplow/ Frame 0
0 130ms
130ms Preflight 54.197.61.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.61.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-61-92.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.zscaler.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.zscaler.com
access-control-expose-headers
access-control-max-age: 7200
date: Mon, 07 Oct 2024 19:07:47 GMT

POST
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ 2 B
460 B 513ms
130ms Ping
text/plain 44.197.110.75
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/sp.lite.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.110.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-110-75.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.zscaler.com/

Response headers

Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.zscaler.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length: 2
Date: Mon, 07 Oct 2024 19:07:47 GMT
Content-Type: text/plain; charset=UTF-8
Server: akka-http/10.0.9

POST
H2 200 tp2
jukebox.pathfactory.com/com.snowplowanalytics.snowplow/ 0
510 B 152ms
150ms Ping
text/html 54.197.61.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/com.snowplowanalytics.snowplow/tp2

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/sp.lite.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.61.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-61-92.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.zscaler.com/

Response headers

access-control-max-age: 7200
content-security-policy
access-control-expose-headers
cache-control: no-cache
content-encoding: gzip
x-request-id: 86d245fc-c7e6-4c10-a58e-047726c30f48
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.zscaler.com
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: text/html
vary: Origin, Accept-Encoding
x-runtime: 0.017985

GET
H3 200 /
www.facebook.com/tr/ 0
19 B 132ms
132ms Image
text/plain 157.240.241.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=476377582537549&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&rl=&if=false&ts=1728328067147&cd[segment_eid]=XYPZFM5QENHXRH7RBBI5PW&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12317&fbp=fb.1.1728328062823.262621782154733197&ler=empty&cdl=API_unavailable&it=1728328062619&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=129, rtx=0, c=26, mss=1232, tbw=8443, tp=18, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
192 B 601ms
601ms Image
image/png 157.240.241.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=476377582537549&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&rl=&if=false&ts=1728328067147&cd[segment_eid]=XYPZFM5QENHXRH7RBBI5PW&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12317&fbp=fb.1.1728328062823.262621782154733197&ler=empty&cdl=API_unavailable&it=1728328062619&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-lga3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423112525715712953"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: GJjIdqyWsu/sr1mWSlALV0f/FwDOXmwIIFErQyfshQc4H75bM42yCIghulxgsNH4MfDHs/MKeecsY6uDFyF3kA==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7423112525715712953", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=129, rtx=0, c=26, mss=1232, tbw=8811, tp=21, tpl=0, uplat=468, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 132ms
131ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.zscaler.com/

Response headers

access-control-allow-origin: https://www.zscaler.com
content-length: 0
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
198 B 108ms
107ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 9A6BB7714D40474FB364E177EFA09F34 Ref B: LAX311000111023 Ref C: 2024-10-07T19:07:47Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYj57yBTVz+bEn8vP88NQ==
x-li-proto: http/2
access-control-allow-origin: https://www.zscaler.com
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 19:07:46 GMT
vary: Origin

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
16 B 135ms
133ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.zscaler.com/

Response headers

access-control-allow-origin: https://www.zscaler.com
content-length: 0
date: Mon, 07 Oct 2024 19:07:47 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H/1.1 200
OK gs Show response
gs.mountain.com/ 144 B
733 B 420ms
105ms Script
application/javascript 52.12.117.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gs.mountain.com/gs
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=1989145454.1728328063&shpt=Pikabot%20Updates%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221728328063%22%7D%2C%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%221989145454.1728328063%22%2C%22shpt%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221989145454.1728328063%22%2C%22dcm_gid%22%3A%22489379032.1728328064%22%2C%22mntnis%22%3A%22%2FHaH9sXGU1nxXcuIzdVu89ApfUULW21P%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A4%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1989145454.1728328063&dcm_gid=489379032.1728328064&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221728328063%22%7D%2C%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cb=55707508224138344term%3Dvalue&shoid=%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Csegment%3Dtrue%2Cga4%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.12.117.226 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-12-117-226.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: a1f04ecd2576cc6d0ddcbb9ad07860327ea0a94995bd49755b105b7f842451d2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: public, max-age=31536000
x-envoy-upstream-service-time: 2
connection: close
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
x-application-context: application:prod:8080
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date: Mon, 07 Oct 2024 19:07:47 GMT
content-length: 144
content-type: application/javascript;charset=utf-8
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: istio-envoy
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header

GET
H/1.1 200
OK st Show response
px.mountain.com/ 6 KB
2 KB 320ms
126ms Script
application/javascript 52.89.99.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=1989145454.1728328063&shpt=Pikabot%20Updates%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221728328063%22%7D%2C%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%221989145454.1728328063%22%2C%22shpt%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221989145454.1728328063%22%2C%22dcm_gid%22%3A%22489379032.1728328064%22%2C%22mntnis%22%3A%22%2FHaH9sXGU1nxXcuIzdVu89ApfUULW21P%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A4%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1989145454.1728328063&dcm_gid=489379032.1728328064&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221728328063%22%7D%2C%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&shoid=%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Csegment%3Dtrue%2Cga4%3Dtrue&cb=1728328067341346&shguid=80dcfb29-2c65-3112-9e12-6ee483fa28a4&shgts=1728328067763
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-10SPJ4YJL9%3BUA-6177009-1&ga_client_id=1989145454.1728328063&shpt=Pikabot%20Updates%20%7C%20ThreatLabz&ga_info=%7B%22status%22%3A%22OK%22%2C%22available_ga%22%3A%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221728328063%22%7D%2C%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%5D%2C%22hardcoded_ga%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_tracking_id%22%3A%22G-10SPJ4YJL9%3BUA-6177009-1%22%2C%22ga_client_id%22%3A%221989145454.1728328063%22%2C%22shpt%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%2C%22dcm_cid%22%3A%221989145454.1728328063%22%2C%22dcm_gid%22%3A%22489379032.1728328064%22%2C%22mntnis%22%3A%22%2FHaH9sXGU1nxXcuIzdVu89ApfUULW21P%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A4%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1989145454.1728328063&dcm_gid=489379032.1728328064&available_ga=%5B%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221728328063%22%7D%2C%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%5D&hardcoded_ga=G-10SPJ4YJL9%3BUA-6177009-1&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&cb=55707508224138344term%3Dvalue&shoid=%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&shadditional=language%3Den%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue%2Csegment%3Dtrue%2Cga4%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.89.99.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-99-220.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 9e5448f3c4945c03c4aa0cc908af9b5b428f5402f874e28bd5f8def33c28f719

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

transfer-encoding: chunked
content-encoding: gzip
x-envoy-upstream-service-time: 23
connection: close
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date: Mon, 07 Oct 2024 19:07:48 GMT
content-type: application/javascript;charset=utf-8
server: istio-envoy

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 152ms
151ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A46%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223010%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a04%3Ac604%3A615%3A1%3A%3A6&v=1.1.28

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:48 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:48 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H/1.1

200
OK

tdsync
px.steelhousemedia.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=7098cc48-84df-11ef-839f-4b2406a5c8ae&gdpr=&gdpr_consent=
https://px.steelhousemedia.com/tdsync?tdid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&shguid=7098cc48-84df-11ef-839f-4b2406a5c8ae

0
319 B

521ms
195ms

Image
text/plain

44.225.29.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.steelhousemedia.com/tdsync?tdid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&shguid=7098cc48-84df-11ef-839f-4b2406a5c8ae
Protocol: HTTP/1.1
Server: 44.225.29.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-225-29-129.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

x-envoy-upstream-service-time: 90
connection: close
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-length: 0
date: Mon, 07 Oct 2024 19:07:48 GMT
server: istio-envoy
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header

Redirect headers

location: https://px.steelhousemedia.com/tdsync?tdid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&shguid=7098cc48-84df-11ef-839f-4b2406a5c8ae
content-length: 277
date: Mon, 07 Oct 2024 19:07:48 GMT
server: Kestrel

GET
H/1.1

500
Internal Server Error

usync
su.addthis.com/red/
Redirect Chain

https://insight.adsrvr.org/track/evnt/?adv=80b7kxf&ct=0:zz65l7w&fmt=3
https://dpm.demdex.net/ibs:dpid=903&dpuuid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
https://su.addthis.com/red/usync?pid=11124&puid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&url=https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fgeneric%3fttd_pid%3daddthis

27 B
27 B

600ms
167ms

Image
text/html

23.56.163.208
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://su.addthis.com/red/usync?pid=11124&puid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&url=https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fgeneric%3fttd_pid%3daddthis
Protocol: HTTP/1.1
Server: 23.56.163.208 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-163-208.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5607bc0b49036b5f13acf3f5767e0fb2fb947f5369bda253939e78e2b11f85b4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Connection: keep-alive
Expires: Mon, 07 Oct 2024 19:07:49 GMT
Content-Length: 27
Date: Mon, 07 Oct 2024 19:07:49 GMT
AK-GRN: 0.6e24c317.1728328069.9817fe0
Content-Type: text/html

Redirect headers

location: https://su.addthis.com/red/usync?pid=11124&puid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&url=https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fgeneric%3fttd_pid%3daddthis
content-length: 357
date: Mon, 07 Oct 2024 19:07:48 GMT
server: Kestrel

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 176ms
176ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224011%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a04%3Ac604%3A615%3A1%3A%3A6&v=1.1.28

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:49 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:49 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 145ms
144ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A48%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225011%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a04%3Ac604%3A615%3A1%3A%3A6&v=1.1.28

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:50 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:50 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 app.js Show response
acsbapp.com/apps/app/dist/js/ 315 KB
96 KB 301ms
149ms Script
application/javascript 2606:4700:10::ac43:b9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acsbapp.com/apps/app/dist/js/app.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:b9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5aed37fcc4dd6c6df7058f2e516d2acaf95c3359c983d7dd5c0cf0d4a614ef23

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

x-goog-metageneration: 3
access-control-expose-headers: *
x-goog-hash: crc32c=o3lcQg==, md5=j3+qvVmxEUd30U0VgkVydA==
cf-cache-status: HIT
etag: W/"8f7faabd59b1114777d14d1582457274"
content-encoding: br
x-goog-stored-content-encoding: identity
expires: Tue, 07 Oct 2025 19:07:50 GMT
x-goog-stored-content-length: 322050
date: Mon, 07 Oct 2024 19:07:50 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 06 Oct 2024 11:10:51 GMT
vary: Accept-Encoding
x-guploader-uploadid: AD-8ljvsf1_RmRl9hZmIXCgZ_rH27wGR7PTsJM_602FMs3xQEbxTHDugQa2UGf7-XMl7t08ndw
cache-control: public, max-age=300, must-revalidate
x-goog-storage-class: STANDARD
cf-ray: 8cf02d2ad9ba2b54-LAX
access-control-allow-origin: *
x-goog-generation: 1728213051532746
server: cloudflare

POST
H3 204 collect
analytics.google.com/g/ 0
0 96ms
96ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je4a20v883639532za200&_p=1728328062164&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&gdid=dYWJhMj&cid=1989145454.1728328063&ecid=2125701858&ul=en-us&sr=1600x1200&are=1&frm=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pae=1&_eu=AAg&_s=7&sid=1728328063&sct=1&seg=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&dt=Pikabot%20Updates%20%7C%20ThreatLabz&en=marketo_form_view&ep.author_name=Nikolaos%20Pantazopoulos&ep.blog_child_category=Threatlabz%20Research&ep.blog_parent_category=Security%20Research&ep.content_group=Blogs&epn.hit_timestamp=1728328065739&ep.loading_time_seconds=0&ep.nid=75241&ep.page_language=en&ep.page_url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&ep.site_classification=marketing&ep.z_error=false&ep.form_interaction=mkto_form_rendered&epn.event_label=7971&epn.event_action=3&_et=1&tfd=14358
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.zscaler.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 19:07:50 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 144ms
144ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A49%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226012%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a04%3Ac604%3A615%3A1%3A%3A6&v=1.1.28

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:51 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:51 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET config.json
cdn.acsbapp.com/config/zscaler.com/ 0
0

POST
H2 200 mon Show response
obs.iseaskies.com/ 0
39 B 139ms
138ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.iseaskies.com/mon
Requested by: Host: ob.iseaskies.com
URL: https://ob.iseaskies.com/i/1395e54b70b06b444656a2f40c135374.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.zscaler.com/

Response headers

access-control-allow-origin: https://www.zscaler.com
content-length: 0
date: Mon, 07 Oct 2024 19:07:52 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 169ms
168ms Image
image/gif 23.196.3.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=791588f5-6d00-4cbb-8f13-275b35f9e7af&session=cb89dc0c-8616-4b05-8285-a9ccdb90e9a2&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2019%3A07%3A50%20GMT%22%2C%22timeSpent%22%3A%221731%22%2C%22totalTimeSpent%22%3A%227743%22%7D&isIframe=false&m=%7B%22description%22%3A%22Updates%20to%20Pikabot%20bring%20less%20advanced%20string%20obfuscation%20and%20a%20modified%20network%20protocol%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Pikabot%20Updates%20%7C%20ThreatLabz%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&pageViewId=848a7193-0976-4ec3-860e-aeca62b7bcc3&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&ipv6=2a04%3Ac604%3A615%3A1%3A%3A6&v=1.1.28

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.196.3.184 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-196-3-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.zscaler.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 19:07:52 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 19:07:52 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.zscaler.com
URL: blob:https://www.zscaler.com/92adaeb5-3cc4-45a0-9fdf-b4979f0da065

Domain: www.zscaler.com
URL: blob:https://www.zscaler.com/0f6a583b-0119-4c60-8930-b233e97d48cb

Domain: www.zscaler.com
URL: blob:https://www.zscaler.com/268ba05c-849c-40d9-acaa-c25854a10b68

Domain: www.zscaler.com
URL: blob:https://www.zscaler.com/ee99d0bd-c596-4586-963f-36e4d23ba347

Domain: www.zscaler.com
URL: blob:https://www.zscaler.com/5d95f95c-7c10-43fb-aff2-ae9b421be89e

Domain: cdn.acsbapp.com
URL: https://cdn.acsbapp.com/config/zscaler.com/config.json?page=%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT

Verdicts & Comments Add Verdict or Comment

176 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

95 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.zscaler.com/	1970-01-21 02:16:52	Name: _cq_duid Value: 1.1728328061.kveDrs7uJRAHJOat
.zscaler.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1728328061.dohWBp2vHk8UXyiC
obs.iseaskies.com/	1970-01-21 08:09:18	Name: cg_uuid Value: 79fe9f3ce54992685e8234953af971f0
.zscaler.com/	1970-01-21 02:15:04	Name: _fbp Value: fb.1.1728328062823.262621782154733197
.zscaler.com/	1970-01-21 00:06:54	Name: _uetsid Value: 6e3019a084df11ef9b1d2dde57791790
.zscaler.com/	1970-01-21 09:27:04	Name: _uetvid Value: 6e30534084df11efa98197032b223b9d
.doubleclick.net/	1970-01-21 09:41:28	Name: IDE Value: AHWqTUl4zjz7LQ_NYZ7slVIXkX49GzeV-r_6DxNjpeRmkG5GrVIlOGwqjNXRSngN
.zscaler.com/	1970-01-21 02:15:04	Name: _gcl_au Value: 1.1.296090303.1728328064
.zscaler.com/	1970-01-21 09:41:28	Name: _ga Value: GA1.2.1989145454.1728328063
.zscaler.com/	1970-01-21 00:06:54	Name: _gid Value: GA1.2.489379032.1728328064
.zscaler.com/	1970-01-21 00:05:28	Name: _gat_gtag_UA_6177009_1 Value: 1
.info.zscaler.com/	1970-01-21 00:05:29	Name: __cf_bm Value: tU8bE_wA89y3bS98Zyirj0SydF1X9FIT.oJzorVvjIM-1728328063-1.0.1.1-b1HOZ.ZnuNPL.Obv1tfdIfd2fEaMDoZjfl75euKCgH4d5BtesymQjKFbTSQvVufm_YVwzDpC4scy8Flb1lG8Gw
.www.zscaler.com/	1970-01-21 08:51:04	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Oct+07+2024+09%3A07%3A44+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202409.1.0&browserGpcFlag=0&isIABGlobal=false&consentId=3ba11984-d97b-4815-a707-5bc75b831c8e&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fd-evolution-PIKABOT&groups=C0001%3A1%2CC0003%3A1%2CBG36%3A1%2CC0002%3A1%2CC0005%3A1%2CC0004%3A1&hosts=H36%3A1%2CH120%3A1%2CH59%3A1%2CH88%3A1%2CH98%3A1%2CH141%3A1%2CH45%3A1%2CH46%3A1%2CH100%3A1%2CH79%3A1%2CH132%3A1%2CH153%3A1%2CH144%3A1%2CH82%3A1%2CH106%3A1%2CH140%3A1%2CH165%3A1%2CH168%3A1%2CH169%3A1%2CH145%3A1%2CH139%3A1%2CH31%3A1%2CH116%3A1%2CH4%3A1%2CH102%3A1%2CH76%3A1%2CH103%3A1%2CH60%3A1%2CH96%3A1%2CH162%3A1%2CH167%3A1%2CH20%3A1%2CH175%3A1%2CH22%3A1%2CH97%3A1%2CH121%3A1%2CH108%3A1%2CH65%3A1%2CH83%3A1%2CH131%3A1%2CH110%3A1%2CH111%3A1%2CH112%3A1%2CH185%3A1%2CH114%3A1%2CH190%3A1%2CH119%3A1%2CH12%3A1%2CH123%3A1%2CH191%3A1%2CH118%3A1%2CH101%3A1%2CH150%3A1%2CH151%3A1%2CH129%3A1%2CH152%3A1%2CH52%3A1%2CH154%3A1%2CH133%3A1%2CH155%3A1%2CH192%3A1%2CH156%3A1%2CH8%3A1%2CH157%3A1%2CH158%3A1%2CH159%3A1%2CH104%3A1%2CH193%3A1%2CH160%3A1%2CH161%3A1%2CH163%3A1%2CH164%3A1%2CH105%3A1%2CH14%3A1%2CH149%3A1%2CH146%3A1%2CH166%3A1%2CH40%3A1%2CH15%3A1%2CH194%3A1%2CH17%3A1%2CH170%3A1%2CH171%3A1%2CH172%3A1%2CH173%3A1%2CH63%3A1%2CH124%3A1%2CH174%3A1%2CH176%3A1%2CH177%3A1%2CH178%3A1%2CH134%3A1%2CH135%3A1%2CH179%3A1%2CH147%3A1%2CH180%3A1%2CH136%3A1%2CH189%3A1%2CH130%3A1%2CH181%3A1%2CH182%3A1%2CH109%3A1%2CH183%3A1%2CH184%3A1%2CH113%3A1%2CH186%3A1%2CH115%3A1%2CH33%3A1%2CH34%3A1%2CH187%3A1%2CH188%3A1&genVendors=
.bat.bing.com/	1970-01-21 00:15:32	Name: MR Value: 0
info.zscaler.com/	1969-12-31 23:59:59	Name: BIGipServerabmweb-nginx-app_https Value: !773zIolUl+vnt7TagI9xdiUvaZp4gilU+UrCroaX12EMlUVu0FNhrfXRFwMdyB7V8jY01alb9ajGQg==
.bing.com/	1970-01-21 09:27:04	Name: MUID Value: 375F7E8FA1AA6D3A052C6B9EA0106C26
.zscaler.com/	1970-01-21 08:51:04	Name: rl_user_id Value: RudderEncrypt%3AU2FsdGVkX19ihvsok3VvZRQwF5uKdnmIXKC5%2BQNtgIc%3D
.zscaler.com/	1970-01-21 08:51:04	Name: rl_trait Value: RudderEncrypt%3AU2FsdGVkX19kCjK211d%2BcsBKJm4XL2yIWXlqFxWtqqI%3D
.zscaler.com/	1970-01-21 08:51:04	Name: rl_group_id Value: RudderEncrypt%3AU2FsdGVkX1%2Bn%2B6XFttaxV3f4pHl2Qc5X680EfuWGwcE%3D
.zscaler.com/	1970-01-21 08:51:04	Name: rl_group_trait Value: RudderEncrypt%3AU2FsdGVkX1%2Bp74TAlevDjMmvFSU2dan67sHi%2BvpdRvI%3D
.zscaler.com/	1970-01-21 08:51:04	Name: rl_anonymous_id Value: RudderEncrypt%3AU2FsdGVkX18o88KtRINpL5FpBrIC6kyFFUDXiOk%2BYgxWUsKAtMWrSyzNHfj%2FJucwlf7y%2FoBqCwgh76plE6FSVQ%3D%3D
.zscaler.com/	1970-01-21 08:51:04	Name: rl_page_init_referrer Value: RudderEncrypt%3AU2FsdGVkX19c9cnp0mogjPkvuqsHwlOEDGP49JHlFok%3D
.zscaler.com/	1970-01-21 08:51:04	Name: rl_page_init_referring_domain Value: RudderEncrypt%3AU2FsdGVkX193ZbjM%2FL%2FrEnl2MVEC0aKdzhbQdQ0dnJg%3D
www.zscaler.com/	1970-01-21 09:41:28	Name: _gd_visitor Value: 791588f5-6d00-4cbb-8f13-275b35f9e7af
www.zscaler.com/	1970-01-21 00:05:42	Name: _gd_session Value: cb89dc0c-8616-4b05-8285-a9ccdb90e9a2
.zscaler.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.zscaler.com/	1970-01-21 00:06:54	Name: _ce.clock_event Value: 1
.adnxs.com/	1970-01-21 09:41:28	Name: receive-cookie-deprecation Value: 1
www.zscaler.com/	1970-01-21 00:15:32	Name: _an_uid Value: 0
.zscaler.com/	1970-01-21 08:51:04	Name: ajs_anonymous_id Value: 2600093c-bfa0-4cf7-ae16-c3d23e20858c
.zscaler.com/	1970-01-21 09:41:28	Name: _ga_10SPJ4YJL9 Value: GS1.1.1728328063.1.1.1728328065.58.0.2125701858
.zscaler.com/	1970-01-21 08:51:04	Name: rl_session Value: RudderEncrypt%3AU2FsdGVkX1%2FArCZhgbbM0oX1Ct06ZIvA79qO8adJbYKefOprZ22DjblFSWQjV3EPFtmbMPSZZXNSbgnySnP5G81EuHKPGfyLG5HRiYPkayUFOQuv17Z%2Fz4JyRRYAqHTWOaGO9V44Zeuo2eTafQn2Kg%3D%3D
.zscaler.com/	1970-01-21 00:06:54	Name: _ce.clock_data Value: 115%2C162.245.206.245%2C1%2Ccd70ceeb4a1768030b1882c90242a428%2CChrome%2CUS
.zscaler.com/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.zscaler.com/	1970-01-21 08:51:04	Name: _ce.s Value: v~44bcbef503c3034968930660db606cbb0da648c4~lcw~1728328065790~vir~new~lva~1728328065312~vpv~0~v11.cs~366477~v11.s~6fabfad0-84df-11ef-a84a-f908469107b6~lcw~1728328065791
.techtarget.com/	1970-01-21 00:05:29	Name: __cf_bm Value: 2hoBcvBB4OU6vt_zyqWaWDCphO8GkFfv42Bj71lktmc-1728328065-1.0.1.1-_6iySYtbkCVkLMw.NhvDpwylOueuUZb.OQB064lcSkF_U9ZywsvjsctBArSXBGyt3Wc8fy8R_TsWK.q247dktA
www.zscaler.com/	1970-01-21 08:51:04	Name: __pdst Value: 9abefa3c411e43c799a0ea9a3d9d4958
.www.zscaler.com/	1970-01-21 08:51:04	Name: _zitok Value: 4cc1c066b795ad8f0d511728328066
.zoominfo.com/	1970-01-21 00:05:29	Name: __cf_bm Value: 4anacQqYQsHzBkhjzftJ.RjyPbi9j4A00V8UQ61l7MU-1728328066-1.0.1.1-tkANQialCUk_mzQ5sgRgqN3KQMlWAPe1O7x9jva3of9DND4txmAi99j2SEUEZPcsqN8TfAPk6JqPnJfaZNJtpQ
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: JjTi8YCo6TQjczwz9VpNFm27HavEzEC8UAByUuY4Y9w-1728328066303-0.0.1.1-604800000
.linkedin.com/	1970-01-21 02:15:04	Name: li_sugr Value: 0ff1f81c-5bc3-49e2-b680-eaead6a8a061
.linkedin.com/	1970-01-21 08:51:04	Name: bcookie Value: "v=2&ab900a24-d530-4b6d-89b0-613b7b21dc40"
.linkedin.com/	1970-01-21 00:06:54	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=3366:u=1:x=1:i=1728328066:t=1728414466:v=2:sig=AQH0SvGKB2GbnwOesOYLstomh5o7W3dm"
.adsrvr.org/	1970-01-21 08:51:04	Name: TDID Value: 6d30d8aa-fa47-4d83-8646-ec04036a23d1
.doubleclick.net/	1970-01-21 00:48:40	Name: ar_debug Value: 1
.linkedin.com/	1970-01-21 00:48:40	Name: UserMatchHistory Value: AQIEprcVtbeBegAAAZJoYWWhzGCuxPirrG0CUfu51rAxToWs-Gt5ASEgEJQgF5pDzW36UoHe0l549g
.linkedin.com/	1970-01-21 00:48:40	Name: AnalyticsSyncHistory Value: AQIIciQPet0tAgAAAZJoYWWiSSsKiNpjaDscpbT9J_VOfKvBo5CcrzxL6qBdr-EmOXOElXXS7QEkFtb8Jd-YTg
.d.adroll.com/	1970-01-21 09:34:16	Name: receive-cookie-deprecation Value: 1
.adroll.com/	1970-01-21 09:34:16	Name: receive-cookie-deprecation Value: 1
.zscaler.com/	1970-01-21 08:51:25	Name: __adroll_fpc Value: 8baa9456e82e724a445120e115bbd84b-1728328066648
.zscaler.com/	1970-01-21 00:05:29	Name: vid Value: f703cd9a-654d-47a3-9339-aaa3ad39399c
.doubleclick.net/	1970-01-21 04:24:40	Name: receive-cookie-deprecation Value: 1
.www.linkedin.com/	1970-01-21 08:51:04	Name: bscookie Value: "v=1&202410071907464bf9b8e6-35fd-4d03-8b3e-c7b6043aab2eAQH6Q-9VqExHrkTBvOoKg-4VJfTfoVbm"
.linkedin.com/	1970-01-21 00:05:29	Name: __cf_bm Value: drw_BLuqYTQYWfYRb8mNYiGYEaDuwsB0E5Tj0ejupWQ-1728328066-1.0.1.1-yZXeknM_18y0nq1PvEx0RHCG0i57xye6RJv9kd1ehIOyMOvCDmr_1IrO2nzawK0kj1JmkehWiKjOz2m5gC4RtQ
.zscaler.com/	1970-01-21 00:05:29	Name: _pf_ses.3c7f Value: *
.www.zscaler.com/	1970-01-21 08:51:04	Name: __ar_v4 Value: %7CULSJHTPGTZGY3EPPZSKHKS%3A20241006%3A1%7C22OEOVE2YNFA3EKSRERISY%3A20241006%3A1%7CXYPZFM5QENHXRH7RBBI5PW%3A20241006%3A1
.zscaler.com/	1970-01-21 00:05:29	Name: _pf_id.3c7f Value: f703cd9a-654d-47a3-9339-aaa3ad39399c.1728328067.1.1728328067..d70ba07a-e882-436a-8392-da9b7e4f3613..5e40376f-1042-48d0-afd4-7ec52efe7006.1728328067055.2
x.adroll.com/	1969-12-31 23:59:59	Name: ar_debug Value: 1
.casalemedia.com/	1970-01-21 08:51:04	Name: CMID Value: ZwQxg8AoIroAAAtxAd7paQAA
.casalemedia.com/	1970-01-21 02:15:04	Name: CMPS Value: 2613
.casalemedia.com/	1970-01-21 02:15:04	Name: CMPRO Value: 2613
.tapad.com/	1970-01-21 01:31:52	Name: TapAd_TS Value: 1728328067276
.tapad.com/	1970-01-21 01:31:52	Name: TapAd_DID Value: d162394c-d9c8-4fe3-ab5e-a503d0ba08ff
.openx.net/	1970-01-21 08:51:04	Name: i Value: e5e3175e-a40c-4e1f-b2b8-6b27924bf5d1\|1728328067
.adnxs.com/	1970-01-21 02:15:04	Name: XANDR_PANID Value: Eqo0iRUV_7UHlff4bk_XNOXR2OW19cVMqC8Qj2bMnenZQXjyCAwZHHIGsdyrHUPgkVwomnRS9OBAjvZovgxyao4F56haUMDN-Sxf73K9GiU.
.adnxs.com/	1970-01-21 02:15:04	Name: uuid2 Value: 1072407490154981576
.rlcdn.com/	1970-01-21 08:51:04	Name: rlas3 Value: DOuvBYtbjwXojge5ca77vbD93RySwGeY29m5KNKb168=
.mountain.com/	1970-01-21 08:51:04	Name: guid Value: 7098cc48-84df-11ef-839f-4b2406a5c8ae
.rubiconproject.com/	1970-01-21 08:51:04	Name: audit_p Value: 1\|Or7ujxmnV2ISg2rqq7ddJwIM+9w+KzegYwulOQGCLi+CZIg+tqclATB4arS0k1H0CbFIMNDvr1OM1KxoLazIt7kxm0k08nop+R4DB+iLIkFRHRQnme6hNy9s7oTxObhaZAQVW3RqLHBljUI8a7XQ3XhE1bQNS/s4obWBOY3d36TJeSdCMjcEkQ5/8Wu8VjpS3TYsX/cuoqHQD5U7tEfUTQ==
.rubiconproject.com/	1970-01-21 08:51:04	Name: khaos Value: M1ZDWNRJ-I-FWZM
.rubiconproject.com/	1970-01-21 08:51:04	Name: khaos_p Value: M1ZDWNRJ-I-FWZM
.rubiconproject.com/	1970-01-21 08:51:04	Name: audit Value: 1\|Or7ujxmnV2ISg2rqq7ddJwIM+9w+KzegYwulOQGCLi+CZIg+tqclATB4arS0k1H0CbFIMNDvr1OM1KxoLazIt7kxm0k08nop+R4DB+iLIkFRHRQnme6hNy9s7oTxObhaZAQVW3RqLHBljUI8a7XQ3XhE1bQNS/s4obWBOY3d36TJeSdCMjcEkQ5/8Wu8VjpS3TYsX/cuoqHQD5U7tEfUTQ==
.rubiconproject.com/	1970-01-21 02:15:04	Name: receive-cookie-deprecation Value: 1
.rlcdn.com/	1970-01-21 01:31:52	Name: pxrc Value: CIPjkLgGEgUI6AcQABIFCOhHEAA=
.adnxs.com/	1970-01-21 02:15:04	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2HaRGzKYC!@wnfH1Ya.O4]7Q=EE(L2Gzl526B[-a(*CXieA_1`qlwK_M4yY`J6^U0hAUXj)V!p_0v:J@Q=3]OL7pE%nugO%v4VB%nu#b+szDU
.3lift.com/	1970-01-21 02:15:04	Name: tluidp Value: 1385902043896616833334
.3lift.com/	1970-01-21 02:15:04	Name: tluid Value: 1385902043896616833334
.yahoo.com/	1970-01-21 08:51:25	Name: A3 Value: d=AQABBIMxBGcCEMVSqe2sQe9WN0D5Jq__2zwFEgEBAQGDBWcOZ9wAAAAA_eMAAA&S=AQAAAvhYq0jXNW2kNeYXKTIwXGU
.pubmatic.com/	1970-01-21 02:15:04	Name: KRTBCOOKIE_10 Value: 22808-M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&KRTB&22883-M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&KRTB&23504-M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E&KRTB&23615-M2VmMjVkYTMxOTY2OWMwYzYyOTEyMDlhMDI1ODAyM2E
.pubmatic.com/	1970-01-21 00:48:40	Name: PugT Value: 1728328067
.taboola.com/	1970-01-21 08:51:04	Name: t_gid Value: 3cab4a82-8926-47bc-a2a7-cb0ce85fae19-tuctdfdb703
.taboola.com/	1970-01-21 08:51:04	Name: t_pt_gid Value: 3cab4a82-8926-47bc-a2a7-cb0ce85fae19-tuctdfdb703
.d.adroll.com/	1970-01-21 09:34:16	Name: __adroll Value: 3ef25da319669c0c6291209a0258023a-g_1728328067-a_1728328066
.adroll.com/	1970-01-21 09:34:16	Name: __adroll_shared Value: 3ef25da319669c0c6291209a0258023a-g_1728328067-a_1728328066
.analytics.yahoo.com/	1970-01-21 08:51:04	Name: IDSYNC Value: 1770~2l4j
.pippio.com/	1970-01-21 08:51:04	Name: did Value: HWeXTcqaZIY7iS4v
.pippio.com/	1970-01-21 08:51:04	Name: didts Value: 1728328067
.pippio.com/	1970-01-21 01:31:52	Name: nnls Value:
.pippio.com/	1970-01-21 01:31:52	Name: pxrc Value: CIPjkLgGEgYIgr0rEAA=
.tapad.com/	1970-01-21 01:31:52	Name: TapAd_3WAY_SYNCS Value: 1!6763
.px.mountain.com/	1970-01-21 08:51:04	Name: tt Value: "H4sIAAAAAAAAAKtW8guKNzYyNrKMN7IwtlCyMtBBEjG3NAaLICswNAfSRhYGZkBkrKNUpmRlVAsA4xZ9vEYAAAA="
.mountain.com/	1970-01-21 08:51:04	Name: rt Value: "MzIzMjk6MTcyODMyODA2OA=="
.demdex.net/	1970-01-21 04:24:40	Name: demdex Value: 02299252580071707653459574743110029887
.dpm.demdex.net/	1970-01-21 04:24:40	Name: dpm Value: 02299252580071707653459574743110029887
.adsrvr.org/	1970-01-21 08:51:04	Name: TDCPM Value: CAESFwoIYXBwbmV4dXMSCwj476TJq8OzPRAFEhYKB3J1Ymljb24SCwjonKXJq8OzPRAFEhUKBmdvb2dsZRILCILApcmrw7M9EAUSFAoFdGFwYWQSCwiQoNLUq8OzPRAFEhIKA2FhbRILCJr6-fnxkKg9EAUSFgoHYWRkdGhpcxILCN6Ezt-rw7M9EAUYBSABKAEyCwj2vdKGwsOzPRAFQhUiEwgBEg8KC05PIFRydU9wdGlrEAFaBzgwYjdreGZgAXIHYWRkdGhpcw..

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
worker	verbose	URL: blob:https://www.zscaler.com/92adaeb5-3cc4-45a0-9fdf-b4979f0da065(Line 1) Message: Error
security	error	URL: https://js.zi-scripts.com/zi-tag.js Message: Refused to load the script 'blob:https://www.zscaler.com/5d95f95c-7c10-43fb-aff2-ae9b421be89e' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js https://ob.iseaskies.com https://obs.iseaskies.com .mountain.com https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://.pathfactory.com https://explore.zscaler.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
javascript	warning	URL: https://www.zscaler.com/blogs/security-research/d-evolution-PIKABOT Message: The resource https://www.zscaler.com/_next/image?url=https%3A%2F%2Fcms.zscaler.com%2Fsites%2Fdefault%2Ffiles%2Fimages%2Fblogs%2Fblog-tile-img-700x467-ransomware.jpg&w=3840&q=75 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
network	error	URL: https://su.addthis.com/red/usync?pid=11124&puid=6d30d8aa-fa47-4d83-8646-ec04036a23d1&url=https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fgeneric%3fttd_pid%3daddthis Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: https://.pathfactory.com https://explore.zscaler.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js https://ob.iseaskies.com https://obs.iseaskies.com .mountain.com https://netlify-rum.netlify.app j.6sc.co .adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com .marketo.net js.adsrvr.org .crazyegg.com https://cdnjs.cloudflare.com https://.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com .bugcrowdusercontent.com .googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com .linkedin.oribi.io gateway.zscalertwo.net .jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://.pathfactory.com https://explore.zscaler.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://.pathfactory.com https://explore.zscaler.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io .cloudfunctions.net ibc-flow.techtarget.com .mktoresp.com bat.bing.com .crazyegg.com .6sc.co st.fullcircleinsights.com https://.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://.acsbapp.com https://.wistia.com https://.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com .6sense.com .linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://.pathfactory.com https://explore.zscaler.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://.adroll.com/ https://explore.zscaler.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

117186981.intellimizeio.com
8541430.fls.doubleclick.net
acsbapp.com
ad.doubleclick.net
analytics.google.com
analytics.revsure.cloud
api.intellimize.co
api.rudderstack.com
api.segment.io
assets-tracking.crazyegg.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn-app.pathfactory.com
cdn.acsbapp.com
cdn.cookielaw.org
cdn.intellimize.co
cdn.pdst.fm
cdn.rudderlabs.com
cdn.segment.com
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
dpm.demdex.net
dsum-sec.casalemedia.com
dx.mountain.com
eb2.3lift.com
epsilon.6sense.com
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
ib.adnxs.com
ibc-flow.techtarget.com
idsync.rlcdn.com
image2.pubmatic.com
info.zscaler.com
insight.adsrvr.org
ipv4.d.adroll.com
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.zi-scripts.com
jukebox.pathfactory.com
log.intellimize.co
match.adsrvr.org
munchkin.marketo.net
ob.iseaskies.com
obs.iseaskies.com
pagestates-tracking.crazyegg.com
pippio.com
pixel.rubiconproject.com
pixel.tapad.com
pixels.spotify.com
px.ads.linkedin.com
px.mountain.com
px.steelhousemedia.com
px4.ads.linkedin.com
s.adroll.com
script.crazyegg.com
secure.adnxs.com
snap.licdn.com
spcollector.pathfactory.com
stats.g.doubleclick.net
su.addthis.com
sync.outbrain.com
sync.taboola.com
td.doubleclick.net
tracking.crazyegg.com
trk.techtarget.com
ups.analytics.yahoo.com
us-u.openx.net
ws-assets.zoominfo.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.zscaler.com
x.adroll.com
x.bidswitch.net
cdn.acsbapp.com
www.zscaler.com
104.16.117.43
104.16.118.43
104.17.72.206
104.18.37.212
104.19.147.8
107.178.254.65
13.107.42.14
13.226.38.199
13.35.93.19
141.226.224.48
142.250.65.194
142.250.72.100
142.250.72.98
142.250.80.2
142.250.80.66
142.250.81.230
142.251.40.134
142.251.40.136
15.197.193.217
151.101.2.132
157.240.241.1
157.240.241.35
172.64.151.101
18.164.116.13
18.204.24.143
18.238.49.36
2001:4860:4802:34::178
2001:4860:4802:36::181
207.65.37.184
216.239.34.181
23.196.3.184
23.204.6.193
23.56.163.208
2600:141b:1c00:2e::17d1:48d1
2600:141b:1c00:6::17df:d10d
2600:1901:1:7c5::
2600:1f18:61c0:2205:85fa:8573:b199:2df2
2600:1f18:61c0:2209:ab9:7223:3aa0:6217
2600:1f18:61c0:220a:6d89:c273:d52f:a25c
2600:1f18:e8a:cd06:e361:a2ce:b047:17c
2600:9000:23cb:800:6:9280:1080:93a1
2600:9000:23cb:9e00:c:d449:2a40:93a1
2600:9000:26fa:da00:16:a497:9700:93a1
2606:4700:10::ac43:b9b
2606:4700:4400::6812:2929
2606:4700:4400::ac40:9b77
2606:4700::6812:1247
2606:4700::6812:1d4a
2606:4700::6812:572a
2607:f8b0:4004:c06::9d
2607:f8b0:4006:81c::2002
2607:f8b0:4006:821::2008
2620:1ec:21::14
2620:1ec:33:3::10
2a03:2880:f112:182:face:b00c:0:25de
3.128.9.82
3.168.97.94
3.211.2.19
3.217.147.72
3.225.218.10
34.111.113.62
34.111.208.231
34.120.2.236
35.160.151.220
35.163.3.3
35.211.202.130
35.244.142.80
35.244.154.8
35.244.159.8
35.71.131.137
44.197.110.75
44.212.189.233
44.225.29.129
52.12.117.226
52.223.22.214
52.7.151.245
52.85.61.125
52.89.99.220
54.197.61.92
54.225.48.29
68.67.161.182
69.173.146.5
70.42.32.95
99.83.231.3
02063dd115384c5f2a2aff143cbf85ceeff43b7fe2d02fd7843d8bf3038104a0
02a0f616e6a419dab41683866f390d5be86f9d9309c8540a3109e32f71cb9216
02cf967312da416498f662d891dd432426488424f6334da0eb277059ecd2f59b
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
034670cb9e3af1fbed10543f9a300275601ed7e988c793f71ddc9557d02ab139
034bc13d04248ad9c63078d267ad70e5ccfbb39d41f3837aac74684b79592b04
03e5ad9078ac2743c1a71b9bf1f8b61c1682f78f142aa8d0ec63d4b42c9f77ea
0416551b4774020f8529fc662df505361fe640c8fdc432e9a2c82b5d74cc1ae2
0602c4fb1597b7e6e111fe79777e195cacbc73774fcaf233a7835b33372dceae
0641409d1c3cdd9d398534537a3e3d0e158460b7c1e4238cbcd3f14d401a4896
0927046a7f82a1f6e6e48d1115be04d8e053922775f03d0fdecef3b60e92f8cb
09ffe1ebce8835c9b4d8232b59214200e95e6c2d2a3d67aba4d3f578051cd3a8
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c57780c294c4ac3bb4790f10f11ab4afe4e323819d2ae1278de9cc6b390fc7a
0e0c8cedb72a7e5a3080203509132486e267e5d1b0c5c6eae78ac16f7928ff01
0e600b4627639b0a3855e49742ec16e1457470c341291907dad0348e715cb643
0efb6cd8769db3db5a13e6c0118238f6bfd7114e84459aea4fc9499887b6876b
116fd48e3b985abdfd9d18e7d0b99e08018f4b86bda69514f22df0f5352b5179
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1362ad7199ef6585442f4cb16faba76503e5cf440ca0a82490f19497cd6a75bc
13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5
14b6cfd9b2a41bf5ee498086b1fbe2e8a31b1f99d5e040d55bdbe2d95702b6ac
1ab49fd90ca814517ecccd0199152e764e8fcb16e0fd6ed91358d3aea88f753f
1bd0f17fcc9806bc57f287b9f65bb309de268110957f9d2a73614af6ae0984fc
1c2450a344cc27a7fd79d867fc73d4f595d481e56bfbcfe29b49a8e9e9e29c43
1d58425769217cb47be85d239260e430b96bbaad508ce06e269ce4633a515a9c
1e12c02cd9e833878d4a8cb23d11f1964e9f6e8349e11bbae7c2f144596a5db6
1fdddb377d6442ed4a9ea71787b84b868c358163da4c5ecbdc55a65ea280a713
203987ff8bd021893a06303e163eeb294647081d8376b725bdacbc414cc4d035
2112436c0cd10289a8aee652a5a1bad029b0575272ac9d7bc1d724203247e06b
21abbc4eb5809f0a7787d61130694af28a7ae193c77efeddead9a44871708960
25462e537585513efd706d55cf4cd890b30f382ab96c0f6df75c41c1095d58ed
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
258ac87e304908a79116737170a587d0ea6cb91c9fa2e10389e0c52b3a30f2b0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
27994b9f6b7bb5288e9e4e749a4abe9973e852b0d8404bd890b45bb8a4050577
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f3372fb7b8a9653d0a799e71dc3195aa3fc7a8b08273a079749f7787e510456
317e8773ed812f65272fb15d1e555d5653a0cfb59f5272172308a2ee93d54119
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
35f7f766216b5d4b77d11c9556216ea6dca0c02cb480af3f8e37425aa55199d8
36abed3d20085dbc2ef2778631d3f5efd0e8000db1925e2de3a18649671d4e02
3a600a8b86e938acf4c39f392719678cbeee228d2ee698fbf3f310e99db4347a
3b5008724c1f81d00251e8462e2bd516bc4b697e4e0a4da0dba7215f0c74c007
3d8db1e6933ea20fefa725b8f886ee547bf40b730b6f2ab25e917640aaf9f37b
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ff1babc9b98b9a6646d0ce248a7be2b355c8335c400f9b05e6cc28850d0b5b6
42717a207578018b81bd5bfb13fd41672e8081f2fa517e078b437c080885bb3c
42c3dfb68ff11fe295d20cdd98826c65161cf5d480d25f72b10d9a182f9e2a1d
42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4da8a6638ad70698ad3d01aa0ef124aebe35c297685c0796b174822f597b1d09
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fb7c0200d46215e03c99a819b336c1426163575e3c55b6d5e9ba4449edede06
4fc84674bc35b739d5e31f0540890fd8b8dbd23f96931a65e0de4c5d83c1925a
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
53383e308071f119680221c3529389b52db8b9fd233bac6f244c5912c2950598
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c0aeda81e2ecc27723f37c441e4530091780b93a1ca6d7a3d13a45e1ba4fa3
5607bc0b49036b5f13acf3f5767e0fb2fb947f5369bda253939e78e2b11f85b4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a8bf1c99af0f8603282867326008c7e3754270f051178b6c3ecb9b2d7478d9b
5aed37fcc4dd6c6df7058f2e516d2acaf95c3359c983d7dd5c0cf0d4a614ef23
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
6487817342cc7311d0f8603168a7edba803aa7de8813673eb155e8ea8b77b32c
67bada63c3654c7168cedb6be0924d793dc683e81ae6740e3e14f3b181b94ff3
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ebbbfd7704d7ef939cad696b7342b0553466b742df9e2c9905566ba0534f940
6fbeee7b066c53e5cb023ba504ccb291d1db541e0965ec796fb049f28d8b4eb6
73361e78167bac3a8446cff21dd031c985a1a99ed5a33a4a51fca994342cdb02
73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4
752fc4c483c910180a1cff93b98a210ef57346dbf246805cde5c2728b87a55dd
7680afb36c4d51ede32810262853ca53f0177c29b5cbc0a578ce408657f4a991
76c645171496c5a2725d98c02c1628dc97fad5696e805bd1714846488c2ec7a3
76e23459d85448d82eb9efc5e6fc0cf092be8cc7f3fe53a834828c3981c1df2f
76fd1ee7974308fe5fd89f36a472e30e1ddf2f8465fed557f8f03dca2f25ea2a
7701282ea59743a1d336ee5ede4e6805ca9572c28ad013fa956fb39f18de0d69
774e08566a15a9afbb217705a2ca66fa20dc5b34885b6977d428220993147106
7b2a1e7ec66641ad958a36774552cc40712f052e2db6542cacc01fd2dbcde58c
7c00d4632bbc34c55332b5a4838113b408118e09c53070ef83fcfcf35d3a1bb9
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7d7420dc00f6c2095845ed3099c8c38269d37ed054a8570135082f433b717ad7
7dc479230d1f930e663a76b0f7bca0ddfa9c553134b741283d2b9cf82323b9ff
7df1146c5c321131210e8251e38568f46755aa3b4118ebf5194ffe6c83282fc8
8124544e0d4c275d07a116b2b775cc3554d6ad47304af14b8218006f0e2e202e
81a50b09cb85e4ff68788f763b8dcdc549414cecf42ca228a55ab77c971f1286
82cb48259676d52012779b374e0d3110729d6631ab48cf5ab565b8320396dd03
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
89d648c6aa4a3bbf08b974e37aef5d320c80e336ba365417c6285a2f2711b140
89fde8fd7b0ad034128435bc21892e617683afdfb5cd4fef39c0bd6ff7d53723
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8b9d0d77fab58e1e1ec4fd77f06ecebedf37e54ad7b3a3f0d6641de0204fcaa9
8fe9ec953a481215d1cb1859845485b5842e61e0a20d650ba35f688bb885e944
9472a35859944100861f094b0b0b7e3bbaefcd8c041e765c30efda1bcbba07fa
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9b0c767358df0c4abfbdbbf942642c0a99c6a2a30e6efce507727f764cf5496c
9dd93b89faa1f4642b0a4a84a36bccf5174c8af4a024d9291ed1e0300db58bcd
9e5448f3c4945c03c4aa0cc908af9b5b428f5402f874e28bd5f8def33c28f719
9f51ff024361e3d2d11964a55b9b1b54e89e911b4d60199aa0b55b8b5a214dcc
9f55eaa5439e74776935de31e1873860df2be6585c83eb2bc518820db3d1ca16
a07312906d3f7010bfca350c49ea96966131e417f225305c42c2cad3201c6501
a1f04ecd2576cc6d0ddcbb9ad07860327ea0a94995bd49755b105b7f842451d2
a3503429dd448bce757b6024acfd1ff59e630912efc0d731231f498747303d50
a3e647bd139028a8b14cd0c42545d61fe316a4a42436a5602b44df99d8d416f3
a40d1546fd476759f8530c4d04bd302d2ef93dbec0f59ce4a146c19d3da74620
a959f8b2ed719935a773a8aceec009ba524c7cb69b95cae370414c9f4bd6a8cb
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ae105750fe6d4a9ff64d6723ed7c6d33af70b309bdfcee04b86e2d32cc46caec
ae37c378332e58282f1bc7ba114f3b2406e069499f9b6c49a2d4ce77c19ac5c3
ae9ce01eeaeb30d4044b4b309035579a53b0e534e28cbb8828f5b4f648514c10
aef6de5ec7f540dbb35027a93f1e45dd100aa31309a1e659ed2ba08abc8cd3d6
b026ac8e9b650f8a85c8a082f913b04eaa7dde4bf82bef0512f352891b3e0758
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
b677e677ced8c4a836aed76512f225e795edc1b19123c4cf94a765f8fe89d192
b6f2f47cfaaf607ca160352f152ff7c8c8364ffc29c2a7fb9d1f2cd02fc32055
b7eff4b4361c8058fbe407d9e1e0e14f425df85f01cd295f6e1ac1271a3ff6bc
b9c3a3a5543d46f275eeb107f39abb8b65c8d7327f657b5d48f6b3ee5dd2911a
b9e1f73d998e105fcf2b3362487f420e7364e7828795c9317f5cbb0a7e28bb5b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
beac035e4d7e7ca8063a81be0994cfc994d5f1c7539091659834203e076476ac
c27a7c526472e28e86e6ddffb1ab014c73fecaff290dce62b86d1896a88e97eb
c4709decb7d2124dc7bf1cad75988772215d9c9203bca3a72766fc9315ca9b1c
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce4e274c5793e7cd62cb67e2630278ef4a470b4baa35cb3b42e145717faed336
d0ec04051c6114cc5c079a12d21ce695b45c0a1b0cb2d83886c26ee6cf1d187f
d877144ebb70b3513aaa378f49bd4d47e5ff59a8d876511016d54ab3ad9ce019
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfa0c4945ca8300301ccd1bf48c46b2fc1b75b8fb0f76d35c3704c35134d3438
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a1e90281fb5f6bd8c4df8697f16fdd66b968afe67e22f20130b2a212910ddb
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
eb7d77be4c764da38c117e792075ad4aa2c0cf133f20be795dbdc9b50a11e1a8
eddd884436be08bc6ecaff1ea001f0f68eea7fe12664000a6f3646e07961a061
ee854e0f94d3a28c8d68a2d25586e453969668db0e27d665cb7509b2d9f50b35
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efad755939e511f2bc1feb0d58d6014006e8598a4d431f27a66dd59e14fc19cb
f00bcec7905b2b58275c21018b38b6b381d91ae0a47a4ab091843e9d8434e3fb
f41954a2fc47731f779222d4412fc91423f4b25aaba150f299d0d1bc4fc59dad
f5bf9e709edea93b24c7135cdc0dd210313fd00a76c4ce484cc9bd13f14add1c
f7c5b53c0c987810b73a24d75835c7c05b1e9dce209466c244cb3ef96e710b1a
fa059430738cdbf7a8c346c42f832af2f8e0e241e586fdb5ec0d71dd58a0a775
fa5c21a013b645f008573c41ffaea2cb09df3ec637e75c0d23902e3703d989dc
fc35e2c681f28348ee2d8dbbdd2c54dda9eee8541271f9fc4dd4a8b51ecc592b
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c
fd06da99f01b4d5e3fc4c54e4e3cf4ae18803c08bc113e4cb923638d6e683278
fd8134b4043cb1ce2a1641c56a93561d99bb541ff9820b3c0e115e1b70dd9be3
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.zscaler.com Open in urlscan Pro 2606:4700::6812:1d4a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

243 Requests

89 %HTTPS

29 %IPv6

51 Domains

82 Subdomains

79 IPs

2 Countries

3391 kBTransfer

10590 kBSize

95 Cookies

26 Outgoing links

Redirected requests

243 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zscaler.com Open in urlscan Pro
2606:4700::6812:1d4a Public Scan

Screenshot
Live screenshot

Full Image

243
Requests

89 %
HTTPS

29 %
IPv6

51
Domains

82
Subdomains

79
IPs

2
Countries

3391 kB
Transfer

10590 kB
Size

95
Cookies

243 HTTP transactions
0 data transactions