www.zscaler.com Open in urlscan Pro
35.166.119.124  Public Scan

22 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

• https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-6177009-1&cid=1104074057.1568315863&jid=1669047594&gjid=111351380&_gid=1942056034.1568315863&_u=aGDAgEADQ~&z=941620411 HTTP 302
• https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=1669047594&_v=j79&z=941620411 HTTP 302
• https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=1669047594&_v=j79&z=941620411&slf_rd=1&random=2876339329

Request Chain 34

• https://www.google-analytics.com/r/collect?v=1&_v=j79&a=31519848&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&ul=en-us&de=UTF-8&dt=Page%20not%20found%20%7C%20Zscaler&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Google%20Optimize&ea=BVtB-t4aT-OH54OFwLaacg&el=0&_u=aGDACEADR~&jid=226670182&gjid=616954914&cid=1104074057.1568315863&tid=UA-6177009-1&_gid=1942056034.1568315863&_r=1&gtm=2zg9415KQJVPX&z=925186368 HTTP 302
• https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6177009-1&cid=1104074057.1568315863&jid=226670182&_gid=1942056034.1568315863&gjid=616954914&_v=j79&z=925186368 HTTP 302
• https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=226670182&_v=j79&z=925186368 HTTP 302
• https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=226670182&_v=j79&z=925186368&slf_rd=1&random=68237542

Request Chain 52

• https://px.ads.linkedin.com/collect/?time=1568315863435&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&fmt=js&s=1 HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1568315863435%26pid%3D33962%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%25257C%26fmt%3Djs%26s%3D1%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect/?time=1568315863435&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&fmt=js&s=1&liSync=true

Request Chain 63

• https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&referer=&fp=664c32e1481a8d04989c79d350f668a9 HTTP 302
• https://tracking.leadlander.com/tracking.png

66 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	404	Primary Request innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Show response www.zscaler.com/blogs/research/	50 KB 12 KB	1188ms 762ms	Document text/html	35.166.119.124 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-166-119-124.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 50ba9cfc617f9dbe621ffd4e5b49787c0a1455a10253f0bc999b869f10548c66 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY Request headers :method GET :authority www.zscaler.com :scheme https :path /blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode navigate sec-fetch-user ?1 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Response headers status 404 server nginx date Thu, 12 Sep 2019 19:17:42 GMT content-type text/html; charset=utf-8 x-drupal-cache MISS x-content-type-options nosniff set-cookie SimpleSAMLSessionID=bed22f77a9778ca361df309c7cf114c8; path=/; HttpOnly strict-transport-security max-age=31536000 access-control-allow-origin https://cdn.zscaler.com https://cdn-2.zscaler.com https://cdn-3.zscaler.com https://cdn-4.zscaler.com https://cdn-5.zscaler.com https://www.zscaler.com https://info.zscaler.com http://info.zscaler.test http://info.zscaler.com https://dev.zscaler.com http://fonts.googleapis.com https://staging.zscaler.com http://www.zscaler.test etag "1568315862-1" content-language en x-frame-options DENY cache-control public, max-age=86400 last-modified Thu, 12 Sep 2019 19:17:42 GMT expires Sun, 19 Nov 1978 05:00:00 GMT vary Accept-Encoding content-encoding gzip x-request-id v-fe40015e-d591-11e9-ab3a-27339adeda9b x-ah-environment prod age 0 via varnish x-cache MISS
GET H2	200	css__BJ6Ou6QsBRtnFTmxaakamOIS8n4QswDP2XnnZ1sxtaM__NBuvkP6eInGIkb1aJvUHx5PX79XApuxBDkk_77W5tYk__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css cdn.zscaler.com/sites/default/files/advagg_css/	9 KB 3 KB	129ms 32ms	Stylesheet text/css	13.35.253.88 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn.zscaler.com/sites/default/files/advagg_css/css__BJ6Ou6QsBRtnFTmxaakamOIS8n4QswDP2XnnZ1sxtaM__NBuvkP6eInGIkb1aJvUHx5PX79XApuxBDkk_77W5tYk__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.88 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-88.fra6.r.cloudfront.net Software nginx / Resource Hash a63697b509acc4629d1f31050b2ae187a0a740d81280c45b373e98d2121ad22e Security Headers Name Value X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 28 Jun 2019 16:00:12 GMT content-encoding gzip x-content-type-options nosniff age 6578272 x-cache Hit from cloudfront status 200 x-cache-hits 2 x-ah-environment prod content-length 2933 x-request-id v-c3068758-99bd-11e9-9263-7b64de096a3f last-modified Mon, 03 Sep 2018 06:37:30 GMT server nginx vary Accept-Encoding content-type text/css via varnish, 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront) cache-control max-age=31449600, no-transform, public, immutable x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id MbXFATiDis9zytW5HkMISzsv8bzmxoZStdgQSAbUZKyfiWE33WF0cQ== expires Fri, 26 Jun 2020 15:59:51 GMT
GET H2	200	css__B6R1n5hUxJ1o1BWFmj6GlRKP80ajaoSTQm5aID3_N8w__XMmkF07YEEILSr_5suip2GpdbEMJ_R-22WGrZmdhdmY__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css cdn-3.zscaler.com/sites/default/files/advagg_css/	10 KB 3 KB	125ms 32ms	Stylesheet text/css	13.35.253.60 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__B6R1n5hUxJ1o1BWFmj6GlRKP80ajaoSTQm5aID3_N8w__XMmkF07YEEILSr_5suip2GpdbEMJ_R-22WGrZmdhdmY__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.60 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-60.fra6.r.cloudfront.net Software nginx / Resource Hash dba7f69552c84f602fe58d4cb6755f58e70ef9cfaa21743b8b35b7892f32f169 Security Headers Name Value X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 28 Jun 2019 16:00:03 GMT content-encoding gzip x-content-type-options nosniff age 6578271 x-cache Hit from cloudfront status 200 x-cache-hits 2 x-ah-environment prod content-length 2573 x-request-id v-c313e394-99bd-11e9-81a7-07efd56b32fc last-modified Mon, 03 Sep 2018 06:37:30 GMT server nginx vary Accept-Encoding content-type text/css via varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront) cache-control max-age=31449600, no-transform, public, immutable x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id _FxKpU9j2Ih3-te8kVXj1lSaMf6SipseLVHv5r0Qj-VOfNK-l00dqg== expires Fri, 26 Jun 2020 15:59:51 GMT
GET H2	200	css__zt2v79BRnbKLQqxXI6VWIcLPzSPLQmS3708n4U7KO8o__VRBDvoJUsMeNbceG0V8okk3cYHuF_1U_xrStsiLbBrA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css cdn-3.zscaler.com/sites/default/files/advagg_css/	882 B 928 B	172ms 79ms	Stylesheet text/css	13.35.253.60 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__zt2v79BRnbKLQqxXI6VWIcLPzSPLQmS3708n4U7KO8o__VRBDvoJUsMeNbceG0V8okk3cYHuF_1U_xrStsiLbBrA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.60 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-60.fra6.r.cloudfront.net Software nginx / Resource Hash 8b5a4c38e84431b3669f45f2d84e2562d121e7e6204518fec00ee798a53ef949 Security Headers Name Value X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 28 Jun 2019 16:00:03 GMT content-encoding gzip x-content-type-options nosniff age 6578271 x-cache Hit from cloudfront status 200 x-cache-hits 2 x-ah-environment prod content-length 424 x-request-id v-c306218c-99bd-11e9-989e-2343f74bbe85 last-modified Mon, 03 Sep 2018 06:37:30 GMT server nginx vary Accept-Encoding content-type text/css via varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront) cache-control max-age=31449600, no-transform, public, immutable x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id 9ldTUMyktwpiNR3MF-VF9-Ro5OKgqCi0Kfgn1efoBd83f7D-3NoXPA== expires Fri, 26 Jun 2020 15:59:51 GMT
GET H2	200	css__qwQVqTZBAUeWSlz_5Wi5ogqXYD-zWZUz0TvgaFnoOIw__5h90oqDfhvAPDE_H_0qKYC9yNQtwbkhlMwtjJhbDtEA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css cdn-3.zscaler.com/sites/default/files/advagg_css/	913 KB 120 KB	141ms 47ms	Stylesheet text/css	13.35.253.60 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__qwQVqTZBAUeWSlz_5Wi5ogqXYD-zWZUz0TvgaFnoOIw__5h90oqDfhvAPDE_H_0qKYC9yNQtwbkhlMwtjJhbDtEA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.60 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-60.fra6.r.cloudfront.net Software nginx / Resource Hash 1e0bdc7de83469423634b0b6199066250e881474480555e30cd6ef38566d99b7 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 22:24:52 GMT content-encoding gzip x-content-type-options nosniff age 75176 x-cache Hit from cloudfront status 200 x-cache-hits 1 strict-transport-security max-age=31536000 x-ah-environment prod content-length 121826 x-request-id v-f5efac7a-d4e2-11e9-8753-87338cb9ed7e last-modified Wed, 11 Sep 2019 22:24:06 GMT server nginx vary Accept-Encoding content-type text/css via varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront) cache-control max-age=31449600, no-transform, public, immutable x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id Xe-PUvF1YfaWqjO2NArEx6GFBre24uB8TwpnfkPeBscVJ6xhuvsLXw== expires Wed, 09 Sep 2020 22:24:46 GMT
GET H2	200	css fonts.googleapis.com/	18 KB 1023 B	20ms 19ms	Stylesheet text/css	2a00:1450:4001:81a::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash 36b9d75325e3e2addf711c2024361ef378f94f88a41653641c8f6f836fdb81de Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 12 Sep 2019 19:17:43 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin status 200 date Thu, 12 Sep 2019 19:17:43 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" x-xss-protection 0 expires Thu, 12 Sep 2019 19:17:43 GMT
GET H2	200	zscaler-header-logo.png www.zscaler.com/sites/all/themes/zscaler/images/shared/	4 KB 4 KB	172ms 171ms	Image image/png	35.166.119.124 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-logo.png Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-166-119-124.us-west-2.compute.amazonaws.com Software nginx / Resource Hash b6f5ff4cfa2d209385754fb256451d4104387617e34131f5500822250e4f4c59 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT via varnish x-content-type-options nosniff age 56 x-cache HIT status 200 x-ah-environment prod vary Host content-length 3795 x-request-id v-dd255b18-d591-11e9-bd21-bb49d6fb6e76 last-modified Wed, 29 Aug 2018 06:52:48 GMT server nginx strict-transport-security max-age=31536000 content-type image/png expires Thu, 03 Oct 2019 19:16:46 GMT cache-control max-age=1814400 accept-ranges bytes x-cache-hits 12
GET H2	200	zscaler-header-logo-white.png www.zscaler.com/sites/all/themes/zscaler/images/shared/	2 KB 3 KB	173ms 173ms	Image image/png	35.166.119.124 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-logo-white.png Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-166-119-124.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 840353e97eda0d0721411f79be9b32cf832898137e52e3de834e4a1ccc0f62c8 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT via varnish x-content-type-options nosniff age 56 x-cache HIT status 200 x-ah-environment prod vary Host content-length 2348 x-request-id v-dd256496-d591-11e9-9e27-4373bd390bb9 last-modified Wed, 29 Aug 2018 06:23:14 GMT server nginx strict-transport-security max-age=31536000 content-type image/png expires Thu, 03 Oct 2019 19:16:46 GMT cache-control max-age=1814400 accept-ranges bytes x-cache-hits 12
GET H2	200	zscaler-sideIcon-shield.png cdn.zscaler.com/cdn/farfuture/kch0mK47piKYNqqgMacyMg3dy1eTW-85EOGEz8yhJ0I/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/	288 B 812 B	129ms 36ms	Image image/png	13.35.253.88 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.zscaler.com/cdn/farfuture/kch0mK47piKYNqqgMacyMg3dy1eTW-85EOGEz8yhJ0I/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/zscaler-sideIcon-shield.png Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.88 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-88.fra6.r.cloudfront.net Software nginx / Resource Hash 5a83e9ab51f0cdb6c8dca84411c7370a9ad152fd4e5730848ea3a294d3b845d2 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 28 Jun 2019 15:58:31 GMT via varnish, 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront) x-content-type-options nosniff age 6578352 x-cache Hit from cloudfront status 200 x-ah-environment prod content-length 288 x-request-id v-9372e568-99bd-11e9-ae50-0f3c5faf5e03 last-modified Wed, 20 Jan 1988 04:20:42 GMT server nginx strict-transport-security max-age=31536000 content-type image/png access-control-allow-origin * cache-control max-age=290304000, no-transform, public x-drupal-cache MISS x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id gRvUV2ZRUmWJwy7Tu1OR8ZXrOaJbe5YR6VEq-BuQYK3sjRz-WpiL0g== expires Tue, 20 Jan 2037 04:20:42 GMT
GET H2	200	zscaler-sideIcon-share.png cdn-3.zscaler.com/cdn/farfuture/u_3V4GExYuS8stsYJNF-Ng9UiEHiAnHZm8dRsQR3Vwo/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/	284 B 809 B	187ms 97ms	Image image/png	13.35.253.60 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://cdn-3.zscaler.com/cdn/farfuture/u_3V4GExYuS8stsYJNF-Ng9UiEHiAnHZm8dRsQR3Vwo/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/zscaler-sideIcon-share.png Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.60 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-60.fra6.r.cloudfront.net Software nginx / Resource Hash d74148ff31c75b243670de7e37dbb54d399185c0384e982da43388bece07a763 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 28 Jun 2019 15:58:31 GMT via varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront) x-content-type-options nosniff age 6578352 x-cache Hit from cloudfront status 200 x-ah-environment prod content-length 284 x-request-id v-937132d6-99bd-11e9-a24c-2ff27bc907f7 last-modified Wed, 20 Jan 1988 04:20:42 GMT server nginx strict-transport-security max-age=31536000 content-type image/png access-control-allow-origin * cache-control max-age=290304000, no-transform, public x-drupal-cache MISS x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id cxC_xVU9Ib0RRlGTSJPjnLV4hHzAX2ulXvAvmwXEykTg5WKQPtbB9w== expires Tue, 20 Jan 2037 04:20:42 GMT
GET H2	200	js__iPm3xkaYdrpMli2w2Z0Eh2qoh3EFZX43_A60atTh9oQ__6kZ7OPNcXtcEvvmukj42luni1FPtKEUaVsN-wglPsJ4__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Show response cdn-5.zscaler.com/sites/default/files/advagg_js/	92 KB 33 KB	145ms 49ms	Script application/javascript	143.204.214.113 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn-5.zscaler.com/sites/default/files/advagg_js/js__iPm3xkaYdrpMli2w2Z0Eh2qoh3EFZX43_A60atTh9oQ__6kZ7OPNcXtcEvvmukj42luni1FPtKEUaVsN-wglPsJ4__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.113 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-113.fra53.r.cloudfront.net Software nginx / Resource Hash 918d86c682b2bcf9ebc83ec288017f322a32ed8a0daf0b4d757c74f8d7f7950d Security Headers Name Value X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 28 Jun 2019 16:00:12 GMT content-encoding gzip x-content-type-options nosniff age 6578271 x-cache Hit from cloudfront status 200 x-cache-hits 2 x-ah-environment prod content-length 32858 x-request-id v-c345bc84-99bd-11e9-8478-8fe0a7d5a8a9 last-modified Fri, 26 Apr 2019 08:05:07 GMT server nginx vary Accept-Encoding content-type application/javascript via varnish, 1.1 e8b17f734954ee4d46d26cf302323482.cloudfront.net (CloudFront) cache-control max-age=31449600, no-transform, public, immutable x-amz-cf-pop FRA53-C1 accept-ranges bytes x-amz-cf-id HgVgZ5A2dopE94hvlwmrQP0o6YDHpIIwNKFSdZb_qiQKWg3CdzJiRg== expires Fri, 26 Jun 2020 15:59:51 GMT
GET H2	200	js__N2w3MNbkMBVEaHZEuSDHy9eqjOd34q8QR23ga1GSthI__UaSBauOIHIAdfILgPZKtaSaoIttxVBs0wggJItyxzsI__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Show response cdn-2.zscaler.com/sites/default/files/advagg_js/	25 KB 9 KB	140ms 46ms	Script application/javascript	13.35.253.85 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn-2.zscaler.com/sites/default/files/advagg_js/js__N2w3MNbkMBVEaHZEuSDHy9eqjOd34q8QR23ga1GSthI__UaSBauOIHIAdfILgPZKtaSaoIttxVBs0wggJItyxzsI__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.85 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-85.fra6.r.cloudfront.net Software nginx / Resource Hash 45b5732f734c6199b57da0ed7832ed2f674b67a8dd9486cd2ba8456a5f298173 Security Headers Name Value X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 28 Jun 2019 16:00:13 GMT content-encoding gzip x-content-type-options nosniff age 6578271 x-cache Hit from cloudfront status 200 x-cache-hits 3 x-ah-environment prod content-length 8988 x-request-id v-c36a9b3a-99bd-11e9-9b30-ab7267b71614 last-modified Mon, 03 Sep 2018 06:37:31 GMT server nginx vary Accept-Encoding content-type application/javascript via varnish, 1.1 35c75b7f0ca8c787d67c8ebd22bc7fc3.cloudfront.net (CloudFront) cache-control max-age=31449600, no-transform, public, immutable x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id vc9zlKOVEvyFPPMmP9Ls3WRDGEnNttgOJQkIHk9x1ZPRgoVxZh-3pg== expires Fri, 26 Jun 2020 15:59:51 GMT
GET H2	200	js__D_VCqW1yTtCwuVAFntOtASYdYPw_RI6fkHG2xHUn44I__qW7RFbcn4o51bPRlD0TnQWYN-qSn4RYrYKvDlTXS-pw__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Show response cdn-2.zscaler.com/sites/default/files/advagg_js/	7 KB 3 KB	126ms 32ms	Script application/javascript	13.35.253.85 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn-2.zscaler.com/sites/default/files/advagg_js/js__D_VCqW1yTtCwuVAFntOtASYdYPw_RI6fkHG2xHUn44I__qW7RFbcn4o51bPRlD0TnQWYN-qSn4RYrYKvDlTXS-pw__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.85 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-85.fra6.r.cloudfront.net Software nginx / Resource Hash 5f4407da08a159f50a278d4e86cda104a1738182beeca5d9b3fdc0a84fadb206 Security Headers Name Value X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 28 Jun 2019 16:00:13 GMT content-encoding gzip x-content-type-options nosniff age 6578271 x-cache Hit from cloudfront status 200 x-cache-hits 3 x-ah-environment prod content-length 2543 x-request-id v-c3740864-99bd-11e9-9469-93220e2cbbb0 last-modified Mon, 03 Sep 2018 06:37:31 GMT server nginx vary Accept-Encoding content-type application/javascript via varnish, 1.1 35c75b7f0ca8c787d67c8ebd22bc7fc3.cloudfront.net (CloudFront) cache-control max-age=31449600, no-transform, public, immutable x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id o9Mimq90i5L31vOlkV1lYkURdgqYfq5-pBkwWfP4C7O-NRCPPBowZg== expires Fri, 26 Jun 2020 15:59:51 GMT
GET H2	200	js___WXCO7f_VMXcfCufWcMakPQRTKEFLrRyEZpbnb44-iE__FqW_tU1U3kmXgjX6u7Yowj3nnz8DTHljbssyIuy7EZw__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Show response cdn-3.zscaler.com/sites/default/files/advagg_js/	618 KB 165 KB	171ms 81ms	Script application/javascript	13.35.253.60 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn-3.zscaler.com/sites/default/files/advagg_js/js___WXCO7f_VMXcfCufWcMakPQRTKEFLrRyEZpbnb44-iE__FqW_tU1U3kmXgjX6u7Yowj3nnz8DTHljbssyIuy7EZw__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.60 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-60.fra6.r.cloudfront.net Software nginx / Resource Hash 6efbe9529e0d112a330d70cc8b89a5c753d6dd4f062e449e442bbec97c4b1cfd Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 06 Sep 2019 00:47:25 GMT content-encoding gzip x-content-type-options nosniff age 585018 x-cache Hit from cloudfront status 200 strict-transport-security max-age=31536000 x-ah-environment prod content-length 168082 x-request-id v-e4eedb0a-d03f-11e9-8789-179eea45e978 last-modified Fri, 06 Sep 2019 00:35:33 GMT server nginx vary Accept-Encoding content-type application/javascript via varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront) cache-control max-age=31449600, no-transform, public, immutable x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id BTRWanxEalGuKYX2mSws8XQkibbRDQ_Y7n_eW7nhd3QTpamEnVmC3A== expires Fri, 04 Sep 2020 00:47:25 GMT
GET H2	200	92ede4fc-c076-4245-8c3f-85e672763690.js Show response cdn.cookielaw.org/langswitch/	2 KB 1 KB	72ms 19ms	Script application/x-javascript	152.195.132.202 MCI Communication...
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US), Reverse DNS Software ECAcc (lha/8DC2) / Resource Hash 3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 12 Sep 2019 19:17:43 GMT content-encoding gzip content-md5 wNMyoZp2a7YtIJ5FlCf5Pg== x-cache HIT status 200 content-length 737 x-ms-lease-status unlocked last-modified Mon, 22 Apr 2019 21:38:32 GMT server ECAcc (lha/8DC2) etag 0x8D6C76ADDE64110 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id cd1d4946-701e-0174-1f8d-6918f5000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=14400 x-ms-version 2009-09-19 accept-ranges bytes expires Thu, 12 Sep 2019 23:17:43 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	125 KB 34 KB	15ms 14ms	Script application/javascript	2a00:1450:4001:819::2008 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Google Tag Manager / Resource Hash d805ee3216e06eab905fb33532c69c1ec904bb13f6f01485bd7dff1a02898a4f Security Headers Name Value X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT content-encoding br last-modified Thu, 12 Sep 2019 18:00:55 GMT server Google Tag Manager access-control-allow-headers Cache-Control status 200 vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin http://www.googletagmanager.com cache-control private, max-age=900 access-control-allow-credentials true alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 35132 x-xss-protection 0 expires Thu, 12 Sep 2019 19:17:43 GMT
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/	24 KB 9 KB	171ms 63ms	Script text/javascript	172.217.18.2 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.18.2 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s28-in-f2.1e100.net Software cafe / Resource Hash 8c88d6a0ae774f43c52a16b37d0134231b235ddf98ce9eb7f28c587c31b59d5a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 content-disposition attachment; filename="f.txt" alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39" content-length 9186 x-xss-protection 0 server cafe etag 1827501119694548318 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Thu, 12 Sep 2019 19:17:43 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	43 KB 17 KB	6ms 5ms	Script text/javascript	2a00:1450:4001:825::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Golfe2 / Resource Hash dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Mon, 19 Aug 2019 17:22:41 GMT server Golfe2 age 2050 date Thu, 12 Sep 2019 18:43:33 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 17803 expires Thu, 12 Sep 2019 20:43:33 GMT
GET H/1.1	200 OK	insight.min.js Show response sjs.bizographics.com/	15 KB 5 KB	22ms 11ms	Script application/x-javascript	2a02:26f0:6c00:2bf::3adf AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://sjs.bizographics.com/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:2bf::3adf , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Sep 2019 19:17:43 GMT Content-Encoding gzip Last-Modified Mon, 03 Dec 2018 23:03:30 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=24912 Connection keep-alive Accept-Ranges bytes Content-Length 4571
GET H2	200	iframe_api Show response www.youtube.com/	859 B 923 B	21ms 21ms	Script application/javascript	2a00:1450:4001:820::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/iframe_api Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software YouTube Frontend Proxy / Resource Hash 27889a2cca2d7cdd99727dba4a1ed1842f76f030b5e68a9d838553e011c286be Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT x-content-type-options nosniff server YouTube Frontend Proxy content-type application/javascript status 200 cache-control no-cache alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 859 x-xss-protection 0 expires Tue, 27 Apr 1971 19:44:06 EST
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	85 KB 32 KB	72ms 17ms	Script application/x-javascript	93.184.220.178 MCI Communication...
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US), Reverse DNS Software ECS (lcy/1D3F) / ASP.NET Resource Hash 38e2357a7e1247afb1475fd6294b7fb8fe8d085a662bc7fc14659bbf852bcd14 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT content-encoding gzip etag "19824fdc2e5bd51:0" last-modified Sun, 25 Aug 2019 10:21:30 GMT server ECS (lcy/1D3F) x-powered-by ASP.NET vary Accept-Encoding x-cache HIT content-type application/x-javascript status 200 accept-ranges bytes content-length 33059
GET H/1.1	200 OK	6si.min.js Show response j.6sc.co/	13 KB 6 KB	90ms 30ms	Script application/javascript	23.34.183.125 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.34.183.125 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a23-34-183-125.deploy.static.akamaitechnologies.com Software nginx/1.10.3 (Ubuntu) / Resource Hash f8da483c46b2d867d51506bc94356efd592a73534d1bce7989d125612f9cdd58 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Sep 2019 19:17:43 GMT Content-Encoding gzip Last-Modified Wed, 11 Sep 2019 04:36:44 GMT Server nginx/1.10.3 (Ubuntu) ETag "5d7879dc-3453" Vary Accept-Encoding Access-Control-Allow-Methods GET,POST Content-Type application/javascript Access-Control-Allow-Origin Access-Control-Max-Age 86400 Access-Control-Allow-Credentials true Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Headers * Content-Length 5596
GET H/1.1	200 OK	tracking.js Show response trk.techtarget.com/	4 KB 2 KB	126ms 34ms	Script text/javascript	163.171.132.119 QUANTIL NETWORKS INC
General Check archive.org Show headers Download Go to Full URL https://trk.techtarget.com/tracking.js Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US), Reverse DNS Software PWS/8.3.1.0.8 / Resource Hash 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Sep 2019 19:17:43 GMT Content-Encoding gzip Last-Modified Fri, 21 Jun 2019 20:11:17 GMT Server PWS/8.3.1.0.8 Age 74 Content-Type text/javascript Via 1.1 VMmgytldATL1ph112:2 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2lp71:4 (W) Cache-Control max-age=600 X-Px ht PSdgflkfFRA2lp71FRA Connection keep-alive Accept-Ranges bytes Content-Length 1711 Expires Thu, 12 Sep 2019 19:26:29 GMT
GET H2	200	zscaler-home-navigation-dropDown-products.jpg www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/	21 KB 21 KB	279ms 278ms	Image image/jpeg	35.166.119.124 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-products.jpg Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-166-119-124.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 8521546462c374cd8318bbfbe95ff5c775195d06afb71b4d44eea64a3e42b020 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT via varnish x-content-type-options nosniff age 60 x-cache HIT status 200 x-ah-environment prod vary Host content-length 21040 x-request-id v-dab1af58-d591-11e9-8128-3b6baadda2c6 last-modified Thu, 06 Dec 2018 23:45:14 GMT server nginx strict-transport-security max-age=31536000 content-type image/jpeg expires Thu, 03 Oct 2019 19:16:42 GMT cache-control max-age=1814400 accept-ranges bytes x-cache-hits 9
GET H2	200	zscaler-home-navigation-dropDown-solutions.jpg www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/	17 KB 18 KB	177ms 176ms	Image image/jpeg	35.166.119.124 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-solutions.jpg Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-166-119-124.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 52ae784bbd156dfe8f7311c85d5753314cbd9d963ec95a62e6665c99d0268a7b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT via varnish x-content-type-options nosniff age 60 x-cache HIT status 200 x-ah-environment prod vary Host content-length 17746 x-request-id v-dab1b462-d591-11e9-a0c2-23a8d00b145e last-modified Thu, 06 Dec 2018 23:45:14 GMT server nginx strict-transport-security max-age=31536000 content-type image/jpeg expires Thu, 03 Oct 2019 19:16:42 GMT cache-control max-age=1814400 accept-ranges bytes x-cache-hits 9
GET H2	200	zscaler-home-navigation-dropDown-resources.jpg www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/	22 KB 22 KB	330ms 329ms	Image image/jpeg	35.166.119.124 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-resources.jpg Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-166-119-124.us-west-2.compute.amazonaws.com Software nginx / Resource Hash d7dd3f4c3fcd4d440cd3aa820cc4da361dd28a055f0a05bf60dbac778c3528a0 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT via varnish x-content-type-options nosniff age 60 x-cache HIT status 200 x-ah-environment prod vary Host content-length 22243 x-request-id v-dab1afbc-d591-11e9-9bf4-a3441e48b671 last-modified Thu, 06 Dec 2018 23:45:14 GMT server nginx strict-transport-security max-age=31536000 content-type image/jpeg expires Thu, 03 Oct 2019 19:16:42 GMT cache-control max-age=1814400 accept-ranges bytes x-cache-hits 9
GET H2	200	zscaler-home-navigation-dropDown-company.jpg www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/	21 KB 22 KB	329ms 329ms	Image image/jpeg	35.166.119.124 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-company.jpg Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-166-119-124.us-west-2.compute.amazonaws.com Software nginx / Resource Hash e9622a721ead53a7e422bf180cb5a0aab8a5190b678bc3a1e1a29bc02a5314e3 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT via varnish x-content-type-options nosniff age 60 x-cache HIT status 200 x-ah-environment prod vary Host content-length 21662 x-request-id v-dab1b7aa-d591-11e9-b373-570e608ff3ea last-modified Thu, 06 Dec 2018 23:45:14 GMT server nginx strict-transport-security max-age=31536000 content-type image/jpeg expires Thu, 03 Oct 2019 19:16:42 GMT cache-control max-age=1814400 accept-ranges bytes x-cache-hits 9
GET H2	200	media-center-blogs-header.jpg cdn-3.zscaler.com/cdn/farfuture/8QTGmQPISY8RT47tD8hn4XFOxsmvhgVIATQCrRQ7oJs/mtime:1535525568/sites/all/themes/zscaler/images/blog/	67 KB 67 KB	116ms 98ms	Image image/jpeg	13.35.253.60 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://cdn-3.zscaler.com/cdn/farfuture/8QTGmQPISY8RT47tD8hn4XFOxsmvhgVIATQCrRQ7oJs/mtime:1535525568/sites/all/themes/zscaler/images/blog/media-center-blogs-header.jpg Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.60 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-60.fra6.r.cloudfront.net Software nginx / Resource Hash 11fbdeb8d0b9e6aeed619d2161067766d43aadf25fbe1a953bced52745e9c654 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 15 Jul 2019 09:58:59 GMT via varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront) x-content-type-options nosniff age 5131237 x-cache Hit from cloudfront status 200 x-cache-hits 1 x-ah-environment prod content-length 68454 x-request-id v-e7018870-a6e6-11e9-940f-975d5f4ceb19 last-modified Wed, 20 Jan 1988 04:20:42 GMT server nginx strict-transport-security max-age=31536000 content-type image/jpeg access-control-allow-origin * cache-control max-age=290304000, no-transform, public x-drupal-cache MISS x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id aEcMinKfJbsOi3qxe3JMO_1ZAComT_EO_PyjAvtUP7VtEqEJ_2HYGg== expires Tue, 20 Jan 2037 04:20:42 GMT
GET H2	200	js Show response www.google-analytics.com/gtm/	79 KB 26 KB	21ms 21ms	Script application/javascript	2a00:1450:4001:825::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/gtm/js?id=GTM-5KQJVPX&t=gtm1&cid=1104074057.1568315863 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Google Tag Manager / Resource Hash d88a85f2b887523c54b820e381dfb2d74786c91b89f53e4168e76be95f5d37c7 Security Headers Name Value X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control status 200 vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin http://www.googletagmanager.com cache-control private, max-age=900 access-control-allow-credentials true alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 26771 x-xss-protection 0 expires Thu, 12 Sep 2019 19:17:43 GMT
GET H2	200	www-widgetapi.js Show response s.ytimg.com/yts/jsbin/www-widgetapi-vflpfxENY/	26 KB 10 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:808::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://s.ytimg.com/yts/jsbin/www-widgetapi-vflpfxENY/www-widgetapi.js Requested by Host: www.youtube.com URL: https://www.youtube.com/iframe_api Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash f965c887617c1cf14af29b9768c73cb11b30b1b5d1660a7849bfbde9c5e3d5b3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 09 Sep 2019 10:52:02 GMT content-encoding gzip x-content-type-options nosniff age 289541 status 200 alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 9992 x-xss-protection 0 last-modified Mon, 09 Sep 2019 10:04:41 GMT server sffe vary Accept-Encoding, Origin content-type text/javascript cache-control public, max-age=691200 accept-ranges bytes timing-allow-origin https://www.youtube.com expires Tue, 17 Sep 2019 10:52:02 GMT
GET H2	200	details Show response epsilon.6sense.com/v1/company/	124 B 303 B	90ms 30ms	XHR application/json	52.57.44.100 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://epsilon.6sense.com/v1/company/details Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.57.44.100 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-52-57-44-100.eu-central-1.compute.amazonaws.com Software nginx/1.4.6 (Ubuntu) / Resource Hash 7221581fbaf55e2e4492f0360ed714c7975d2d56c5dec49336dda0609521d020 Request headers Sec-Fetch-Mode cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Authorization Token d9a28eea7120bf0c47191c72d2fdf42c4de8fc4e Response headers date Thu, 12 Sep 2019 19:17:43 GMT server nginx/1.4.6 (Ubuntu) status 200 vary Accept-Encoding content-type application/json access-control-allow-origin https://www.zscaler.com access-control-allow-credentials true content-length 124
GET H/1.1	200 OK	/ Show response c.6sc.co/	47 B 371 B	93ms 32ms	XHR text/plain	23.34.183.125 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.34.183.125 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a23-34-183-125.deploy.static.akamaitechnologies.com Software / Resource Hash 1eece70be1256ebc18386c2f3475a0f8e7e034c3aa5abc928e0cd00a3360e4e5 Request headers Sec-Fetch-Mode cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Sep 2019 19:17:43 GMT Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type text/plain Access-Control-Allow-Origin https://www.zscaler.com Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers * Content-Length 47
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 627 B	284ms 229ms	Image image/gif	23.34.183.125 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=&visitor=c1d5f05d-c44b-4def-8055-9bd1ef3a63d6&session=ff1bd0ae-4d6e-4b14-8f07-3b994cb777bf&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%20%20%20%20Page%20not%20found%20%7C%20Zscaler%20%20%22%7D&cb=15863247&r=&thirdParty=%7B%7D Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.34.183.125 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a23-34-183-125.deploy.static.akamaitechnologies.com Software nginx/1.10.3 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Sep 2019 19:17:43 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Wed, 30 Jan 2019 07:07:08 GMT Server nginx/1.10.3 (Ubuntu) ETag "5c514d1c-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	collect www.google-analytics.com/	35 B 100 B	7ms 6ms	Image image/gif	2a00:1450:4001:825::200e Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j79&a=31519848&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&ul=en-us&de=UTF-8&dt=Page%20not%20found%20%7C%20Zscaler&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAgEADQ~&jid=1669047594&gjid=111351380&cid=1104074057.1568315863&tid=UA-6177009-1&_gid=1942056034.1568315863&gtm=2wg9415SLZFK&cd3=industry&cd4=country&cd5=domain&cd6=employee_range&cd7=name&cd8=revenue_range&cd9=state&cd10=naics&z=1174426423 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Fri, 23 Aug 2019 03:53:29 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 1783454 status 200 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/ Redirect Chain https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-6177009-1&cid=1104074057.1568315863&jid=1669047594&gjid=111351380&_gid=1942056034.1568315863&_u=aGDAgEADQ~&z=941620411 https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=1669047594&_v=j79&z=941620411 https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=1669047594&_v=j79&z=941620411&slf_rd=1&random=2876339329	42 B 109 B	29ms 28ms	Image image/gif	2a00:1450:4001:81c::2003 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=1669047594&_v=j79&z=941620411&slf_rd=1&random=2876339329 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate content-type image/gif alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 302 content-type text/html; charset=UTF-8 location https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=1669047594&_v=j79&z=941620411&slf_rd=1&random=2876339329 cache-control no-cache, no-store, must-revalidate timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/ Redirect Chain https://www.google-analytics.com/r/collect?v=1&_v=j79&a=31519848&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&ul... https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6177009-1&cid=1104074057.1568315863&jid=226670182&_gid=1942056034.1568315863&gjid=616954914&_v=j79&z=925186368 https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=226670182&_v=j79&z=925186368 https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=226670182&_v=j79&z=925186368&slf_rd=1&random=68237542	42 B 109 B	29ms 29ms	Image image/gif	2a00:1450:4001:81c::2003 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=226670182&_v=j79&z=925186368&slf_rd=1&random=68237542 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate content-type image/gif alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 302 content-type text/html; charset=UTF-8 location https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1104074057.1568315863&jid=226670182&_v=j79&z=925186368&slf_rd=1&random=68237542 cache-control no-cache, no-store, must-revalidate timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 560 B	15ms 15ms	Stylesheet text/css	2a00:1450:4001:81a::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto+Slab Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash d3535722304c938a15fd3a0d4ad3cd961e8a8a27bb76f115054928d84024f136 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 12 Sep 2019 19:17:43 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin status 200 date Thu, 12 Sep 2019 19:17:43 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" x-xss-protection 0 expires Thu, 12 Sep 2019 19:17:43 GMT
GET H2	200	css fonts.googleapis.com/	14 KB 904 B	17ms 16ms	Stylesheet text/css	2a00:1450:4001:81a::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:300,400,700|Roboto+Slab:300,400,700 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash 304b25133a3a95c8b74118dc2f35ffa2d7196ecebb56a61c53b4693036f5a5a4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 12 Sep 2019 19:17:43 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin status 200 date Thu, 12 Sep 2019 19:17:43 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" x-xss-protection 0 expires Thu, 12 Sep 2019 19:17:43 GMT
GET H2	200	zscaler-zl-promo-background.png cdn-3.zscaler.com/sites/all/themes/zscaler/images/home-page/slider/	112 KB 113 KB	31ms 31ms	Image image/png	13.35.253.60 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://cdn-3.zscaler.com/sites/all/themes/zscaler/images/home-page/slider/zscaler-zl-promo-background.png Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.60 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-60.fra6.r.cloudfront.net Software nginx / Resource Hash 385aceada9adc8f7a369a74b01f7744f35b0bcd4c7ee70784df415630143d7c1 Security Headers Name Value X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode no-cors Referer https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__qwQVqTZBAUeWSlz_5Wi5ogqXYD-zWZUz0TvgaFnoOIw__5h90oqDfhvAPDE_H_0qKYC9yNQtwbkhlMwtjJhbDtEA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 06 Sep 2019 20:12:16 GMT via varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront) x-content-type-options nosniff age 541756 x-cache Hit from cloudfront status 200 x-ah-environment prod content-length 114671 x-request-id v-c2a19f6e-99bd-11e9-a602-2759aa8d1a85 last-modified Thu, 09 May 2019 03:37:48 GMT server nginx content-type image/png expires Fri, 27 Sep 2019 12:48:26 GMT cache-control max-age=1814400 x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id JSWY7ybzRz9iy8ijK5drbiV1ECnaBy3hNY5EEHTtdO6tDNNM8zTFxg== x-cache-hits 3
GET H2	200	KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2 fonts.gstatic.com/s/roboto/v20/	11 KB 11 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i Origin https://www.zscaler.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 25 Aug 2019 08:41:22 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:52 GMT server sffe age 1593381 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 11180 x-xss-protection 0 expires Mon, 24 Aug 2020 08:41:22 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 fonts.gstatic.com/s/roboto/v20/	11 KB 11 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i Origin https://www.zscaler.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 14:56:54 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:50 GMT server sffe age 1657249 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 11016 x-xss-protection 0 expires Sun, 23 Aug 2020 14:56:54 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 fonts.gstatic.com/s/roboto/v20/	11 KB 11 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i Origin https://www.zscaler.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 02 Sep 2019 18:28:07 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:58 GMT server sffe age 866976 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 11020 x-xss-protection 0 expires Tue, 01 Sep 2020 18:28:07 GMT
GET H2	200	fa-brands-400.woff2 cdn-2.zscaler.com/cdn/farfuture/qTEquhETF97C1BixoXYMgJU2YvHO4l0qKzWfOfymiXM/mtime:1557226085/sites/all/themes/zscaler/vendor/font-awesome/webfonts/	73 KB 74 KB	813ms 738ms	Font application/octet-stream	13.35.253.85 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn-2.zscaler.com/cdn/farfuture/qTEquhETF97C1BixoXYMgJU2YvHO4l0qKzWfOfymiXM/mtime:1557226085/sites/all/themes/zscaler/vendor/font-awesome/webfonts/fa-brands-400.woff2 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.85 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-85.fra6.r.cloudfront.net Software nginx / Resource Hash 03b742a6efdb17797c84c2b5db25f5cda6a3361fa5e62b98662e321b26f77331 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode cors Referer https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__qwQVqTZBAUeWSlz_5Wi5ogqXYD-zWZUz0TvgaFnoOIw__5h90oqDfhvAPDE_H_0qKYC9yNQtwbkhlMwtjJhbDtEA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css Origin https://www.zscaler.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT via varnish, 1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront) x-content-type-options nosniff age 0 x-cache Miss from cloudfront status 200 x-ah-environment prod content-length 74800 x-request-id v-ff1a990e-d591-11e9-9fa5-cb8bc0ed9ece server nginx strict-transport-security max-age=31536000 content-type application/octet-stream access-control-allow-origin * cache-control private, must-revalidate, proxy-revalidate x-drupal-cache MISS x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id 0o6YF05cIAH4Iz2KYmL5uz9s34jeeGbAG7PTkDog52xW2bib8TA0DQ== expires Wed, 11 Sep 2019 19:17:43GMT
GET H2	200	fa-solid-900.woff2 cdn.zscaler.com/cdn/farfuture/r48f_CuO04D9424JuCgbjaBvD4nkZPN2GZwaIbMtemI/mtime:1557226086/sites/all/themes/zscaler/vendor/font-awesome/webfonts/	115 KB 115 KB	963ms 895ms	Font application/octet-stream	13.35.253.88 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn.zscaler.com/cdn/farfuture/r48f_CuO04D9424JuCgbjaBvD4nkZPN2GZwaIbMtemI/mtime:1557226086/sites/all/themes/zscaler/vendor/font-awesome/webfonts/fa-solid-900.woff2 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.253.88 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-253-88.fra6.r.cloudfront.net Software nginx / Resource Hash 5538a328926c9517ffb8670fccce94f6137d58c21ff4b10ecd772abfa16a012b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Sec-Fetch-Mode cors Referer https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__qwQVqTZBAUeWSlz_5Wi5ogqXYD-zWZUz0TvgaFnoOIw__5h90oqDfhvAPDE_H_0qKYC9yNQtwbkhlMwtjJhbDtEA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css Origin https://www.zscaler.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:44 GMT via varnish, 1.1 a350f357b825293e306b1b0a2cb490c1.cloudfront.net (CloudFront) x-content-type-options nosniff age 0 x-cache Miss from cloudfront status 200 x-ah-environment prod content-length 117536 x-request-id v-ff320670-d591-11e9-9fe5-af9f606c5997 server nginx strict-transport-security max-age=31536000 content-type application/octet-stream access-control-allow-origin * cache-control private, must-revalidate, proxy-revalidate x-drupal-cache MISS x-amz-cf-pop FRA6-C1 accept-ranges bytes x-amz-cf-id mnIq4hiaVwcibt9fffDGNTJ7J1TcmkUtR6-_AWIrrNhugvZP9sqCGA== expires Wed, 11 Sep 2019 19:17:44GMT
GET H2	200	BngMUXZYTXPIvIBgJJSb6ufN5qWr4xCC.woff2 fonts.gstatic.com/s/robotoslab/v9/	11 KB 11 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/robotoslab/v9/BngMUXZYTXPIvIBgJJSb6ufN5qWr4xCC.woff2 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash c68d891f07355e5d0807b4a4f18ac8f16f6e9088277be3134c7efa570022ab2d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Roboto+Slab Origin https://www.zscaler.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 02 Sep 2019 15:53:22 GMT x-content-type-options nosniff last-modified Mon, 22 Jul 2019 19:19:23 GMT server sffe age 876261 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 11272 x-xss-protection 0 expires Tue, 01 Sep 2020 15:53:22 GMT
GET H2	200	BngRUXZYTXPIvIBgJJSb6u9mxLCGwR2oefDo.woff2 fonts.gstatic.com/s/robotoslab/v9/	11 KB 11 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/robotoslab/v9/BngRUXZYTXPIvIBgJJSb6u9mxLCGwR2oefDo.woff2 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 082e1b3b1e722c84086de9f0467ebc3d06955e3a067f5642028f4bfa79229a12 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Roboto:300,400,700|Roboto+Slab:300,400,700 Origin https://www.zscaler.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 26 Aug 2019 08:05:29 GMT x-content-type-options nosniff last-modified Mon, 22 Jul 2019 19:26:50 GMT server sffe age 1509134 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 11388 x-xss-protection 0 expires Tue, 25 Aug 2020 08:05:29 GMT
GET H/1.1	200 OK	activity.gif apt.techtarget.com/activity/	43 B 450 B	399ms 100ms	Image image/gif	206.19.49.24 AT&T Enhanced Net...
General Check archive.org Show headers Download Go to Show image Full URL https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=2334982&version=2.0&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&r=1568315863358 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US), Reverse DNS Software / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Sep 2019 19:17:43 GMT Last-Modified Tue, 26 Mar 2019 18:30:29 GMT ETag "2b-5850384023492" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=46 Content-Length 43
GET H2	200	KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 fonts.gstatic.com/s/roboto/v20/	11 KB 11 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i Origin https://www.zscaler.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 25 Aug 2019 08:44:16 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:48 GMT server sffe age 1593207 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 11056 x-xss-protection 0 expires Mon, 24 Aug 2020 08:44:16 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/	2 KB 1 KB	18ms 18ms	Script text/javascript	2a00:1450:4001:81f::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1568315863392&cv=9&fst=1568315863392&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg941&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&tiba=Page%20not%20found%20%7C%20Zscaler&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash a7e425774c497e270b53ae02817a3ba4ca2e5a8a1de73354cf84fc48812d653e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" status 200 cache-control no-cache, must-revalidate content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39" content-length 990 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/	2 KB 1 KB	20ms 20ms	Script text/javascript	2a00:1450:4001:81f::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1568315863394&cv=9&fst=1568315863394&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg941&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&tiba=Page%20not%20found%20%7C%20Zscaler&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash dca040af8255aa7d3552bdf88e36d3fd097b79b23ecfe3a7554968227fcf0de6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" status 200 cache-control no-cache, must-revalidate content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39" content-length 991 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	75590e24-f605-4d9c-b92c-ca09a93d469f.js Show response cdn.cookielaw.org/consent/	107 KB 18 KB	20ms 20ms	Script application/x-javascript	152.195.132.202 MCI Communication...
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US), Reverse DNS Software ECAcc (lha/8C98) / Resource Hash ac68bb7dc5704e99d44c73c67f609a3c8fb6105fae418687b80ec13d9b370114 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 12 Sep 2019 19:17:43 GMT content-encoding gzip content-md5 u1OHPxwcyLXNxp1DCtacfg== x-cache HIT status 200 content-length 17894 x-ms-lease-status unlocked last-modified Mon, 22 Apr 2019 21:38:35 GMT server ECAcc (lha/8C98) etag 0x8D6C76ADF89B5D5 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 99b90c68-c01e-00c8-788e-6949d1000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=14400 x-ms-version 2009-09-19 accept-ranges bytes expires Thu, 12 Sep 2019 23:17:43 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	97ms 35ms	Script application/x-javascript	104.111.251.133 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.111.251.133 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-251-133.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Sep 2019 19:17:43 GMT Content-Encoding gzip Last-Modified Fri, 05 Apr 2019 02:53:44 GMT Server Apache ETag "54520320df20b526337717d6d28181fc:1554432824" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Type application/x-javascript Content-Length 752
GET H2	200	sf14g.js Show response t.sf14g.com/	37 KB 37 KB	329ms 97ms	Script application/javascript	34.192.123.20 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://t.sf14g.com/sf14g.js Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.192.123.20 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-34-192-123-20.compute-1.amazonaws.com Software Kestrel / Resource Hash 86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT last-modified Tue, 16 Oct 2018 18:33:02 GMT server Kestrel etag "1d4657eab9c909b" strict-transport-security max-age=2592000 content-type application/javascript status 200 accept-ranges bytes content-length 37787
GET H2	200	/ Show response px.ads.linkedin.com/collect/ Redirect Chain https://px.ads.linkedin.com/collect/?time=1568315863435&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&fmt=js&s=1 https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1568315863435%26pid%3D33962%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%2... https://px.ads.linkedin.com/collect/?time=1568315863435&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&fmt=js&s=1&liSync=...	0 70 B	162ms 161ms	Script application/javascript	2a05:f500:11:101::b93f:9005 LinkedIn Corporation
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/collect/?time=1568315863435&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&fmt=js&s=1&liSync=true Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US), Reverse DNS Software Play / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT content-encoding gzip server Play vary Accept-Encoding x-li-fabric prod-lor1 status 200 x-li-proto http/2 x-li-pop prod-tln1 content-type application/javascript content-length 20 x-li-uuid Yb/dkfPGwxUg0oiLBCsAAA== Redirect headers date Thu, 12 Sep 2019 19:17:43 GMT content-encoding gzip x-content-type-options nosniff status 302 vary Accept-Encoding content-length 20 x-li-uuid GI/T+ffGwxVgX5ITiysAAA== server Play pragma no-cache x-li-pop prod-efr5 x-frame-options sameorigin expect-ct max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct" strict-transport-security max-age=2592000 x-li-fabric prod-lor1 location https://px.ads.linkedin.com/collect/?time=1568315863435&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&fmt=js&s=1&liSync=true x-xss-protection 1; mode=block cache-control no-cache, no-store content-security-policy default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' x-li-proto http/2 expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	ipv cdn.bizible.com/m/	43 B 322 B	18ms 17ms	Image image/gif	93.184.220.178 MCI Communication...
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=3901326ffc43478997a5ae618edd4076&_biz_s=33cb8c&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&_biz_t=1568315863236&_biz_i=%0A%20%20%20%20Page%20not%20found%20%7C%20Zscaler%20%20&_biz_n=0&rnd=43540&cdn_o=a&_biz_z=1568315863436 Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US), Reverse DNS Software ECS (lcy/1D2F) / ASP.NET Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT x-aspnetmvc-version 4.0 last-modified Wed, 11 Sep 2019 01:28:48 GMT server ECS (lcy/1D2F) x-aspnet-version 4.0.30319 x-powered-by ASP.NET x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" status 200 cache-control no-cache, no-store accept-ranges bytes content-type Image/GIF content-length 43 expires -1
GET H2	200	/ www.google.com/pagead/1p-user-list/812494211/	42 B 120 B	36ms 35ms	Image image/gif	2a00:1450:4001:81c::2004 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/812494211/?random=1568315863392&cv=9&fst=1568314800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg941&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&tiba=Page%20not%20found%20%7C%20Zscaler&async=1&fmt=3&is_vtc=1&random=1404870833&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/812494211/	42 B 110 B	37ms 37ms	Image image/gif	2a00:1450:4001:81c::2003 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/812494211/?random=1568315863392&cv=9&fst=1568314800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg941&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&tiba=Page%20not%20found%20%7C%20Zscaler&async=1&fmt=3&is_vtc=1&random=1404870833&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/973777747/	42 B 120 B	20ms 20ms	Image image/gif	2a00:1450:4001:81c::2004 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/973777747/?random=1568315863394&cv=9&fst=1568314800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg941&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&tiba=Page%20not%20found%20%7C%20Zscaler&async=1&fmt=3&is_vtc=1&random=3708476537&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/973777747/	42 B 110 B	21ms 21ms	Image image/gif	2a00:1450:4001:81c::2003 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/973777747/?random=1568315863394&cv=9&fst=1568314800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg941&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&tiba=Page%20not%20found%20%7C%20Zscaler&async=1&fmt=3&is_vtc=1&random=3708476537&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Thu, 12 Sep 2019 19:17:43 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	BizibleAcct.js Show response cdn.bizible.com/	376 B 545 B	120ms 120ms	Script text/javascript	93.184.220.178 MCI Communication...
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/BizibleAcct.js?_biz_u=3901326ffc43478997a5ae618edd4076&_biz_h=-1906410348&cdn_o=a&jsVer=4.19.08.20 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 0f416a2bfbfbcd8a51c8b422835832923f41ff1bbe7c03d5c3b03eb7181a1d97 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:42 GMT content-encoding gzip etag CC40BBE8 x-aspnetmvc-version 4.0 server Microsoft-IIS/10.0 x-aspnet-version 4.0.30319 x-powered-by ASP.NET vary Accept-Encoding p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" status 200 cache-control private, must-revalidate, max-age=21600 content-type text/javascript; charset=utf-8 content-length 324
GET H2	200	optanon.css cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/css/	20 KB 4 KB	21ms 21ms	Stylesheet text/css	152.195.132.202 MCI Communication...
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/css/optanon.css Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US), Reverse DNS Software ECAcc (lha/8D67) / Resource Hash 9d56984e444ac0e72cfe8c2f2e10d1dcf6c2703f14cde5563497965b429888ab Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 12 Sep 2019 19:17:43 GMT content-encoding gzip content-md5 ytEacEdnAUuNFRkILpqIRw== x-cache HIT status 200 content-length 3578 x-ms-lease-status unlocked last-modified Wed, 28 Aug 2019 18:10:23 GMT server ECAcc (lha/8D67) etag 0x8D72BE2FE98F6A1 vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id e3f1f053-d01e-0150-4026-6281bb000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=2592000 x-ms-version 2009-09-19 accept-ranges bytes expires Thu, 12 Sep 2019 23:17:43 GMT
GET H2	200	EU Show response geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/	32 B 325 B	72ms 44ms	Script application/json	2606:4700:10::6814:b944 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery34002788187367515884_1568315863323&_=1568315863324 Requested by Host: cdn-5.zscaler.com URL: https://cdn-5.zscaler.com/sites/default/files/advagg_js/js__iPm3xkaYdrpMli2w2Z0Eh2qoh3EFZX43_A60atTh9oQ__6kZ7OPNcXtcEvvmukj42luni1FPtKEUaVsN-wglPsJ4__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Sep 2019 19:17:43 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/json status 200 cf-ray 515439232ddbcbb8-VIE content-length 32
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/155/	9 KB 4 KB	31ms 31ms	Script application/x-javascript	104.111.251.133 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/155/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.111.251.133 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-111-251-133.deploy.static.akamaitechnologies.com Software Apache / Resource Hash efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775 Request headers Sec-Fetch-Mode no-cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Sep 2019 19:17:43 GMT Content-Encoding gzip Last-Modified Fri, 30 Nov 2018 03:18:20 GMT Server Apache ETag "c67dad42946949112916578f78706df8:1543547900" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Type application/x-javascript Content-Length 3923 Expires Sat, 21 Dec 2019 19:17:43 GMT
GET H/1.1	200 OK	visitWebPage Show response 306-zej-256.mktoresp.com/webevents/	2 B 303 B	520ms 93ms	XHR text/plain	192.28.144.124 MARKETO
General Check archive.org Show headers Download Go to Full URL https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1568315863565&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-zscaler.com-1568315863564-29143&_mchHo=www.zscaler.com&_mchPo=&_mchRu=%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%7C&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/155/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.28.144.124 , United States, ASN53580 (MARKETO - MARKETO, Inc., US), Reverse DNS Software akka-http/10.1.7 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Sec-Fetch-Mode cors Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Thu, 12 Sep 2019 19:17:44 GMT Content-Encoding gzip Server akka-http/10.1.7 Transfer-Encoding chunked X-Request-Id a44d3d9d-e202-48b5-b970-7e3ce7e88987 Content-Type text/plain; charset=UTF-8
GET H/1.1	200 OK	tracking.png tracking.leadlander.com/ Redirect Chain https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Finnfirat-new-rat-aiming-your-cryptocurrency-and-more%257C&referer=&fp=664c32e148... https://tracking.leadlander.com/tracking.png	68 B 347 B	100ms 100ms	Image image/png	52.21.56.60 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://tracking.leadlander.com/tracking.png Requested by Host: www.zscaler.com URL: https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.21.56.60 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-21-56-60.compute-1.amazonaws.com Software Kestrel / Resource Hash 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7 Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers Referer https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Sep 2019 19:17:44 GMT Last-Modified Wed, 26 Sep 2018 16:48:51 GMT Server Kestrel ETag "1d455b8cd761bc4" Strict-Transport-Security max-age=2592000 Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 68 Redirect headers Location /tracking.png Date Thu, 12 Sep 2019 19:17:44 GMT Server Kestrel Connection keep-alive Content-Length 0 Strict-Transport-Security max-age=2592000
GET H2	200	cookie-collective-black-overlay.png cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/images/	84 B 291 B	18ms 18ms	Image image/png	152.195.132.202 MCI Communication...
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/images/cookie-collective-black-overlay.png Requested by Host: cdn-5.zscaler.com URL: https://cdn-5.zscaler.com/sites/default/files/advagg_js/js__iPm3xkaYdrpMli2w2Z0Eh2qoh3EFZX43_A60atTh9oQ__6kZ7OPNcXtcEvvmukj42luni1FPtKEUaVsN-wglPsJ4__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US), Reverse DNS Software ECAcc (lha/8D7F) / Resource Hash b5b72b34704b3be1098742f3ed587bdd0d89a423a375a3ad3d067eba623047b5 Request headers Sec-Fetch-Mode no-cors Referer https://cdn.cookielaw.org/skins/4.7.0/default_responsive_alert_bottom_two_button_white/v2/css/optanon.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 12 Sep 2019 19:17:44 GMT content-md5 eOozn7qowjgmAKNqoTzdJA== x-cache HIT status 200 content-length 84 x-ms-lease-status unlocked last-modified Wed, 11 Sep 2019 02:08:14 GMT server ECAcc (lha/8D7F) etag 0x8D7365CE77A7B78 content-type image/png access-control-allow-origin * x-ms-request-id 8abccd25-901e-017e-2c7d-69017c000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control max-age=14400 x-ms-version 2009-09-19 accept-ranges bytes expires Thu, 12 Sep 2019 23:17:44 GMT