www.zscaler.com Open in urlscan Pro
35.166.119.124 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html
Effective URL:
https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Submission: On January 26 via manual (January 26th 2019, 2:57:49 am UTC) from US

Summary HTTP 86 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 28 IPs in 4 countries across 26 domains to perform 86 HTTP transactions. The main IP is 35.166.119.124, located in Boardman, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.zscaler.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 13th 2019. Valid for: 4 months.

This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 9	35.166.119.124 35.166.119.124	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
28	13.32.158.126 13.32.158.126	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
3	50.31.246.1 50.31.246.1	40509 (FLY) (FLY - Fly.io)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
2	130.211.18.192 130.211.18.192	15169 (GOOGLE) (GOOGLE - Google LLC)
3	152.195.132.202 152.195.132.202	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
7	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	216.58.207.34 216.58.207.34	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2bf::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	13.32.158.65 13.32.158.65	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
3	93.184.220.178 93.184.220.178	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
3	2.19.36.87 2.19.36.87	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	184.31.84.223 184.31.84.223	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.235.79.210 18.235.79.210	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2 3	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	192.28.144.124 192.28.144.124	53580 (MARKETO) (MARKETO - MARKETO)
1	13.32.158.251 13.32.158.251	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 4	35.190.27.37 35.190.27.37	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	52.212.115.169 52.212.115.169	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.32.158.125 13.32.158.125	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.236.93.75 54.236.93.75	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	34.202.202.117 34.202.202.117	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
86	28

9 35.166.119.124 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-166-119-124.us-west-2.compute.amazonaws.com

research.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 13.32.158.126 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-158-126.fra56.r.cloudfront.net

cdn.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-3.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-2.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-4.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-5.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.31.246.1 (Chicago, United States)

ASN40509 (FLY - Fly.io, Inc., US)

pro.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.18.192 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 192.18.211.130.bc.googleusercontent.com

qcdn.qordoba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
storaged.qordoba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 152.195.132.202 (Ashburn, United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:825::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.207.34 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s24-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:816::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2bf::3adf (European Union)

ASN20940 (AKAMAI-ASN1, US)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.158.65 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-158-65.fra56.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 93.184.220.178 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.19.36.87 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-36-87.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:824::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:819::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.84.223 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-84-223.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.235.79.210 (Cambridge, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-235-79-210.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:f500:10:101::b93f:9105 (Ireland) 2 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

306-zej-256.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.158.251 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-158-251.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.27.37 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 37.27.190.35.bc.googleusercontent.com

d.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.115.169 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-212-115-169.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.158.125 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-158-125.fra56.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.236.93.75 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-236-93-75.compute-1.amazonaws.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.202.202.117 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-202-202-117.compute-1.amazonaws.com

tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	zscaler.com 2 redirects research.zscaler.com www.zscaler.com cdn.zscaler.com cdn-3.zscaler.com cdn-2.zscaler.com cdn-4.zscaler.com cdn-5.zscaler.com	908 KB
7	gstatic.com fonts.gstatic.com	96 KB
6	company-target.com 2 redirects api.company-target.com d.company-target.com segments.company-target.com	3 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	google.de www.google.de	327 B
3	google.com 1 redirects www.google.com	592 B
3	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	3 KB
3	6sc.co j.6sc.co c.6sc.co b.6sc.co	7 KB
3	bizible.com cdn.bizible.com	33 KB
3	demandbase.com tag.demandbase.com	29 KB
3	google-analytics.com www.google-analytics.com	17 KB
3	cookielaw.org cdn.cookielaw.org	22 KB
3	fontawesome.com pro.fontawesome.com	191 KB
2	leadlander.com 1 redirects tracking.leadlander.com	644 B
2	bidr.io 2 redirects match.prod.bidr.io	707 B
2	marketo.net munchkin.marketo.net	5 KB
2	qordoba.com qcdn.qordoba.com storaged.qordoba.com	61 KB
1	rlcdn.com id.rlcdn.com	34 B
1	mktoresp.com 306-zej-256.mktoresp.com	272 B
1	sf14g.com t.sf14g.com	37 KB
1	ytimg.com s.ytimg.com	8 KB
1	youtube.com www.youtube.com	1 KB
1	bizographics.com sjs.bizographics.com	5 KB
1	googleadservices.com www.googleadservices.com	9 KB
1	googletagmanager.com www.googletagmanager.com	40 KB
1	googleapis.com fonts.googleapis.com	1023 B
86	26

	Domain	Requested by
8	www.zscaler.com	1 redirects www.zscaler.com cdn-3.zscaler.com
7	fonts.gstatic.com	www.zscaler.com
7	cdn-3.zscaler.com	www.zscaler.com
7	cdn.zscaler.com	www.zscaler.com cdn-3.zscaler.com
5	cdn-4.zscaler.com	www.zscaler.com
5	cdn-2.zscaler.com	www.zscaler.com
4	d.company-target.com	2 redirects www.zscaler.com
4	cdn-5.zscaler.com	www.zscaler.com
3	px.ads.linkedin.com	2 redirects www.zscaler.com
3	www.google.de	www.zscaler.com
3	www.google.com	1 redirects www.zscaler.com
3	cdn.bizible.com	www.googletagmanager.com www.zscaler.com cdn.bizible.com
3	tag.demandbase.com	www.zscaler.com tag.demandbase.com
3	www.google-analytics.com	www.googletagmanager.com www.zscaler.com
3	cdn.cookielaw.org	www.zscaler.com cdn.cookielaw.org
3	pro.fontawesome.com	www.zscaler.com
2	tracking.leadlander.com	1 redirects www.zscaler.com
2	match.prod.bidr.io	2 redirects
2	munchkin.marketo.net	www.zscaler.com munchkin.marketo.net
2	googleads.g.doubleclick.net	www.googleadservices.com
1	id.rlcdn.com	www.zscaler.com
1	segments.company-target.com	www.zscaler.com
1	api.company-target.com	tag.demandbase.com
1	306-zej-256.mktoresp.com	munchkin.marketo.net
1	www.linkedin.com	1 redirects
1	t.sf14g.com	www.zscaler.com
1	b.6sc.co	www.zscaler.com
1	c.6sc.co	j.6sc.co
1	s.ytimg.com	www.youtube.com
1	stats.g.doubleclick.net	1 redirects
1	j.6sc.co	www.zscaler.com
1	www.youtube.com	www.zscaler.com
1	sjs.bizographics.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	storaged.qordoba.com	www.zscaler.com
1	qcdn.qordoba.com	www.zscaler.com
1	www.googletagmanager.com	www.zscaler.com
1	fonts.googleapis.com	www.zscaler.com
1	research.zscaler.com	1 redirects
86	39

This site contains links to these domains. Also see Links.

Domain
info.zscaler.com
admin.zscaler.net
admin.zscalerone.net
admin.zscalertwo.net
admin.zscalerthree.net
admin.zscalerbeta.net
admin.zscloud.net
admin.private.zscaler.com
help.zscaler.com
www.zscaler.fr
www.zscaler.de
www.zscaler.jp
securitypreview.zscaler.com
community.zscaler.com
ir.zscaler.com
apex.zscaler.com
www.sourceconference.com
cdn-2.zscaler.com
cdn-3.zscaler.com
cdn-4.zscaler.com
www.visualstudio.com
cdn-5.zscaler.com
www.facebook.com
www.linkedin.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
zscaler.com DigiCert SHA2 Extended Validation Server CA	`2019-01-13` - `2019-05-23`	4 months	crt.sh
cdn.zscaler.com DigiCert SHA2 High Assurance Server CA	`2016-06-24` - `2019-06-28`	3 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
pro.fontawesome.com Let's Encrypt Authority X3	`2019-01-12` - `2019-04-12`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.qordoba.com GeoTrust RSA CA 2018	`2018-02-14` - `2020-01-11`	2 years	crt.sh
sa437gl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2018-05-17` - `2020-08-19`	2 years	crt.sh
*.google.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
www.googleadservices.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2018-04-13` - `2020-04-17`	2 years	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
cdn.bizible.com Go Daddy Secure Certificate Authority - G2	`2014-04-13` - `2019-04-13`	5 years	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2018-10-22` - `2020-01-21`	a year	crt.sh
www.google.de Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
www.google.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2018-07-09` - `2019-09-07`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2017-06-06` - `2019-06-11`	2 years	crt.sh
*.mktoresp.com GeoTrust RSA CA 2018	`2018-02-05` - `2020-02-05`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2017-08-18` - `2019-08-18`	2 years	crt.sh
*.d.company-target.com Go Daddy Secure Certificate Authority - G2	`2018-08-12` - `2019-10-11`	a year	crt.sh
*.rlcdn.com Go Daddy Secure Certificate Authority - G2	`2017-05-08` - `2019-06-21`	2 years	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2018-07-09` - `2019-09-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Frame ID: 365989EAAFC6DD4E05442DC9DA4DC762
Requests: 86 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html HTTP 301
https://www.zscaler.com/2012/09/how-to-install-silently-malicious.html HTTP 301
https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox Page URL

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i
env /^Drupal$/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i
env /^Drupal$/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

HeadJS (JavaScript Libraries) Expand

Overall confidence: 50%
Detected patterns

env /^head$/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

env /^Munchkin$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

86
Requests

100 %
HTTPS

42 %
IPv6

26
Domains

39
Subdomains

28
IPs

4
Countries

1477 kB
Transfer

3150 kB
Size

16
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://info.zscaler.com/z-academy-worldtour
Title: Learn More

Search URL Search Domain Scan URL

URL: https://admin.zscaler.net/
Title: admin.zscaler.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerone.net/
Title: admin.zscalerone.net

Search URL Search Domain Scan URL

URL: https://admin.zscalertwo.net/
Title: admin.zscalertwo.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerthree.net/
Title: admin.zscalerthree.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerbeta.net/
Title: admin.zscalerbeta.net

Search URL Search Domain Scan URL

URL: https://admin.zscloud.net/
Title: admin.zscloud.net

Search URL Search Domain Scan URL

URL: https://admin.private.zscaler.com/
Title: Zscaler Private Access

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/zia?_ga=2.166933438.1473019286.1507094874-1668161512.1505066962
Title: Support

Search URL Search Domain Scan URL

URL: https://www.zscaler.fr/blogs/research/how-install-silently-malicious-extensions-firefox
Title: Français

Search URL Search Domain Scan URL

URL: https://www.zscaler.de/blogs/research/how-install-silently-malicious-extensions-firefox
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.zscaler.jp/blogs/research/how-install-silently-malicious-extensions-firefox
Title: 日本語

Search URL Search Domain Scan URL

URL: http://securitypreview.zscaler.com/
Title: Check Your Security

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/
Title: Zenith Community

Search URL Search Domain Scan URL

URL: https://ir.zscaler.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://apex.zscaler.com/
Title: Partner Inquiry

Search URL Search Domain Scan URL

URL: http://www.sourceconference.com/
Title: SOURCE Seattle

Search URL Search Domain Scan URL

URL: https://cdn-2.zscaler.com/cdn/farfuture/yR5dIhUUqnfvbXUuGEwcfCP1bAZKs1XtsrEdjRuMinw/mtime:1459259405/sites/default/files/images/blogs/-KDRL1P0-mlU/UFuZDdeG7QI/AAAAAAAAseg/b5-TYiMFrsM/s400/illid-adware-install.PNG

Search URL Search Domain Scan URL

URL: https://cdn-3.zscaler.com/cdn/farfuture/KaNog2L0V7VRnIiqsXT_rqEjT7ITxacKNZgVz5e87CI/mtime:1459259405/sites/default/files/images/blogs/-rhC-xlN6E1o/UFuZj8Z9nVI/AAAAAAAAseo/yMh4EfxXfDI/s400/firefox-3rd-party-warning.PNG

Search URL Search Domain Scan URL

URL: https://cdn-4.zscaler.com/cdn/farfuture/Z8JfSHUdm6AUJda77BzkandNOyx5mIpfZDLuAnhelTo/mtime:1459259405/sites/default/files/images/blogs/-_ctqieUBpXI/UFubP8dqChI/AAAAAAAAsew/DfkpiGbzKSY/s400/extensions-sqlite.PNG

Search URL Search Domain Scan URL

URL: https://www.visualstudio.com/downloads/
Title: Visual Studio Express for .Net

Search URL Search Domain Scan URL

URL: https://cdn-5.zscaler.com/cdn/farfuture/ilaw5IyePr8NW6jLnm2_uj0L65JgJ7lVHY_399jygYM/mtime:1459259405/sites/default/files/images/blogs/-CTERlhgeYLk/UFufgFfbluI/AAAAAAAAsfM/mWzK9N3KPwQ/s400/firefox-demo.PNG

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox
Title:

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&title=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=http://bit.ly/2IYDtyd%20%E2%80%94%20How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/zscaler

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Zscaler?ref=ts

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zscaler

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ZscalerMarketing

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html HTTP 301
https://www.zscaler.com/2012/09/how-to-install-silently-malicious.html HTTP 301
https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-6177009-1&cid=1291406072.1548471452&jid=1822944766&gjid=58420502&_gid=2126116754.1548471452&_u=YGBAgEAB~&z=1594039905 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1291406072.1548471452&jid=1822944766&_v=j73&z=1594039905 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1291406072.1548471452&jid=1822944766&_v=j73&z=1594039905&slf_rd=1&random=3911973117

Request Chain 69

https://px.ads.linkedin.com/collect/?time=1548471451841&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&fmt=js&s=1 HTTP 302
https://px.ads.linkedin.com/collect/?time=1548471451841&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&fmt=js&s=1&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1548471451841%26pid%3D33962%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Fhow-install-silently-malicious-extensions-firefox%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1548471451841&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&fmt=js&s=1&cookiesTest=true&liSync=true

Request Chain 77

https://d.company-target.com/pixel?type=js&id=15436064794900&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox HTTP 302
https://d.company-target.com/ul_cb/pixel?type=js&id=15436064794900&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox

Request Chain 78

https://d.company-target.com/pixel?type=js&id=15436065076967&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox HTTP 302
https://d.company-target.com/ul_cb/pixel?type=js&id=15436065076967&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox

Request Chain 79

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AABKuk64l5kAACFlW3o7Xw

Request Chain 84

https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&referer=&fp=5dbc0281a014b7f8cf062da15ec05700 HTTP 302
https://tracking.leadlander.com/tracking.png

86 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request how-install-silently-malicious-extensions-firefox Show response
www.zscaler.com/blogs/research/
Redirect Chain

http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html
https://www.zscaler.com/2012/09/how-to-install-silently-malicious.html
https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

85 KB
19 KB

1339ms
1338ms

Document
text/html

35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

a22572e7d8975ddbb4a899e9e84635bd568022f11db9cee1401af03c473dc2b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: www.zscaler.com
:scheme: https
:path: /blogs/research/how-install-silently-malicious-extensions-firefox
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
server: nginx
date: Sat, 26 Jan 2019 02:57:30 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000; preload
x-drupal-cache: MISS
x-content-type-options: nosniff
set-cookie: SimpleSAMLSessionID=e59ad00c240536dbd691c9c53099a452; path=/; HttpOnly
access-control-allow-origin: https://cdn.zscaler.com https://cdn-2.zscaler.com https://cdn-3.zscaler.com https://cdn-4.zscaler.com https://cdn-5.zscaler.com https://www.zscaler.com https://info.zscaler.com http://info.zscaler.test http://info.zscaler.com https://dev.zscaler.com http://fonts.googleapis.com https://staging.zscaler.com http://www.zscaler.test
etag: "1548471449-1"
content-language: en
cache-control: public, max-age=86400
last-modified: Sat, 26 Jan 2019 02:57:29 GMT
expires: Sun, 19 Nov 1978 05:00:00 GMT
vary: Accept-Encoding
content-encoding: gzip
x-request-id: v-1e90d7f2-2116-11e9-ac62-dbeda2d8d748
x-ah-environment: prod
age: 0
via: varnish
x-cache: MISS
accept-ranges: bytes

Redirect headers

status: 301
server: nginx
date: Sat, 26 Jan 2019 02:57:29 GMT
content-type: text/html; charset=UTF-8
content-length: 21
location: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
strict-transport-security: max-age=31536000; preload
x-drupal-cache: MISS
x-content-type-options: nosniff
etag: "1548471449-1"
x-redirect-id: 12681
cache-control: public, max-age=86400
last-modified: Sat, 26 Jan 2019 02:57:29 GMT
expires: Sun, 19 Nov 1978 05:00:00 GMT
vary: Accept-Encoding
content-encoding: gzip
x-request-id: v-1e59b93e-2116-11e9-8be7-a320d25dc193
x-ah-environment: prod
age: 0
via: varnish
x-cache: MISS

GET
H2 200 css__BJ6Ou6QsBRtnFTmxaakamOIS8n4QswDP2XnnZ1sxtaM__NBuvkP6eInGIkb1aJvUHx5PX79XApuxBDkk_77W5tYk__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
cdn.zscaler.com/sites/default/files/advagg_css/ 9 KB
3 KB 72ms
10ms Stylesheet
text/css 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zscaler.com/sites/default/files/advagg_css/css__BJ6Ou6QsBRtnFTmxaakamOIS8n4QswDP2XnnZ1sxtaM__NBuvkP6eInGIkb1aJvUHx5PX79XApuxBDkk_77W5tYk__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

a63697b509acc4629d1f31050b2ae187a0a740d81280c45b373e98d2121ad22e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/default/files/advagg_css/css__BJ6Ou6QsBRtnFTmxaakamOIS8n4QswDP2XnnZ1sxtaM__NBuvkP6eInGIkb1aJvUHx5PX79XApuxBDkk_77W5tYk__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: cdn.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 07:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 762628
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 2933
x-request-id: v-7db2d4e8-1a26-11e9-9354-e7467b6bfc6f
last-modified: Mon, 03 Sep 2018 06:37:30 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: zPBVYzee2Bfmxt8ky8L1ORdOcpK-aGHibH-uvBzqklg3kh7XrMI5AQ==
expires: Thu, 16 Jan 2020 07:07:03 GMT

GET
H2 200 css__B6R1n5hUxJ1o1BWFmj6GlRKP80ajaoSTQm5aID3_N8w__XMmkF07YEEILSr_5suip2GpdbEMJ_R-22WGrZmdhdmY__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
cdn-3.zscaler.com/sites/default/files/advagg_css/ 10 KB
3 KB 69ms
8ms Stylesheet
text/css 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__B6R1n5hUxJ1o1BWFmj6GlRKP80ajaoSTQm5aID3_N8w__XMmkF07YEEILSr_5suip2GpdbEMJ_R-22WGrZmdhdmY__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

dba7f69552c84f602fe58d4cb6755f58e70ef9cfaa21743b8b35b7892f32f169

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/default/files/advagg_css/css__B6R1n5hUxJ1o1BWFmj6GlRKP80ajaoSTQm5aID3_N8w__XMmkF07YEEILSr_5suip2GpdbEMJ_R-22WGrZmdhdmY__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: cdn-3.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 04:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 773850
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 2573
x-request-id: v-5cf4e062-1a0c-11e9-b1f3-d7eddf2e2100
last-modified: Mon, 03 Sep 2018 06:37:30 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: kD_T8Vf_FqTYIQGp_EIssUxpLVRy264uBOMbsXLphnZvIcrAyzGM7Q==
expires: Thu, 16 Jan 2020 04:00:01 GMT

GET
H2 200 css__zt2v79BRnbKLQqxXI6VWIcLPzSPLQmS3708n4U7KO8o__VRBDvoJUsMeNbceG0V8okk3cYHuF_1U_xrStsiLbBrA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
cdn-3.zscaler.com/sites/default/files/advagg_css/ 882 B
930 B 72ms
11ms Stylesheet
text/css 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__zt2v79BRnbKLQqxXI6VWIcLPzSPLQmS3708n4U7KO8o__VRBDvoJUsMeNbceG0V8okk3cYHuF_1U_xrStsiLbBrA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

8b5a4c38e84431b3669f45f2d84e2562d121e7e6204518fec00ee798a53ef949

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/default/files/advagg_css/css__zt2v79BRnbKLQqxXI6VWIcLPzSPLQmS3708n4U7KO8o__VRBDvoJUsMeNbceG0V8okk3cYHuF_1U_xrStsiLbBrA__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: cdn-3.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 19 Sep 2018 00:41:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11153782
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 424
x-request-id: v-b33208b8-bba4-11e8-ad65-06dfa37c215e
last-modified: Mon, 03 Sep 2018 06:37:30 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 560309630
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
content-type: text/css
x-amz-cf-id: txlgJHhhNOaxYa2yUokXllWUs_6ElLlSCgKrdndCpeNGf3RQ-QRKGg==
expires: Wed, 18 Sep 2019 00:41:09 GMT

GET
H2 200 css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__G6dj0Yihc18RxwCiOdtRQPtBTyIW3wpfwbYN9Nmig7k__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
cdn.zscaler.com/sites/default/files/advagg_css/ 647 KB
88 KB 78ms
14ms Stylesheet
text/css 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zscaler.com/sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__G6dj0Yihc18RxwCiOdtRQPtBTyIW3wpfwbYN9Nmig7k__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

388b07558e87db3b230d12f54acae0ee7f289ff13715c97a0595b99a6fd072ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__G6dj0Yihc18RxwCiOdtRQPtBTyIW3wpfwbYN9Nmig7k__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: cdn.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 21:03:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280636
x-cache: Hit from cloudfront
status: 200
x-cache-hits: 3
x-ah-environment: prod
content-length: 89923
x-request-id: v-b6d89440-1e88-11e9-85b2-17134c3fcdce
last-modified: Tue, 22 Jan 2019 21:00:10 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: uXFB-_4DnrcN_ydk1Ut8mLdzIMY6KTGHYbC7qJyvxUCxAFNsYkI3LA==
expires: Tue, 21 Jan 2020 21:00:14 GMT

GET
H2 200 css
fonts.googleapis.com/ 18 KB
1023 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:819::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

b91fca9d4f3ea796af034d2157b5982db1e939753ffbc65645ecc15d45b3a94c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 26 Jan 2019 02:57:30 GMT
server: ESF
access-control-allow-origin: *
date: Sat, 26 Jan 2019 02:57:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 1; mode=block
expires: Sat, 26 Jan 2019 02:57:30 GMT

GET
H2 200 all.css
pro.fontawesome.com/releases/v5.5.0/css/ 71 KB
15 KB 61ms
30ms Stylesheet
text/css 50.31.246.1
Fly.io

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.5.0/css/all.css
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 50.31.246.1 Chicago, United States, ASN40509 (FLY - Fly.io, Inc., US),
Reverse DNS
Software: Fly.io/0.1.1 /
Resource Hash: b03898672d84cf2362e40d6459d9ade748ecd338ffbeeee256e07630bd07e48c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Origin: https://www.zscaler.com

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
x-cache: HIT
status: 200
access-control-max-age: 3000
last-modified: Fri, 02 Nov 2018 15:36:35 GMT
content-length: 14868
fly-request-id: bLypFvtQi7q2P02VBv6NxiEuvy
server: Fly.io/0.1.1
etag: "75f13e3f5bea848834d983b9f682aa15"
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes

GET
H2 200 zscaler-header-globeIcon.svg
cdn.zscaler.com/sites/all/themes/zscaler/images/shared/ 1 KB
2 KB 85ms
22ms Image
image/svg+xml 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-globeIcon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

581dd3db6feb8516dfd8666c1ab32cfe0a6b0612e9def6d3d53c0d7385375dc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/shared/zscaler-header-globeIcon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 1474
x-request-id: v-95cb3332-c129-11e8-ac7f-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 782200721 760951703
expires: Wed, 10 Oct 2018 01:14:58 GMT
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: lbk94nnJYNqWXsFTR2mUTcEjQ8T9XvW5NqG_H9aCm7AMacXC7VPxiA==
x-cache-hits: 8

GET
H2 200 zscaler-home-navigation-contact.svg
cdn-2.zscaler.com/sites/all/themes/zscaler/images/shared/ 395 B
866 B 344ms
222ms Image
image/svg+xml 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-2.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-home-navigation-contact.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

1d73a768fea8ea85aed3a572e2ca0c1b5e7348f9036edb5ad851b3e326eb9e73

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/shared/zscaler-home-navigation-contact.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-2.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 25 Jan 2019 08:55:34 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 184170
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 395
x-request-id: v-3c82d78e-b68a-11e8-8bc6-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 492734917 478559317
expires: Wed, 06 Feb 2019 23:48:00 GMT
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: 7xBPavVyWWY4sZAMBbEcFNcCiPfrkWxJQmWrH-cA_MVMH4Q3onRHaA==
x-cache-hits: 10

GET
H2 200 zscaler-header-logo.png
cdn-3.zscaler.com/sites/all/themes/zscaler/images/shared/ 4 KB
4 KB 10ms
10ms Image
image/png 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-3.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-logo.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

b6f5ff4cfa2d209385754fb256451d4104387617e34131f5500822250e4f4c59

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/shared/zscaler-header-logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-3.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 03 Sep 2018 20:36:31 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 822959
x-cache: Hit from cloudfront
status: 200
x-cache-hits: 383
x-ah-environment: prod
content-length: 3795
x-request-id: v-6861c18c-af85-11e8-81fe-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 228547968 230819307
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: Jdb4OJwPDd0kJ54gSfKJjQFkgDeWndgpAppXRUgUJEqJV1lqJTQinQ==
expires: Mon, 17 Sep 2018 14:26:55 GMT

GET
H2 200 zscaler-header-globeIcon.svg
cdn-4.zscaler.com/sites/all/themes/zscaler/images/shared/ 1 KB
2 KB 128ms
13ms Image
image/svg+xml 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-4.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-globeIcon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

581dd3db6feb8516dfd8666c1ab32cfe0a6b0612e9def6d3d53c0d7385375dc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/shared/zscaler-header-globeIcon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-4.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 1474
x-request-id: v-95cb3332-c129-11e8-ac7f-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 782200721 760951703
expires: Wed, 10 Oct 2018 01:14:58 GMT
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: ib3JVHyIjDeqAbklf75XPEf2CT6H9sTxBJiyjUDcL6Cms6GyM3cIMw==
x-cache-hits: 8

GET
H2 200 zscaler-header-logo-white.png
cdn-5.zscaler.com/sites/all/themes/zscaler/images/shared/ 2 KB
3 KB 156ms
8ms Image
image/png 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-5.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-logo-white.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

840353e97eda0d0721411f79be9b32cf832898137e52e3de834e4a1ccc0f62c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/shared/zscaler-header-logo-white.png
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-5.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 13 Dec 2018 06:47:05 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 170242
x-cache: Hit from cloudfront
status: 200
x-cache-hits: 1
x-ah-environment: prod
content-length: 2348
x-request-id: v-3d1fdcd2-fe97-11e8-a24c-2bef58f5ebd2
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
x-amz-cf-id: 35HtfA3W-AsBM-KGN75RWtV0GOZSISVhzftAv08MNDZq8xhENxR2Yw==
expires: Thu, 27 Dec 2018 05:23:35 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 137 KB
40 KB 19ms
17ms Script
application/javascript 2a00:1450:4001:808::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:808::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

b4f9416e258fcea8b1a2f805debf8aa80c5b946d596d6ed39f39ac9f03a68c11

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 41276
x-xss-protection: 1; mode=block
expires: Sat, 26 Jan 2019 02:57:31 GMT

GET
H2 200 qordoba-latest.min.js Show response
qcdn.qordoba.com/ 60 KB
61 KB 40ms
9ms Script
text/javascript 130.211.18.192
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://qcdn.qordoba.com/qordoba-latest.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 130.211.18.192 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 192.18.211.130.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 3a6833c9d0695506a24bc475101a965659bffaaef9c4dcef8943f9a5faf740f5

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 26 Jan 2019 02:39:47 GMT
age: 1064
status: 200
x-guploader-uploadid: AEnB2UpEm93WumCGw1iiHJNKksXb0Id8cB_YejZpHqULLm6t0RNAKNzjnIDA8_z5J0P7sZis4hMhpyY0Eqx97O8gUTa-0uq2vA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 61587
last-modified: Wed, 21 Nov 2018 10:32:26 GMT
server: UploadServer
etag: "46b38f46033c45a856fcfe344293c361"
x-goog-hash: crc32c=zrX23Q==, md5=RrOPRgM8RahW/P40QpPDYQ==
x-goog-generation: 1542796346920512
cache-control: public, max-age=3600
x-goog-stored-content-length: 61587
accept-ranges: bytes
content-type: text/javascript
expires: Sat, 26 Jan 2019 03:39:47 GMT

GET
H2 200 sdk-settings-6716.js Show response
storaged.qordoba.com/ 81 B
393 B 274ms
243ms Script
application/javascript 130.211.18.192
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://storaged.qordoba.com/sdk-settings-6716.js?cachebust=0.9254029635155208
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 130.211.18.192 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 192.18.211.130.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 55dc5c73c34f07982aca310c0fddc9f3dcff29e33eeade0d50b0138c500995b8

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
status: 200
x-guploader-uploadid: AEnB2UqV9VYyM0Icmwea937qT2zzLZwwzpRazCG6pa1ycfrEWLiiAWMQ3IMLfbkiM3qORWASEw229cMNWxU7GN4QGjDuCA0ebg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 81
last-modified: Fri, 10 Aug 2018 17:20:28 GMT
server: UploadServer
etag: "82b29c75c16febe1fe44f4d656e3c8ed"
x-goog-hash: crc32c=x6jRow==, md5=grKcdcFv6+H+RPTWVuPI7Q==
x-goog-generation: 1533921628660750
cache-control: public, max-age=3600
x-goog-stored-content-length: 81
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 26 Jan 2019 03:57:31 GMT

GET
H2 200 default-male-avatar.png
cdn-5.zscaler.com/cdn/farfuture/LPmZwn46TFtoP4QA7xrVamXp2eVvUjyQ2-u38SDY2Tg/mtime:1535525568/sites/all/themes/zscaler/images/blog/ 3 KB
4 KB 169ms
21ms Image
image/png 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-5.zscaler.com/cdn/farfuture/LPmZwn46TFtoP4QA7xrVamXp2eVvUjyQ2-u38SDY2Tg/mtime:1535525568/sites/all/themes/zscaler/images/blog/default-male-avatar.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

bb298ba7af6bca6e786bbb354498104b2268c43d19eb27e4efa969516785b8e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/LPmZwn46TFtoP4QA7xrVamXp2eVvUjyQ2-u38SDY2Tg/mtime:1535525568/sites/all/themes/zscaler/images/blog/default-male-avatar.png
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-5.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 29 Aug 2018 13:33:43 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 12921828
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 3145
x-request-id: v-25dfffde-ab90-11e8-92be-06dfa37c215e
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
x-varnish: 12518139
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: 037CSDyJGHimka2PlDsHoBL7ylehTkhpOPqR8yrOa_WlS9qUHInf8g==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 illid-adware-install.PNG
cdn-2.zscaler.com/cdn/farfuture/yR5dIhUUqnfvbXUuGEwcfCP1bAZKs1XtsrEdjRuMinw/mtime:1459259405/sites/default/files/images/blogs/-KDRL1P0-mlU/UFuZDdeG7QI/AAAAAAAAseg/b5-TYiMFrsM/s400/ 49 KB
50 KB 22ms
20ms Image
image/png 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-2.zscaler.com/cdn/farfuture/yR5dIhUUqnfvbXUuGEwcfCP1bAZKs1XtsrEdjRuMinw/mtime:1459259405/sites/default/files/images/blogs/-KDRL1P0-mlU/UFuZDdeG7QI/AAAAAAAAseg/b5-TYiMFrsM/s400/illid-adware-install.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

b67304b1462d047b0c26821ddf68bb596e29663fe359b0023d9160a5c11a7a1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/yR5dIhUUqnfvbXUuGEwcfCP1bAZKs1XtsrEdjRuMinw/mtime:1459259405/sites/default/files/images/blogs/-KDRL1P0-mlU/UFuZDdeG7QI/AAAAAAAAseg/b5-TYiMFrsM/s400/illid-adware-install.PNG
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-2.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 25 Jan 2019 09:37:07 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 62424
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 50228
x-request-id: v-c7adc7d8-2084-11e9-a684-ff91b77c94d9
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
x-amz-cf-id: P7J00cq5ZOg728jHwh-6P85RCsFp8pzHJENJegyFil79ekJWvsvNxQ==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 firefox-3rd-party-warning.PNG
cdn-3.zscaler.com/cdn/farfuture/KaNog2L0V7VRnIiqsXT_rqEjT7ITxacKNZgVz5e87CI/mtime:1459259405/sites/default/files/images/blogs/-rhC-xlN6E1o/UFuZj8Z9nVI/AAAAAAAAseo/yMh4EfxXfDI/s400/ 90 KB
91 KB 22ms
20ms Image
image/png 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-3.zscaler.com/cdn/farfuture/KaNog2L0V7VRnIiqsXT_rqEjT7ITxacKNZgVz5e87CI/mtime:1459259405/sites/default/files/images/blogs/-rhC-xlN6E1o/UFuZj8Z9nVI/AAAAAAAAseo/yMh4EfxXfDI/s400/firefox-3rd-party-warning.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

aa2db21b8bd39607afe064424daeaa31e3dc9e829956e79bbe28c3bd7e5718c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/KaNog2L0V7VRnIiqsXT_rqEjT7ITxacKNZgVz5e87CI/mtime:1459259405/sites/default/files/images/blogs/-rhC-xlN6E1o/UFuZj8Z9nVI/AAAAAAAAseo/yMh4EfxXfDI/s400/firefox-3rd-party-warning.PNG
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-3.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 25 Jan 2019 09:37:07 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 62424
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 92197
x-request-id: v-c7e06f12-2084-11e9-8d8c-c7559c53bc03
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
x-amz-cf-id: J1G1-LtlcaFCSIU5V0tslEqbOkc4IA00VxK8pLBcqOu7Z0ip-7TmPQ==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 extensions-sqlite.PNG
cdn-4.zscaler.com/cdn/farfuture/Z8JfSHUdm6AUJda77BzkandNOyx5mIpfZDLuAnhelTo/mtime:1459259405/sites/default/files/images/blogs/-_ctqieUBpXI/UFubP8dqChI/AAAAAAAAsew/DfkpiGbzKSY/s400/ 55 KB
55 KB 136ms
21ms Image
image/png 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-4.zscaler.com/cdn/farfuture/Z8JfSHUdm6AUJda77BzkandNOyx5mIpfZDLuAnhelTo/mtime:1459259405/sites/default/files/images/blogs/-_ctqieUBpXI/UFubP8dqChI/AAAAAAAAsew/DfkpiGbzKSY/s400/extensions-sqlite.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c8781d901afb9614a7e1b2b8cea7ab949243f66d624244c653dcda514b06f80d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/Z8JfSHUdm6AUJda77BzkandNOyx5mIpfZDLuAnhelTo/mtime:1459259405/sites/default/files/images/blogs/-_ctqieUBpXI/UFubP8dqChI/AAAAAAAAsew/DfkpiGbzKSY/s400/extensions-sqlite.PNG
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-4.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 25 Jan 2019 09:37:07 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 62424
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 56113
x-request-id: v-c7f00ce2-2084-11e9-b905-33a51ee38f56
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
x-amz-cf-id: vvHesfzMGQ5-AOJeBeT8hwwZPx2JpjuD759ijLK440GgIiKPp5PU3A==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 firefox-demo.PNG
cdn-5.zscaler.com/cdn/farfuture/ilaw5IyePr8NW6jLnm2_uj0L65JgJ7lVHY_399jygYM/mtime:1459259405/sites/default/files/images/blogs/-CTERlhgeYLk/UFufgFfbluI/AAAAAAAAsfM/mWzK9N3KPwQ/s400/ 32 KB
33 KB 161ms
13ms Image
image/png 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-5.zscaler.com/cdn/farfuture/ilaw5IyePr8NW6jLnm2_uj0L65JgJ7lVHY_399jygYM/mtime:1459259405/sites/default/files/images/blogs/-CTERlhgeYLk/UFufgFfbluI/AAAAAAAAsfM/mWzK9N3KPwQ/s400/firefox-demo.PNG

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

e6d5a9530fbfbded64763e27ce2d6cf1d2636edb9552b9720c92c86284894e87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/ilaw5IyePr8NW6jLnm2_uj0L65JgJ7lVHY_399jygYM/mtime:1459259405/sites/default/files/images/blogs/-CTERlhgeYLk/UFufgFfbluI/AAAAAAAAsfM/mWzK9N3KPwQ/s400/firefox-demo.PNG
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-5.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 25 Jan 2019 09:37:07 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 62424
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 33234
x-request-id: v-c7e71772-2084-11e9-9603-0ba6ae79f8f2
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
x-amz-cf-id: ISDlQ5ERbCmcvxMKrZ6okVBLct1n3R33BZcjOwD2sowFj16AJtlgYQ==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 mail-icon.svg
cdn-4.zscaler.com/cdn/farfuture/mxqTzNuaUS6xQv5kYqgF4GuTNTyxXpqAjwlktDsCO2I/mtime:1535525568/sites/all/themes/zscaler/images/blog/ 1021 B
1 KB 131ms
21ms Image
image/svg+xml 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-4.zscaler.com/cdn/farfuture/mxqTzNuaUS6xQv5kYqgF4GuTNTyxXpqAjwlktDsCO2I/mtime:1535525568/sites/all/themes/zscaler/images/blog/mail-icon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

ac87ad7a2bef0649ec3f84eebacf1e02bd48647caa281c1da27cc26263abc75b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/mxqTzNuaUS6xQv5kYqgF4GuTNTyxXpqAjwlktDsCO2I/mtime:1535525568/sites/all/themes/zscaler/images/blog/mail-icon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-4.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 16 Nov 2018 21:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6066128
x-cache: Hit from cloudfront
status: 200
strict-transport-security: max-age=31536000; preload
x-ah-environment: prod
content-length: 603
x-amz-cf-id: kbrTIDqliO4krSKSH8daS3QrzNTP8bRJ1hzDvDn3V1r9FojtzeG0MQ==
x-request-id: v-5152bace-e9ea-11e8-a092-5f22229304a7
access-control-allow-origin: *
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
vary: Accept-Encoding
content-type: image/svg+xml
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
cache-control: max-age=290304000, no-transform, public
accept-ranges: bytes
x-drupal-cache: MISS
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 facebook-icon.svg
cdn-4.zscaler.com/cdn/farfuture/bTzlobSicRy_bSkMNCr8H5KIXp2HT68DNG6mplgfUg4/mtime:1535525568/sites/all/themes/zscaler/images/blog/ 1 KB
1 KB 124ms
21ms Image
image/svg+xml 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-4.zscaler.com/cdn/farfuture/bTzlobSicRy_bSkMNCr8H5KIXp2HT68DNG6mplgfUg4/mtime:1535525568/sites/all/themes/zscaler/images/blog/facebook-icon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

7221be22d59bd95b5c1e47590a48d06d367a965213a39ca929241e4a6f9ee7ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/bTzlobSicRy_bSkMNCr8H5KIXp2HT68DNG6mplgfUg4/mtime:1535525568/sites/all/themes/zscaler/images/blog/facebook-icon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-4.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 16 Oct 2018 05:51:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8810868
x-cache: Hit from cloudfront
status: 200
strict-transport-security: max-age=31536000; preload
x-ah-environment: prod
content-length: 721
x-amz-cf-id: nbY_xE_94h--XKNAC5K6h5BvLqNjD2sIdrOPUGEkSs1spVrOV7Axzw==
x-request-id: v-b8ae16f6-d0f3-11e8-b28e-06dfa37c215e
access-control-allow-origin: *
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
vary: Accept-Encoding
content-type: image/svg+xml
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
expires: Tue, 20 Jan 2037 04:20:42 GMT
cache-control: max-age=290304000, no-transform, public
accept-ranges: bytes
x-drupal-cache: MISS
x-cache-hits: 2

GET
H2 200 linkedin-icon.svg
cdn-4.zscaler.com/cdn/farfuture/Ru8nTzur0ks1WaP3Fpc011ZMcFJ1hapjyNAqeVZuu0g/mtime:1535525568/sites/all/themes/zscaler/images/blog/ 1 KB
1 KB 112ms
22ms Image
image/svg+xml 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-4.zscaler.com/cdn/farfuture/Ru8nTzur0ks1WaP3Fpc011ZMcFJ1hapjyNAqeVZuu0g/mtime:1535525568/sites/all/themes/zscaler/images/blog/linkedin-icon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

391f4dc402b6ecb016765b0eae6e508d409b577b79e87dd1dbade260d4495581

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/Ru8nTzur0ks1WaP3Fpc011ZMcFJ1hapjyNAqeVZuu0g/mtime:1535525568/sites/all/themes/zscaler/images/blog/linkedin-icon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-4.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 29 Aug 2018 09:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12945466
x-cache: Hit from cloudfront
status: 200
strict-transport-security: max-age=31536000; preload
x-ah-environment: prod
content-length: 729
x-amz-cf-id: NcY5rL1qqrptk4AxvnMsfzmaoNuoeAaZtxns18g0XPEQDwDjGR0LTg==
x-request-id: v-1bc60c78-ab59-11e8-941f-02f261e79414
access-control-allow-origin: *
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 680365692 678101168
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
expires: Tue, 20 Jan 2037 04:20:42 GMT
cache-control: max-age=290304000, no-transform, public
accept-ranges: bytes
content-type: image/svg+xml
x-drupal-cache: MISS
x-cache-hits: 5

GET
H2 200 twitter-icon.svg
cdn.zscaler.com/cdn/farfuture/iEvJHJG21qsVjv7EM04xk2Q_yxFO0Yk1cKInP7O94DY/mtime:1535525568/sites/all/themes/zscaler/images/blog/ 1 KB
1 KB 96ms
94ms Image
image/svg+xml 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.zscaler.com/cdn/farfuture/iEvJHJG21qsVjv7EM04xk2Q_yxFO0Yk1cKInP7O94DY/mtime:1535525568/sites/all/themes/zscaler/images/blog/twitter-icon.svg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c8abaf8f630ae4af089de7c1b5d7d8f54cec867b3ecf76256db2f5a9fffe7c0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/iEvJHJG21qsVjv7EM04xk2Q_yxFO0Yk1cKInP7O94DY/mtime:1535525568/sites/all/themes/zscaler/images/blog/twitter-icon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 29 Aug 2018 09:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12945466
x-cache: Hit from cloudfront
status: 200
strict-transport-security: max-age=31536000; preload
x-ah-environment: prod
content-length: 774
x-amz-cf-id: OhAeiVCkfpLXeIkaqSMO9Mbdo3s0dJV5e0KjKFEZNY1Kd-zb3jvBPw==
x-request-id: v-1bada9d0-ab59-11e8-baf3-02f261e79414
access-control-allow-origin: *
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 693633666 675644164
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
expires: Tue, 20 Jan 2037 04:20:42 GMT
cache-control: max-age=290304000, no-transform, public
accept-ranges: bytes
content-type: image/svg+xml
x-drupal-cache: MISS
x-cache-hits: 6

GET
H2 200 zscaler-blog-web-security-3.jpg
cdn-3.zscaler.com/cdn/farfuture/oEc7lhquaAGwNfR4e2VYBksGUHSOut1x4O4F8-h2rZg/mtime:1519812225/sites/default/files/images/blogs/----category-images/web-security/ 50 KB
51 KB 26ms
25ms Image
image/jpeg 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-3.zscaler.com/cdn/farfuture/oEc7lhquaAGwNfR4e2VYBksGUHSOut1x4O4F8-h2rZg/mtime:1519812225/sites/default/files/images/blogs/----category-images/web-security/zscaler-blog-web-security-3.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

233e3380f818389aea385208a4734e0b2bce8371d7239245efdf13468a390640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/oEc7lhquaAGwNfR4e2VYBksGUHSOut1x4O4F8-h2rZg/mtime:1519812225/sites/default/files/images/blogs/----category-images/web-security/zscaler-blog-web-security-3.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-3.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 25 Jan 2019 18:47:50 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 30058
x-cache: Hit from cloudfront
status: 200
x-cache-hits: 2
x-ah-environment: prod
content-length: 51185
x-request-id: v-23330bcc-20d0-11e9-a25f-d7f15b0fac4d
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
x-amz-cf-id: fy2BYzdKQ8LfbTGpQC8PO3SCh6sfjTrni2j8gG_HrJwuhFHAbnWx8Q==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 zscaler-blog-security-tools-2.jpg
cdn-5.zscaler.com/cdn/farfuture/_xo7wL0vv16FdZ4EUmshu_HQiQOvG075xYHqWSH6ilM/mtime:1519816710/sites/default/files/images/blogs/----category-images/security-tools/ 42 KB
42 KB 88ms
13ms Image
image/jpeg 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-5.zscaler.com/cdn/farfuture/_xo7wL0vv16FdZ4EUmshu_HQiQOvG075xYHqWSH6ilM/mtime:1519816710/sites/default/files/images/blogs/----category-images/security-tools/zscaler-blog-security-tools-2.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

8db382402a0035d9a255f6caf1c217f564c079cd928a899047ceba835eba7957

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/_xo7wL0vv16FdZ4EUmshu_HQiQOvG075xYHqWSH6ilM/mtime:1519816710/sites/default/files/images/blogs/----category-images/security-tools/zscaler-blog-security-tools-2.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-5.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 23 Jan 2019 16:54:31 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 212298
x-cache: Hit from cloudfront
status: 200
x-cache-hits: 5
x-ah-environment: prod
content-length: 42582
x-request-id: v-d3b19b62-1f27-11e9-a6ff-4b6a5a36bc3e
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
x-amz-cf-id: 7rBiuyHYk21WfMvlaiguFhYm24-fAQPDJqIUq2-W2up_ITYzqCAQ_g==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 zscaler-sideIcon-shield.png
cdn.zscaler.com/cdn/farfuture/kch0mK47piKYNqqgMacyMg3dy1eTW-85EOGEz8yhJ0I/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/ 288 B
798 B 11ms
10ms Image
image/png 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.zscaler.com/cdn/farfuture/kch0mK47piKYNqqgMacyMg3dy1eTW-85EOGEz8yhJ0I/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/zscaler-sideIcon-shield.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

5a83e9ab51f0cdb6c8dca84411c7370a9ad152fd4e5730848ea3a294d3b845d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/kch0mK47piKYNqqgMacyMg3dy1eTW-85EOGEz8yhJ0I/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/zscaler-sideIcon-shield.png
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 08 Nov 2018 09:21:11 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 6802580
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 288
x-request-id: v-a1d8419e-e337-11e8-ba0f-8b386a7dc4b3
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
x-amz-cf-id: pyE_4dm30Ejf8m9ztLhWAUOmlA8CwbY0oUV10ceBlKNDLB60MTlNsw==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 zscaler-sideIcon-share.png
cdn-3.zscaler.com/cdn/farfuture/u_3V4GExYuS8stsYJNF-Ng9UiEHiAnHZm8dRsQR3Vwo/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/ 284 B
808 B 10ms
10ms Image
image/png 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-3.zscaler.com/cdn/farfuture/u_3V4GExYuS8stsYJNF-Ng9UiEHiAnHZm8dRsQR3Vwo/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/zscaler-sideIcon-share.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

d74148ff31c75b243670de7e37dbb54d399185c0384e982da43388bece07a763

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/u_3V4GExYuS8stsYJNF-Ng9UiEHiAnHZm8dRsQR3Vwo/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/zscaler-sideIcon-share.png
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn-3.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 26 Oct 2018 01:15:45 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 7956871
x-cache: Hit from cloudfront
status: 200
x-cache-hits: 1
x-ah-environment: prod
content-length: 284
x-request-id: v-16d742b8-d8b8-11e8-8e3a-06dfa37c215e
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
x-amz-cf-id: UKW-OFpBvoahXe5dPXXWJ0gt3ozRLCiXswSGc6qrfXMouiXiqNxxkA==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 92ede4fc-c076-4245-8c3f-85e672763690.js Show response
cdn.cookielaw.org/langswitch/ 2 KB
1 KB 54ms
9ms Script
application/x-javascript 152.195.132.202
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.132.202 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8FA5) /
Resource Hash: 3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
content-md5: wNMyoZp2a7YtIJ5FlCf5Pg==
x-cache: HIT
status: 200
content-length: 737
x-ms-lease-status: unlocked
last-modified: Fri, 14 Dec 2018 21:28:39 GMT
server: ECAcc (frc/8FA5)
etag: 0x8D6620B1D7C0958
vary: Accept-Encoding
content-type: application/x-javascript
x-ms-request-id: 00afe662-001e-00b3-1e05-b52261000000
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Sat, 26 Jan 2019 06:57:31 GMT

GET
H2 200 js__Mc2zu8oTXUuuljJ2paFym7TDo8lhmM2rQDvEJof-MLI__2KBEhpEGqQFBiFOLZIZYeQTDUIw6atYiuMl7WaVOnZ0__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Show response
cdn-3.zscaler.com/sites/default/files/advagg_js/ 88 KB
31 KB 9ms
9ms Script
application/javascript 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-3.zscaler.com/sites/default/files/advagg_js/js__Mc2zu8oTXUuuljJ2paFym7TDo8lhmM2rQDvEJof-MLI__2KBEhpEGqQFBiFOLZIZYeQTDUIw6atYiuMl7WaVOnZ0__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c805b4384196fbfe33e7dfd888691f944bac238cdb5f3ea185386765603593cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/default/files/advagg_js/js__Mc2zu8oTXUuuljJ2paFym7TDo8lhmM2rQDvEJof-MLI__2KBEhpEGqQFBiFOLZIZYeQTDUIw6atYiuMl7WaVOnZ0__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: cdn-3.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 03 Sep 2018 06:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12514787
x-cache: Hit from cloudfront
status: 200
x-cache-hits: 3
x-ah-environment: prod
content-length: 31484
x-request-id: v-dca57ec2-af43-11e8-ba63-06dfa37c215e
last-modified: Mon, 03 Sep 2018 06:37:31 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 193211907 198836592
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: KMnitfj_SconHkuagK8dUdYFTYCIKsKfUYOsMUsec1Jt4DhbvAWp6Q==
expires: Mon, 02 Sep 2019 06:37:43 GMT

GET
H2 200 js__N2w3MNbkMBVEaHZEuSDHy9eqjOd34q8QR23ga1GSthI__UaSBauOIHIAdfILgPZKtaSaoIttxVBs0wggJItyxzsI__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Show response
cdn-2.zscaler.com/sites/default/files/advagg_js/ 25 KB
9 KB 10ms
10ms Script
application/javascript 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-2.zscaler.com/sites/default/files/advagg_js/js__N2w3MNbkMBVEaHZEuSDHy9eqjOd34q8QR23ga1GSthI__UaSBauOIHIAdfILgPZKtaSaoIttxVBs0wggJItyxzsI__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

45b5732f734c6199b57da0ed7832ed2f674b67a8dd9486cd2ba8456a5f298173

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/default/files/advagg_js/js__N2w3MNbkMBVEaHZEuSDHy9eqjOd34q8QR23ga1GSthI__UaSBauOIHIAdfILgPZKtaSaoIttxVBs0wggJItyxzsI__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: cdn-2.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 04:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 773850
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 8988
x-request-id: v-5ced2b4c-1a0c-11e9-a0d4-db6a98acf2cc
last-modified: Mon, 03 Sep 2018 06:37:31 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: mBiapUWCRoOWPFMzV1Bl6PpLtReHypvd4ArM0JFkKEzus0wocjhbRg==
expires: Thu, 16 Jan 2020 04:00:01 GMT

GET
H2 200 js__D_VCqW1yTtCwuVAFntOtASYdYPw_RI6fkHG2xHUn44I__qW7RFbcn4o51bPRlD0TnQWYN-qSn4RYrYKvDlTXS-pw__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Show response
cdn-2.zscaler.com/sites/default/files/advagg_js/ 7 KB
3 KB 12ms
9ms Script
application/javascript 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-2.zscaler.com/sites/default/files/advagg_js/js__D_VCqW1yTtCwuVAFntOtASYdYPw_RI6fkHG2xHUn44I__qW7RFbcn4o51bPRlD0TnQWYN-qSn4RYrYKvDlTXS-pw__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

5f4407da08a159f50a278d4e86cda104a1738182beeca5d9b3fdc0a84fadb206

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/default/files/advagg_js/js__D_VCqW1yTtCwuVAFntOtASYdYPw_RI6fkHG2xHUn44I__qW7RFbcn4o51bPRlD0TnQWYN-qSn4RYrYKvDlTXS-pw__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: cdn-2.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 27 Sep 2018 08:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10441456
x-cache: Hit from cloudfront
status: 200
x-cache-hits: 3
x-ah-environment: prod
content-length: 2543
x-request-id: v-363a12c0-c21f-11e8-8cfd-06dfa37c215e
last-modified: Mon, 03 Sep 2018 06:37:31 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 809903531 801408010
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: mJKBCZKfG8Uv-uGjUqd2yA1f4t0xjpek9tZxspkswV0IWynIsiPyPg==
expires: Thu, 26 Sep 2019 06:33:14 GMT

GET
H2 200 js__yz39Oiuar8Bm5YQktDLGWAMlZL9dQp7tUMPmAwTni6A__ZS5q5UTsy48aM0oCBRypbHWsLITIpNgKJzyqMf8KPvE__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js Show response
cdn-2.zscaler.com/sites/default/files/advagg_js/ 625 KB
168 KB 12ms
10ms Script
application/javascript 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-2.zscaler.com/sites/default/files/advagg_js/js__yz39Oiuar8Bm5YQktDLGWAMlZL9dQp7tUMPmAwTni6A__ZS5q5UTsy48aM0oCBRypbHWsLITIpNgKJzyqMf8KPvE__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

636650ac762d847504ac09f61affe9caa451b64d29fa19f9b5f82afa1ecccb41

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/default/files/advagg_js/js__yz39Oiuar8Bm5YQktDLGWAMlZL9dQp7tUMPmAwTni6A__ZS5q5UTsy48aM0oCBRypbHWsLITIpNgKJzyqMf8KPvE__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: cdn-2.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 19:36:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 285775
x-cache: Hit from cloudfront
status: 200
x-cache-hits: 5
x-ah-environment: prod
content-length: 171761
x-request-id: v-c02e8e2a-1e7c-11e9-9bd5-1343e9f7389e
last-modified: Tue, 22 Jan 2019 19:34:35 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: XqLCQGbMOlig0t_xugq4qz8QSuDhhOQ_3MM-VSPluDERTft27VuuQw==
expires: Tue, 21 Jan 2020 19:34:36 GMT

GET
H2 200 zscaler-mission-possible-sliding-banner-image-background.jpg
www.zscaler.com/sites/all/themes/zscaler/images/misc/mission-possible/splash/ 14 KB
14 KB 183ms
181ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/misc/mission-possible/splash/zscaler-mission-possible-sliding-banner-image-background.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

4d88075df6bd535ce6fd8669305484dcb92b29f5c938e40a1161ffad675a8699

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/misc/mission-possible/splash/zscaler-mission-possible-sliding-banner-image-background.jpg
pragma: no-cache
cookie: SimpleSAMLSessionID=e59ad00c240536dbd691c9c53099a452
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
via: varnish
x-content-type-options: nosniff
age: 33183
x-cache: HIT
status: 200
x-cache-hits: 1095
x-ah-environment: prod
content-length: 14390
x-request-id: v-dca4afbe-20c8-11e9-bdc0-9fb4299f69e7
last-modified: Tue, 18 Sep 2018 03:35:52 GMT
server: nginx
vary: Host
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
expires: Fri, 08 Feb 2019 17:44:27 GMT

GET
H2 200 zscaler-blog-post-hero-botnets.jpg
www.zscaler.com/sites/all/themes/zscaler/images/blog/post-images/ 59 KB
60 KB 362ms
361ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/blog/post-images/zscaler-blog-post-hero-botnets.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

2d63c7c20a146f020872668c23fc4cda0c7f4887dfc65136804f8131d5b188f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/blog/post-images/zscaler-blog-post-hero-botnets.jpg
pragma: no-cache
cookie: SimpleSAMLSessionID=e59ad00c240536dbd691c9c53099a452
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
via: varnish
x-content-type-options: nosniff
age: 28617
x-cache: HIT
status: 200
x-cache-hits: 5
x-ah-environment: prod
content-length: 60912
x-request-id: v-7e5a361c-20d3-11e9-819b-17017ab0c4c8
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
vary: Host
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
expires: Fri, 08 Feb 2019 19:00:34 GMT

GET
H2 200 zscaler-blog-antivirus-2.jpg
cdn.zscaler.com/cdn/farfuture/dlBS3xLeNU1YJvjoEp5IrG6Bed00QeY_ig4drWyqu58/mtime:1519812247/sites/default/files/images/blogs/----category-images/antiVirus/ 78 KB
79 KB 24ms
23ms Image
image/jpeg 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.zscaler.com/cdn/farfuture/dlBS3xLeNU1YJvjoEp5IrG6Bed00QeY_ig4drWyqu58/mtime:1519812247/sites/default/files/images/blogs/----category-images/antiVirus/zscaler-blog-antivirus-2.jpg

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

4311173914cb2ba37378d3f07064c3e0187119d825a8088fc3f218d84eeb74e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn/farfuture/dlBS3xLeNU1YJvjoEp5IrG6Bed00QeY_ig4drWyqu58/mtime:1519812247/sites/default/files/images/blogs/----category-images/antiVirus/zscaler-blog-antivirus-2.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 25 Jan 2019 09:37:07 GMT
via: varnish, 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 62424
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 79879
x-request-id: v-c7f31bda-2084-11e9-88e6-6b06797d5562
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=290304000, no-transform, public
x-drupal-cache: MISS
accept-ranges: bytes
x-amz-cf-id: _efA7N2e48vNyarhSGYC8Ee365cVXLPc5ttd_ODQ6qzppcPpjYj5xg==
expires: Tue, 20 Jan 2037 04:20:42 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ 11 KB
11 KB 7ms
5ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f7c386915e39d8a925fe10d15744a9da95ac8f90423e12728e7fc3c5e34f4559

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Mon, 21 Jan 2019 15:45:15 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:47 GMT
server: sffe
age: 385936
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 10876
x-xss-protection: 1; mode=block
expires: Tue, 21 Jan 2020 15:45:15 GMT

GET
H2 200 fa-solid-900.woff2
pro.fontawesome.com/releases/v5.5.0/webfonts/ 108 KB
108 KB 24ms
23ms Font
font/woff2 50.31.246.1
Fly.io

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.5.0/webfonts/fa-solid-900.woff2
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 50.31.246.1 Chicago, United States, ASN40509 (FLY - Fly.io, Inc., US),
Reverse DNS
Software: Fly.io/0.1.1 /
Resource Hash: 88876fcd5eb71de865d889ea63df11b023ef1d1365124305c2708f61cbb04339

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pro.fontawesome.com/releases/v5.5.0/css/all.css
Origin: https://www.zscaler.com

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
x-cache: HIT
status: 200
access-control-max-age: 3000
last-modified: Fri, 02 Nov 2018 15:38:02 GMT
content-length: 110861
fly-request-id: bLypFvvFrpuDGmuzmBRljI7WuV
server: Fly.io/0.1.1
etag: "a265bbc20e40ae6e6b45e0b78ab08c41"
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ 10 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Thu, 03 Jan 2019 10:09:38 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
age: 1961273
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 10748
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2020 10:09:38 GMT

GET
H2 200 BngMUXZYTXPIvIBgJJSb6ufN5qA.ttf
fonts.gstatic.com/s/robotoslab/v7/ 35 KB
22 KB 6ms
5ms Font
font/ttf 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v7/BngMUXZYTXPIvIBgJJSb6ufN5qA.ttf

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0747d3bb1a47671210add22ff8f49d6130bf39ad8559153b6beee2166fdbb67b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.zscaler.com/sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__G6dj0Yihc18RxwCiOdtRQPtBTyIW3wpfwbYN9Nmig7k__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
Origin: https://www.zscaler.com

Response headers

date: Fri, 25 Jan 2019 06:50:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72394
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 22243
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Oct 2017 18:31:32 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jan 2020 06:50:57 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Mon, 21 Jan 2019 15:44:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 385980
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 10788
x-xss-protection: 1; mode=block
expires: Tue, 21 Jan 2020 15:44:31 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
fonts.gstatic.com/s/roboto/v18/ 12 KB
12 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

64565561ddb338a11ffce5b84aa53fa6e8fd203c34208e61eb5602cd08bf527f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Tue, 22 Jan 2019 18:18:01 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:48 GMT
server: sffe
age: 290370
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12352
x-xss-protection: 1; mode=block
expires: Wed, 22 Jan 2020 18:18:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1be216dbc059d96e288b0c1f399a1a80ee8c65e4c1272dbc4574bd6d23cf45d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.com

Response headers

date: Fri, 21 Dec 2018 05:58:03 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:03 GMT
server: sffe
age: 3099568
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 10764
x-xss-protection: 1; mode=block
expires: Sat, 21 Dec 2019 05:58:03 GMT

GET
H2 200 fa-brands-400.woff2
pro.fontawesome.com/releases/v5.5.0/webfonts/ 68 KB
68 KB 30ms
30ms Font
font/woff2 50.31.246.1
Fly.io

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.5.0/webfonts/fa-brands-400.woff2
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 50.31.246.1 Chicago, United States, ASN40509 (FLY - Fly.io, Inc., US),
Reverse DNS
Software: Fly.io/0.1.1 /
Resource Hash: e705082b8a630b4d0190bb13e20f4d127f75ad88c271c749ff0c4e10c6acacf9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pro.fontawesome.com/releases/v5.5.0/css/all.css
Origin: https://www.zscaler.com

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
x-cache: HIT
status: 200
access-control-max-age: 3000
last-modified: Fri, 02 Nov 2018 15:37:32 GMT
content-length: 69687
fly-request-id: bLypFvvKitFviE8WbMwwcJkppr
server: Fly.io/0.1.1
etag: "0896516daa9ef0a4169465a6fa281d68"
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes

GET
H2 200 KFOmCnqEu92Fr1Mu4mxP.ttf
fonts.gstatic.com/s/roboto/v18/ 35 KB
20 KB 6ms
5ms Font
font/ttf 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxP.ttf

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.zscaler.com/sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__G6dj0Yihc18RxwCiOdtRQPtBTyIW3wpfwbYN9Nmig7k__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
Origin: https://www.zscaler.com

Response headers

date: Thu, 03 Jan 2019 03:28:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1985327
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 20272
x-xss-protection: 1; mode=block
last-modified: Mon, 16 Oct 2017 17:32:56 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Jan 2020 03:28:44 GMT

GET
H2 200 75590e24-f605-4d9c-b92c-ca09a93d469f.js Show response
cdn.cookielaw.org/consent/ 96 KB
17 KB 10ms
9ms Script
application/x-javascript 152.195.132.202
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.132.202 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8FED) /
Resource Hash: c31af6fbb672b4a620e928cff91917a6317d4673f229c9df119b29faed0aa85f

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
content-md5: NfLfkX4y5sfawfvMyAMfcQ==
x-cache: HIT
status: 200
content-length: 17646
x-ms-lease-status: unlocked
last-modified: Fri, 14 Dec 2018 21:28:42 GMT
server: ECAcc (frc/8FED)
etag: 0x8D6620B1F38AF76
vary: Accept-Encoding
content-type: application/x-javascript
x-ms-request-id: 39c54c6f-d01e-0010-0805-b5ee00000000
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Sat, 26 Jan 2019 06:57:31 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 23 KB
9 KB 16ms
16ms Script
text/javascript 216.58.207.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

216.58.207.34 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s24-in-f2.1e100.net

Software

cafe /

Resource Hash

abb6ba48394b3e80f0cec249f5b162adbcbd918fa8cfb6f58bf5a9f91f05657d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 8805
x-xss-protection: 1; mode=block
server: cafe
etag: 15921422403606129310
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 26 Jan 2019 02:57:31 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 4104
date: Sat, 26 Jan 2019 01:49:07 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 17543
expires: Sat, 26 Jan 2019 03:49:07 GMT

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 15 KB
5 KB 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:2bf::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:2bf::3adf , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sat, 26 Jan 2019 02:57:31 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Dec 2018 23:03:30 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=7488
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 e528e275.min.js Show response
tag.demandbase.com/ 62 KB
16 KB 531ms
400ms Script
application/javascript 13.32.158.65
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/e528e275.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.158.65 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-158-65.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 35db12d00306c3e30c48431e788ab06812c56b7dcf5e6d0fd8167c66c85e4170

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: CefGqpwyz6L8bE7SPK9p5WjTLK0MlGux
content-encoding: gzip
last-modified: Thu, 27 Dec 2018 20:19:10 GMT
server: AmazonS3
date: Wed, 23 Jan 2019 07:28:38 GMT
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=3600
x-amz-cf-id: R3DhsWzu4DCAhXAmHy4TRVWs3HkQ5IAP98GRan0vPzv8AogKMAHlkw==
via: 1.1 170fdbe261f5e85186a08817806feba2.cloudfront.net (CloudFront)

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 47ms
21ms Script
application/javascript 2a00:1450:4001:81c::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

9d15d6be9c463e262a90401362a498e9142ee8579fe021614d89c8640c078105

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 859
x-xss-protection: 1; mode=block
expires: Tue, 27 Apr 1971 19:44:06 EST

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 68ms
7ms Script
application/x-javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.184.220.178 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40B4) / ASP.NET
Resource Hash: da7ebd42b410dec8e844022c3445e6367f49b0d68654e4012c05e5cdec6fff4e

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
last-modified: Fri, 25 Jan 2019 18:47:44 GMT
server: ECS (fcn/40B4)
x-powered-by: ASP.NET
etag: "40b19375deb4d41:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
access-control-expose-headers: Request-Context
accept-ranges: bytes
content-length: 32340
request-context: appId=cid-v1:f81cb8d1-c024-4a90-9d5b-5123f82d463b

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 13 KB
6 KB 62ms
9ms Script
application/javascript 2.19.36.87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.36.87 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-36-87.deploy.static.akamaitechnologies.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: f8a9e1e5506fec3e24e3d86aab4c84f19f4de9d3525362cdc56123f0e5d301cb

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sat, 26 Jan 2019 02:57:31 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Dec 2018 02:18:05 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5c0f1e5d-3445"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 5587

GET
H2 200 optanon.css
cdn.cookielaw.org/skins/4.1.0/default_responsive_alert_bottom_two_button_white/v2/css/ 20 KB
4 KB 9ms
9ms Stylesheet
text/css 152.195.132.202
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/skins/4.1.0/default_responsive_alert_bottom_two_button_white/v2/css/optanon.css
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.132.202 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F3C) /
Resource Hash: bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
content-md5: kK6kKwez9JSsVpOMq9pKsQ==
x-cache: HIT
status: 200
content-length: 3575
x-ms-lease-status: unlocked
last-modified: Thu, 17 Jan 2019 17:01:31 GMT
server: ECAcc (frc/8F3C)
etag: 0x8D67C9D6DB9FC92
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: 986d0ff1-201e-0167-7c58-b32d14000000
cache-control: public, max-age=2592000
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Sat, 26 Jan 2019 06:57:31 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 6ms
5ms Image
image/gif 2a00:1450:4001:816::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j73&a=1697570734&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&ul=en-us&de=UTF-8&dt=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YGBAgEAB~&jid=1822944766&gjid=58420502&cid=1291406072.1548471452&tid=UA-6177009-1&_gid=2126116754.1548471452&gtm=2wg1d15SLZFK&z=865341289

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Jan 2019 14:06:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1428688
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-6177009-1&cid=1291406072.1548471452&jid=1822944766&gjid=58420502&_gid=2126116754.1548471452&_u=YGBAgEAB~&z=1594039905
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1291406072.1548471452&jid=1822944766&_v=j73&z=1594039905
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1291406072.1548471452&jid=1822944766&_v=j73&z=1594039905&slf_rd=1&random=3911973117

42 B
109 B

18ms
17ms

Image
image/gif

2a00:1450:4001:819::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1291406072.1548471452&jid=1822944766&_v=j73&z=1594039905&slf_rd=1&random=3911973117

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:819::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jan 2019 02:57:32 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jan 2019 02:57:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=1291406072.1548471452&jid=1822944766&_v=j73&z=1594039905&slf_rd=1&random=3911973117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/ 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1548471451667&cv=9&fst=1548471451667&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&tiba=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

a20e873e9e55ac320e46bfcc9124cad95e34a04bf7846226d34f9befdff81c30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 1003
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/ 2 KB
1 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1548471451671&cv=9&fst=1548471451671&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&tiba=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

aaa56481990a2d762ade7aad471e4214c2a8a7b2f951b864b67743a9514f2b15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 1001
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflHdGmps/ 20 KB
8 KB 44ms
6ms Script
text/javascript 2a00:1450:4001:81d::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflHdGmps/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

27a9d5da522a9269ce5317f99cc458e95bcf4b13acb90fa0d6ee43910553f880

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 25 Jan 2019 19:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28429
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 7729
x-xss-protection: 1; mode=block
last-modified: Fri, 25 Jan 2019 02:57:31 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Sat, 02 Feb 2019 19:03:42 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
371 B 71ms
7ms XHR
text/plain 2.19.36.87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.36.87 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-36-87.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 12548275b6fc8ac215d87635ffc7bfcf02bc01da34420ad137401be0bf1cf91d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Origin: https://www.zscaler.com

Response headers

Date: Sat, 26 Jan 2019 02:57:31 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.zscaler.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
627 B 268ms
215ms Image
image/gif 2.19.36.87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=&visitor=3b46aa05-c891-4d68-86ea-adb68ee2b41e&session=17c573bb-7058-49ef-8237-7fda208ed3d9&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%20%20%20%20How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog%20%20%22%7D&cb=71451689&r=&thirdParty=%7B%7D

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.19.36.87 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-19-36-87.deploy.static.akamaitechnologies.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sat, 26 Jan 2019 02:57:31 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 19 Oct 2018 10:50:03 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5bc9b6db-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/973777747/ 42 B
282 B 24ms
23ms Image
image/gif 2a00:1450:4001:824::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973777747/?random=1548471451667&cv=9&fst=1548468000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&tiba=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=3745902978&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jan 2019 02:57:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/973777747/ 42 B
109 B 24ms
22ms Image
image/gif 2a00:1450:4001:819::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/973777747/?random=1548471451667&cv=9&fst=1548468000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&tiba=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=3745902978&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:819::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jan 2019 02:57:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 8ms
7ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 848fddf1e2f7de5b9553870997e698d0cc95e417dfeab8edc389270ee128a46b

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sat, 26 Jan 2019 02:57:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Jan 2019 03:32:24 GMT
Server: Apache
ETag: "8347e6e3adcd544762f37f6ee06a15b0:1548387145"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 765

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 37 KB
37 KB 380ms
110ms Script
application/javascript 18.235.79.210
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.235.79.210 Cambridge, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-18-235-79-210.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:32 GMT
last-modified: Tue, 16 Oct 2018 18:33:02 GMT
server: Kestrel
etag: "1d4657eab9c909b"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 37787

GET
H2 200 zscaler-home-navigation-dropDown-products.jpg
www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/ 21 KB
21 KB 181ms
181ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-products.jpg

Requested by

Host: cdn-3.zscaler.com
URL: https://cdn-3.zscaler.com/sites/default/files/advagg_js/js__Mc2zu8oTXUuuljJ2paFym7TDo8lhmM2rQDvEJof-MLI__2KBEhpEGqQFBiFOLZIZYeQTDUIw6atYiuMl7WaVOnZ0__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

8521546462c374cd8318bbfbe95ff5c775195d06afb71b4d44eea64a3e42b020

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-products.jpg
pragma: no-cache
cookie: SimpleSAMLSessionID=e59ad00c240536dbd691c9c53099a452; has_js=1; _gcl_au=1.1.1897001424.1548471452; OptanonConsent=landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&datestamp=Sat+Jan+26+2019+02%3A57%3A31+GMT%2B0000+(Coordinated+Universal+Time)&version=4.1.0; _ga=GA1.2.1291406072.1548471452; _gid=GA1.2.2126116754.1548471452; _dc_gtm_UA-6177009-1=1; _gd_visitor=3b46aa05-c891-4d68-86ea-adb68ee2b41e; _gd_session=17c573bb-7058-49ef-8237-7fda208ed3d9; _biz_dfsA=%5B%5D; _biz_uid=48216b65cd80463ec0696e4f42707c18; _biz_sid=339d83; _biz_nA=1; _biz_pendingA=%5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D48216b65cd80463ec0696e4f42707c18%26_biz_s%3D339d83%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Fhow-install-silently-malicious-extensions-firefox%26_biz_t%3D1548471451709%26_biz_i%3D%250A%2520%2520%2520%2520How%2520To%2520Install%2520Silently%2520Malicious%2520Extensions%2520For%2520Firefox%2520%257C%2520Zscaler%2520Blog%2520%2520%26_biz_n%3D0%26rnd%3D139825%22%5D
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
via: varnish
x-content-type-options: nosniff
age: 33183
x-cache: HIT
status: 200
x-cache-hits: 1290
x-ah-environment: prod
content-length: 21040
x-request-id: v-dccc37fa-20c8-11e9-9c42-bbf31d8fbd37
last-modified: Thu, 06 Dec 2018 23:45:14 GMT
server: nginx
vary: Host
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
expires: Fri, 08 Feb 2019 17:44:28 GMT

GET
H2 200 zscaler-home-navigation-dropDown-solutions.jpg
www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/ 17 KB
18 KB 181ms
181ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-solutions.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

52ae784bbd156dfe8f7311c85d5753314cbd9d963ec95a62e6665c99d0268a7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-solutions.jpg
pragma: no-cache
cookie: SimpleSAMLSessionID=e59ad00c240536dbd691c9c53099a452; has_js=1; _gcl_au=1.1.1897001424.1548471452; OptanonConsent=landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&datestamp=Sat+Jan+26+2019+02%3A57%3A31+GMT%2B0000+(Coordinated+Universal+Time)&version=4.1.0; _ga=GA1.2.1291406072.1548471452; _gid=GA1.2.2126116754.1548471452; _dc_gtm_UA-6177009-1=1; _gd_visitor=3b46aa05-c891-4d68-86ea-adb68ee2b41e; _gd_session=17c573bb-7058-49ef-8237-7fda208ed3d9; _biz_dfsA=%5B%5D; _biz_uid=48216b65cd80463ec0696e4f42707c18; _biz_sid=339d83; _biz_nA=1; _biz_pendingA=%5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D48216b65cd80463ec0696e4f42707c18%26_biz_s%3D339d83%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Fhow-install-silently-malicious-extensions-firefox%26_biz_t%3D1548471451709%26_biz_i%3D%250A%2520%2520%2520%2520How%2520To%2520Install%2520Silently%2520Malicious%2520Extensions%2520For%2520Firefox%2520%257C%2520Zscaler%2520Blog%2520%2520%26_biz_n%3D0%26rnd%3D139825%22%5D
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
via: varnish
x-content-type-options: nosniff
age: 33183
x-cache: HIT
status: 200
x-cache-hits: 1290
x-ah-environment: prod
content-length: 17746
x-request-id: v-dccc3e44-20c8-11e9-a173-e3448e82dc40
last-modified: Thu, 06 Dec 2018 23:45:14 GMT
server: nginx
vary: Host
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
expires: Fri, 08 Feb 2019 17:44:28 GMT

GET
H2 200 zscaler-home-navigation-dropDown-resources.jpg
www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/ 22 KB
22 KB 181ms
181ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-resources.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

d7dd3f4c3fcd4d440cd3aa820cc4da361dd28a055f0a05bf60dbac778c3528a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-resources.jpg
pragma: no-cache
cookie: SimpleSAMLSessionID=e59ad00c240536dbd691c9c53099a452; has_js=1; _gcl_au=1.1.1897001424.1548471452; OptanonConsent=landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&datestamp=Sat+Jan+26+2019+02%3A57%3A31+GMT%2B0000+(Coordinated+Universal+Time)&version=4.1.0; _ga=GA1.2.1291406072.1548471452; _gid=GA1.2.2126116754.1548471452; _dc_gtm_UA-6177009-1=1; _gd_visitor=3b46aa05-c891-4d68-86ea-adb68ee2b41e; _gd_session=17c573bb-7058-49ef-8237-7fda208ed3d9; _biz_dfsA=%5B%5D; _biz_uid=48216b65cd80463ec0696e4f42707c18; _biz_sid=339d83; _biz_nA=1; _biz_pendingA=%5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D48216b65cd80463ec0696e4f42707c18%26_biz_s%3D339d83%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Fhow-install-silently-malicious-extensions-firefox%26_biz_t%3D1548471451709%26_biz_i%3D%250A%2520%2520%2520%2520How%2520To%2520Install%2520Silently%2520Malicious%2520Extensions%2520For%2520Firefox%2520%257C%2520Zscaler%2520Blog%2520%2520%26_biz_n%3D0%26rnd%3D139825%22%5D
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
via: varnish
x-content-type-options: nosniff
age: 33183
x-cache: HIT
status: 200
x-cache-hits: 1290
x-ah-environment: prod
content-length: 22243
x-request-id: v-dccd27dc-20c8-11e9-898c-533370927aa9
last-modified: Thu, 06 Dec 2018 23:45:14 GMT
server: nginx
vary: Host
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
expires: Fri, 08 Feb 2019 17:44:28 GMT

GET
H2 200 zscaler-home-navigation-dropDown-company.jpg
www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/ 21 KB
21 KB 183ms
182ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-company.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

e9622a721ead53a7e422bf180cb5a0aab8a5190b678bc3a1e1a29bc02a5314e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-company.jpg
pragma: no-cache
cookie: SimpleSAMLSessionID=e59ad00c240536dbd691c9c53099a452; has_js=1; _gcl_au=1.1.1897001424.1548471452; OptanonConsent=landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&datestamp=Sat+Jan+26+2019+02%3A57%3A31+GMT%2B0000+(Coordinated+Universal+Time)&version=4.1.0; _ga=GA1.2.1291406072.1548471452; _gid=GA1.2.2126116754.1548471452; _dc_gtm_UA-6177009-1=1; _gd_visitor=3b46aa05-c891-4d68-86ea-adb68ee2b41e; _gd_session=17c573bb-7058-49ef-8237-7fda208ed3d9; _biz_dfsA=%5B%5D; _biz_uid=48216b65cd80463ec0696e4f42707c18; _biz_sid=339d83; _biz_nA=1; _biz_pendingA=%5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D48216b65cd80463ec0696e4f42707c18%26_biz_s%3D339d83%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Fhow-install-silently-malicious-extensions-firefox%26_biz_t%3D1548471451709%26_biz_i%3D%250A%2520%2520%2520%2520How%2520To%2520Install%2520Silently%2520Malicious%2520Extensions%2520For%2520Firefox%2520%257C%2520Zscaler%2520Blog%2520%2520%26_biz_n%3D0%26rnd%3D139825%22%5D
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.zscaler.com
referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
:scheme: https
:method: GET
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
via: varnish
x-content-type-options: nosniff
age: 33183
x-cache: HIT
status: 200
x-cache-hits: 1293
x-ah-environment: prod
content-length: 21662
x-request-id: v-dccd28ae-20c8-11e9-9155-d33b0662d909
last-modified: Thu, 06 Dec 2018 23:45:14 GMT
server: nginx
vary: Host
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
expires: Fri, 08 Feb 2019 17:44:28 GMT

GET
H2 200 icon-enlarge-btn.svg
cdn.zscaler.com/sites/all/themes/zscaler/images/resources/ransomware/ 3 KB
3 KB 72ms
72ms Image
image/svg+xml 13.32.158.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.zscaler.com/sites/all/themes/zscaler/images/resources/ransomware/icon-enlarge-btn.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.158.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-158-126.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/resources/ransomware/icon-enlarge-btn.svg
pragma: no-cache
cookie: _gcl_au=1.1.1897001424.1548471452; _ga=GA1.2.1291406072.1548471452; _gid=GA1.2.2126116754.1548471452; _dc_gtm_UA-6177009-1=1; _biz_dfsA=%5B%5D; _biz_uid=48216b65cd80463ec0696e4f42707c18; _biz_sid=339d83; _biz_nA=1; _biz_pendingA=%5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D48216b65cd80463ec0696e4f42707c18%26_biz_s%3D339d83%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Fhow-install-silently-malicious-extensions-firefox%26_biz_t%3D1548471451709%26_biz_i%3D%250A%2520%2520%2520%2520How%2520To%2520Install%2520Silently%2520Malicious%2520Extensions%2520For%2520Firefox%2520%257C%2520Zscaler%2520Blog%2520%2520%26_biz_n%3D0%26rnd%3D139825%22%5D
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: cdn.zscaler.com
referer: https://cdn.zscaler.com/sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__G6dj0Yihc18RxwCiOdtRQPtBTyIW3wpfwbYN9Nmig7k__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
:scheme: https
:method: GET
Referer: https://cdn.zscaler.com/sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__G6dj0Yihc18RxwCiOdtRQPtBTyIW3wpfwbYN9Nmig7k__Pn_3y4csKYl3nPNiUt_2RFFx0uJ-_GJwYm6iEOOJzAw.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 07 Sep 2018 01:41:55 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 d942ee6a387b745954972448a42def1c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 160160
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 2612
x-request-id: v-33e803c8-b23f-11e8-a6be-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 389876661
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: YHxNr3_p4DZeVPrJNgRQN-ZzLlpqX_mWAQBw_T_LKMwAriA1hY1upA==
expires: Fri, 21 Sep 2018 01:41:55 GMT

GET
H2

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1548471451841&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&fmt=js&s=1
https://px.ads.linkedin.com/collect/?time=1548471451841&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&fmt=js&s=1&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1548471451841%26pid%3D33962%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%2...
https://px.ads.linkedin.com/collect/?time=1548471451841&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&fmt=js&s=1&cookiesTest=tru...

0
97 B

113ms
112ms

Script
application/javascript

2a05:f500:10:101::b93f:9105
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1548471451841&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&fmt=js&s=1&cookiesTest=true&liSync=true
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:32 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 20
x-li-uuid: GTAN65RGfRUAHkZGWSsAAA==

Redirect headers

date: Sat, 26 Jan 2019 02:57:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-efr5
content-length: 20
x-li-uuid: Af1U5JRGfRUgX45hYisAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect/?time=1548471451841&pid=33962&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
324 B 7ms
7ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=48216b65cd80463ec0696e4f42707c18&_biz_s=339d83&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&_biz_t=1548471451709&_biz_i=%0A%20%20%20%20How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog%20%20&_biz_n=0&rnd=139825&cdn_o=a&_biz_z=1548471451842
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.184.220.178 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A2) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
content-length: 43
request-context: appId=cid-v1:f81cb8d1-c024-4a90-9d5b-5123f82d463b
pragma: no-cache
x-aspnetmvc-version: 4.0
last-modified: Sun, 20 Jan 2019 01:22:38 GMT
server: ECS (fcn/41A2)
content-type: Image/GIF
access-control-expose-headers: Request-Context
cache-control: no-cache, no-store
accept-ranges: bytes
expires: -1

GET
H2 200 /
www.google.com/pagead/1p-user-list/812494211/ 42 B
109 B 24ms
24ms Image
image/gif 2a00:1450:4001:824::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812494211/?random=1548471451671&cv=9&fst=1548468000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&tiba=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2293615931&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jan 2019 02:57:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/812494211/ 42 B
109 B 21ms
21ms Image
image/gif 2a00:1450:4001:819::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/812494211/?random=1548471451671&cv=9&fst=1548468000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&tiba=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2293615931&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:819::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jan 2019 02:57:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/154/ 8 KB
4 KB 8ms
8ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/154/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sat, 26 Jan 2019 02:57:32 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 May 2018 02:45:27 GMT
Server: Apache
ETag: "808fc844032f646c32adce24553838be:1526611527"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3700
Expires: Mon, 06 May 2019 02:57:32 GMT

GET
H2 200 BizibleAcct.js Show response
cdn.bizible.com/ 376 B
437 B 120ms
120ms Script
text/javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/BizibleAcct.js?_biz_u=48216b65cd80463ec0696e4f42707c18&_biz_h=-1906410348&cdn_o=a&jsVer=4.18.12.07
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.184.220.178 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 0fcd47c2c6dfcd3ee13497267ef1bab6fc93fcf333b73aa2e7e81e92e4be8ff0

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:31 GMT
content-encoding: gzip
x-aspnetmvc-version: 4.0
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
etag: 7A9B950E
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
access-control-expose-headers: Request-Context
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 324
request-context: appId=cid-v1:f81cb8d1-c024-4a90-9d5b-5123f82d463b

GET
H/1.1 200
OK visitWebPage Show response
306-zej-256.mktoresp.com/webevents/ 2 B
272 B 535ms
93ms XHR
text/plain 192.28.144.124
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL: https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1548471452028&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-zscaler.com-1548471452027-82147&_mchHo=www.zscaler.com&_mchPo=&_mchRu=%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&_mchPc=https%3A&_mchVr=154&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/154/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software: spray-can/1.3.3 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Origin: https://www.zscaler.com

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 26 Jan 2019 02:57:32 GMT
Content-Encoding: gzip
Server: spray-can/1.3.3
Content-Length: 22
X-Request-Id: 868329e9-fa6b-48f4-ba78-6d6475639e52
Content-Type: text/plain; charset=UTF-8

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 461 B
922 B 105ms
55ms XHR
application/json 13.32.158.251
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&page_title=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog&key=e7b3561b67c7ce74cf1aceb04a975065&src=tag
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/e528e275.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.158.251 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-158-251.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: a6734aa03fb398df4227e980432c1fbd76f8fb1c45fca96a2ede155aa27b6410

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Origin: https://www.zscaler.com

Response headers

date: Sat, 26 Jan 2019 02:57:32 GMT
content-encoding: gzip
access-control-allow-origin: https://www.zscaler.com
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 1728000
request-id: e90ef8da-c527-434e-859e-59d26c5090d7
content-length: 263
pragma: no-cache
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 63db28734e1b9429c04087abd41a1692.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7_lpn8WruMdO9elDJGoEkdsp7NPsSjsIIAd9ApYKfmGMiYgQAjicuA==
expires: Fri, 25 Jan 2019 02:57:32 GMT

GET
H2

200

pixel
d.company-target.com/ul_cb/
Redirect Chain

https://d.company-target.com/pixel?type=js&id=15436064794900&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox
https://d.company-target.com/ul_cb/pixel?type=js&id=15436064794900&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox

283 B
283 B

17ms
16ms

Image
text/javascript

35.190.27.37
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.company-target.com/ul_cb/pixel?type=js&id=15436064794900&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.27.37 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 37.27.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:32 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
alt-svc: clear
content-length: 283

Redirect headers

date: Sat, 26 Jan 2019 02:57:32 GMT
via: 1.1 google
location: https://d.company-target.com/ul_cb/pixel?type=js&id=15436064794900&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0

GET
H2

200

pixel
d.company-target.com/ul_cb/
Redirect Chain

https://d.company-target.com/pixel?type=js&id=15436065076967&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox
https://d.company-target.com/ul_cb/pixel?type=js&id=15436065076967&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox

283 B
283 B

17ms
17ms

Image
text/javascript

35.190.27.37
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.company-target.com/ul_cb/pixel?type=js&id=15436065076967&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.27.37 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 37.27.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 26 Jan 2019 02:57:32 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
alt-svc: clear
content-length: 283

Redirect headers

date: Sat, 26 Jan 2019 02:57:32 GMT
via: 1.1 google
location: https://d.company-target.com/ul_cb/pixel?type=js&id=15436065076967&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

log
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AABKuk64l5kAACFlW3o7Xw

26 B
497 B

223ms
184ms

Image
image/gif

13.32.158.125
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/log?vendor=choca&user_id=AABKuk64l5kAACFlW3o7Xw
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.158.125 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-158-125.fra56.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sat, 26 Jan 2019 02:57:32 GMT
Via: 1.1 fc3a4fa8a6bf80fc624a0bc082bb5b4e.cloudfront.net (CloudFront)
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Connection: keep-alive
Content-Length: 26
X-Amz-Cf-Id: sP91Q4x-ryQ4cOrJ7rYV5_ISt66nsXe1zZk6ytDwup6daLSNuHoIoQ==

Redirect headers

location: https://segments.company-target.com/log?vendor=choca&user_id=AABKuk64l5kAACFlW3o7Xw
Date: Sat, 26 Jan 2019 02:57:32 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 204 464526.gif
id.rlcdn.com/ 0
34 B 318ms
104ms Image
text/plain 54.236.93.75
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.93.75 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-236-93-75.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Sat, 26 Jan 2019 02:57:32 GMT

GET
H2 200 siteOptimization.min.js Show response
tag.demandbase.com/shared/ 28 KB
8 KB 8ms
7ms Script
application/javascript 13.32.158.65
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/siteOptimization.min.js
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/e528e275.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.158.65 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-158-65.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b017eb75438118ced0f6a0a178b51e9c874e94dc6144cd1bab225c666ab24700

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: eXh.jRC7Tbc4QfyYQuq9IRAq.lR50YWy
content-encoding: gzip
last-modified: Fri, 30 Nov 2018 01:27:25 GMT
server: AmazonS3
age: 1488
date: Sat, 26 Jan 2019 02:33:43 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: public, max-age=3600
x-amz-cf-id: rWTEmeaNGfAYPa1cBuo23WafdE2KelyG4Rrg95fWFYr05h9VkRKNmg==
via: 1.1 170fdbe261f5e85186a08817806feba2.cloudfront.net (CloudFront)

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 6ms
5ms Image
image/gif 2a00:1450:4001:816::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j73&a=1697570734&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&ul=en-us&de=UTF-8&dt=How%20To%20Install%20Silently%20Malicious%20Extensions%20For%20Firefox%20%7C%20Zscaler%20Blog&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAiEABB~&jid=&gjid=&cid=1291406072.1548471452&tid=UA-6177009-1&_gid=2126116754.1548471452&gtm=2wg1d15SLZFK&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=(Non-Company%20Visitor)&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=Bot&cd16=Frankfurt%20Am%20Main&cd17=05&cd18=Germany&cd19=(Non-Company%20Visitor)&z=1648864999

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Jan 2019 14:06:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1428689
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 siteOptimization.css
tag.demandbase.com/shared/ 38 KB
5 KB 8ms
7ms Stylesheet
text/css 13.32.158.65
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/siteOptimization.css
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/shared/siteOptimization.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.158.65 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-158-65.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4406007284b6d1a81fd3ba97f9659be877a4da77b3927be406cdddee55c5d23a

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: Gh4KvDJAlUlvOieNfyGe04WJzQmbfe5r
content-encoding: gzip
last-modified: Tue, 17 Apr 2018 18:32:11 GMT
server: AmazonS3
age: 2549
date: Sat, 26 Jan 2019 02:15:49 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=3600
x-amz-cf-id: S4jhOuOsaFf_e1zpd3xf9ihJeyaeO45Yz1egHBR6WdSNkM0WvfYa4g==
via: 1.1 170fdbe261f5e85186a08817806feba2.cloudfront.net (CloudFront)

GET
H/1.1

200
OK

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&referer=&fp=5dbc0281a014b7f8cf...
https://tracking.leadlander.com/tracking.png

68 B
347 B

104ms
104ms

Image
image/png

34.202.202.117
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Requested by

Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.202.202.117 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-34-202-202-117.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.zscaler.com/blogs/research/how-install-silently-malicious-extensions-firefox
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sat, 26 Jan 2019 02:57:32 GMT
Last-Modified: Wed, 26 Sep 2018 16:48:51 GMT
Server: Kestrel
ETag: "1d455b8cd761bc4"
Strict-Transport-Security: max-age=2592000
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Location: /tracking.png
Date: Sat, 26 Jan 2019 02:57:32 GMT
Server: Kestrel
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=2592000

Verdicts & Comments Add Verdict or Comment

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zscaler.com/	1970-01-26 05:19:51	Name: _gd_svisitor Value: 3d8414025b0200009bcc4b5c8b02000095eb0d00
.zscaler.com/	1970-01-19 06:53:27	Name: _biz_pendingA Value: %5B%5D
.zscaler.com/	1970-01-19 06:53:27	Name: _biz_nA Value: 1
www.zscaler.com/	1970-01-18 22:08:05	Name: _gd_session Value: 17c573bb-7058-49ef-8237-7fda208ed3d9
.zscaler.com/	1970-01-18 22:07:53	Name: _biz_sid Value: 339d83
.zscaler.com/	1970-01-18 22:09:17	Name: _gid Value: GA1.2.2126116754.1548471452
www.zscaler.com/	1969-12-31 23:59:59	Name: SimpleSAMLSessionID Value: e59ad00c240536dbd691c9c53099a452
.zscaler.com/	1970-01-19 06:53:27	Name: _biz_uid Value: 48216b65cd80463ec0696e4f42707c18
.zscaler.com/	1970-01-18 22:07:51	Name: _dc_gtm_UA-6177009-1 Value: 1
.www.zscaler.com/	1970-01-19 06:53:27	Name: OptanonConsent Value: landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fhow-install-silently-malicious-extensions-firefox&datestamp=Sat+Jan+26+2019+02%3A57%3A31+GMT%2B0000+(Coordinated+Universal+Time)&version=4.1.0
.zscaler.com/	1970-01-19 15:39:03	Name: _ga Value: GA1.2.1291406072.1548471452
.zscaler.com/	1970-01-19 15:39:03	Name: _mkto_trk Value: id:306-ZEJ-256&token:_mch-zscaler.com-1548471452027-82147
www.zscaler.com/	1969-12-31 23:59:59	Name: has_js Value: 1
.zscaler.com/	1970-01-19 06:53:27	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22XDomain%22%3A%221%22%7D
www.zscaler.com/	1970-01-26 05:19:51	Name: _gd_visitor Value: 3b46aa05-c891-4d68-86ea-adb68ee2b41e
.zscaler.com/	1970-01-19 00:17:27	Name: _gcl_au Value: 1.1.1897001424.1548471452

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

306-zej-256.mktoresp.com
api.company-target.com
b.6sc.co
c.6sc.co
cdn-2.zscaler.com
cdn-3.zscaler.com
cdn-4.zscaler.com
cdn-5.zscaler.com
cdn.bizible.com
cdn.cookielaw.org
cdn.zscaler.com
d.company-target.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
id.rlcdn.com
j.6sc.co
match.prod.bidr.io
munchkin.marketo.net
pro.fontawesome.com
px.ads.linkedin.com
qcdn.qordoba.com
research.zscaler.com
s.ytimg.com
segments.company-target.com
sjs.bizographics.com
stats.g.doubleclick.net
storaged.qordoba.com
t.sf14g.com
tag.demandbase.com
tracking.leadlander.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.youtube.com
www.zscaler.com
13.32.158.125
13.32.158.126
13.32.158.251
13.32.158.65
130.211.18.192
152.195.132.202
18.235.79.210
184.31.84.223
192.28.144.124
2.19.36.87
216.58.207.34
2a00:1450:4001:808::2008
2a00:1450:4001:816::200e
2a00:1450:4001:819::2003
2a00:1450:4001:819::200a
2a00:1450:4001:81c::200e
2a00:1450:4001:81d::200e
2a00:1450:4001:820::2002
2a00:1450:4001:824::2004
2a00:1450:4001:825::2003
2a00:1450:400c:c04::9a
2a02:26f0:6c00:2bf::3adf
2a05:f500:10:101::b93f:9101
2a05:f500:10:101::b93f:9105
34.202.202.117
35.166.119.124
35.190.27.37
50.31.246.1
52.212.115.169
54.236.93.75
93.184.220.178
0747d3bb1a47671210add22ff8f49d6130bf39ad8559153b6beee2166fdbb67b
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
0fcd47c2c6dfcd3ee13497267ef1bab6fc93fcf333b73aa2e7e81e92e4be8ff0
12548275b6fc8ac215d87635ffc7bfcf02bc01da34420ad137401be0bf1cf91d
1be216dbc059d96e288b0c1f399a1a80ee8c65e4c1272dbc4574bd6d23cf45d9
1d73a768fea8ea85aed3a572e2ca0c1b5e7348f9036edb5ad851b3e326eb9e73
233e3380f818389aea385208a4734e0b2bce8371d7239245efdf13468a390640
27a9d5da522a9269ce5317f99cc458e95bcf4b13acb90fa0d6ee43910553f880
2d63c7c20a146f020872668c23fc4cda0c7f4887dfc65136804f8131d5b188f2
35db12d00306c3e30c48431e788ab06812c56b7dcf5e6d0fd8167c66c85e4170
388b07558e87db3b230d12f54acae0ee7f289ff13715c97a0595b99a6fd072ab
391f4dc402b6ecb016765b0eae6e508d409b577b79e87dd1dbade260d4495581
3a6833c9d0695506a24bc475101a965659bffaaef9c4dcef8943f9a5faf740f5
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671
4311173914cb2ba37378d3f07064c3e0187119d825a8088fc3f218d84eeb74e8
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
4406007284b6d1a81fd3ba97f9659be877a4da77b3927be406cdddee55c5d23a
45b5732f734c6199b57da0ed7832ed2f674b67a8dd9486cd2ba8456a5f298173
466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f
4d88075df6bd535ce6fd8669305484dcb92b29f5c938e40a1161ffad675a8699
52ae784bbd156dfe8f7311c85d5753314cbd9d963ec95a62e6665c99d0268a7b
55dc5c73c34f07982aca310c0fddc9f3dcff29e33eeade0d50b0138c500995b8
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
581dd3db6feb8516dfd8666c1ab32cfe0a6b0612e9def6d3d53c0d7385375dc0
5a83e9ab51f0cdb6c8dca84411c7370a9ad152fd4e5730848ea3a294d3b845d2
5f4407da08a159f50a278d4e86cda104a1738182beeca5d9b3fdc0a84fadb206
636650ac762d847504ac09f61affe9caa451b64d29fa19f9b5f82afa1ecccb41
64565561ddb338a11ffce5b84aa53fa6e8fd203c34208e61eb5602cd08bf527f
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
7221be22d59bd95b5c1e47590a48d06d367a965213a39ca929241e4a6f9ee7ee
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
840353e97eda0d0721411f79be9b32cf832898137e52e3de834e4a1ccc0f62c8
848fddf1e2f7de5b9553870997e698d0cc95e417dfeab8edc389270ee128a46b
8521546462c374cd8318bbfbe95ff5c775195d06afb71b4d44eea64a3e42b020
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
88876fcd5eb71de865d889ea63df11b023ef1d1365124305c2708f61cbb04339
8b5a4c38e84431b3669f45f2d84e2562d121e7e6204518fec00ee798a53ef949
8db382402a0035d9a255f6caf1c217f564c079cd928a899047ceba835eba7957
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5
9d15d6be9c463e262a90401362a498e9142ee8579fe021614d89c8640c078105
a20e873e9e55ac320e46bfcc9124cad95e34a04bf7846226d34f9befdff81c30
a22572e7d8975ddbb4a899e9e84635bd568022f11db9cee1401af03c473dc2b4
a63697b509acc4629d1f31050b2ae187a0a740d81280c45b373e98d2121ad22e
a6734aa03fb398df4227e980432c1fbd76f8fb1c45fca96a2ede155aa27b6410
aa2db21b8bd39607afe064424daeaa31e3dc9e829956e79bbe28c3bd7e5718c4
aaa56481990a2d762ade7aad471e4214c2a8a7b2f951b864b67743a9514f2b15
abb6ba48394b3e80f0cec249f5b162adbcbd918fa8cfb6f58bf5a9f91f05657d
ac87ad7a2bef0649ec3f84eebacf1e02bd48647caa281c1da27cc26263abc75b
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b017eb75438118ced0f6a0a178b51e9c874e94dc6144cd1bab225c666ab24700
b03898672d84cf2362e40d6459d9ade748ecd338ffbeeee256e07630bd07e48c
b4f9416e258fcea8b1a2f805debf8aa80c5b946d596d6ed39f39ac9f03a68c11
b67304b1462d047b0c26821ddf68bb596e29663fe359b0023d9160a5c11a7a1a
b6f5ff4cfa2d209385754fb256451d4104387617e34131f5500822250e4f4c59
b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188
b91fca9d4f3ea796af034d2157b5982db1e939753ffbc65645ecc15d45b3a94c
bb298ba7af6bca6e786bbb354498104b2268c43d19eb27e4efa969516785b8e4
bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
c31af6fbb672b4a620e928cff91917a6317d4673f229c9df119b29faed0aa85f
c805b4384196fbfe33e7dfd888691f944bac238cdb5f3ea185386765603593cd
c8781d901afb9614a7e1b2b8cea7ab949243f66d624244c653dcda514b06f80d
c8abaf8f630ae4af089de7c1b5d7d8f54cec867b3ecf76256db2f5a9fffe7c0c
d74148ff31c75b243670de7e37dbb54d399185c0384e982da43388bece07a763
d7dd3f4c3fcd4d440cd3aa820cc4da361dd28a055f0a05bf60dbac778c3528a0
da7ebd42b410dec8e844022c3445e6367f49b0d68654e4012c05e5cdec6fff4e
dba7f69552c84f602fe58d4cb6755f58e70ef9cfaa21743b8b35b7892f32f169
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d5a9530fbfbded64763e27ce2d6cf1d2636edb9552b9720c92c86284894e87
e705082b8a630b4d0190bb13e20f4d127f75ad88c271c749ff0c4e10c6acacf9
e9622a721ead53a7e422bf180cb5a0aab8a5190b678bc3a1e1a29bc02a5314e3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7c386915e39d8a925fe10d15744a9da95ac8f90423e12728e7fc3c5e34f4559
f8a9e1e5506fec3e24e3d86aab4c84f19f4de9d3525362cdc56123f0e5d301cb

www.zscaler.com Open in urlscan Pro 35.166.119.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

86 Requests

100 %HTTPS

42 %IPv6

26 Domains

39 Subdomains

28 IPs

4 Countries

1477 kBTransfer

3150 kBSize

16 Cookies

29 Outgoing links

Page URL History

Redirected requests

86 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zscaler.com Open in urlscan Pro
35.166.119.124 Public Scan

Screenshot
Live screenshot

Full Image

86
Requests

100 %
HTTPS

42 %
IPv6

26
Domains

39
Subdomains

28
IPs

4
Countries

1477 kB
Transfer

3150 kB
Size

16
Cookies

86 HTTP transactions
0 data transactions