www.zscaler.de Open in urlscan Pro
35.166.119.124 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Effective URL:
https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Submission: On April 23 via api (April 23rd 2019, 5:47:29 pm UTC) from US

Summary HTTP 50 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 16 domains to perform 50 HTTP transactions. The main IP is 35.166.119.124, located in Boardman, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.zscaler.de.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on April 8th 2019. Valid for: 2 years.

This is the only time www.zscaler.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	35.166.119.124 35.166.119.124	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
17	13.35.253.87 13.35.253.87	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81f::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
3	50.31.246.1 50.31.246.1	40509 (FLY) (FLY - Fly.io)
3	152.195.132.202 152.195.132.202	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
5	2a00:1450:400... 2a00:1450:4001:821::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2	184.31.84.223 184.31.84.223	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.87.20.48 52.87.20.48	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:81e::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	192.28.144.124 192.28.144.124	53580 (MARKETO) (MARKETO - MARKETO)
1 2	34.224.11.24 34.224.11.24	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
50	16

7 35.166.119.124 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-166-119-124.us-west-2.compute.amazonaws.com

www.zscaler.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 13.35.253.87 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-87.fra6.r.cloudfront.net

cdn-5.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-2.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-3.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-4.zscaler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.31.246.1 (Chicago, United States)

ASN40509 (FLY - Fly.io, Inc., US)
PTR: 202.ae1.cr1.cloud.sjc2.us.scnet.net

pro.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 152.195.132.202 (Ashburn, United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:821::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s46-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.84.223 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-84-223.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.87.20.48 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-87-20-48.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9a (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

306-zej-256.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.224.11.24 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-224-11-24.compute-1.amazonaws.com

tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	zscaler.com cdn-5.zscaler.com cdn-2.zscaler.com cdn.zscaler.com cdn-3.zscaler.com cdn-4.zscaler.com www.zscaler.com	421 KB
5	gstatic.com fonts.gstatic.com	75 KB
3	google-analytics.com www.google-analytics.com	37 KB
3	cookielaw.org cdn.cookielaw.org	20 KB
3	fontawesome.com pro.fontawesome.com	191 KB
3	zscaler.de www.zscaler.de	334 KB
2	leadlander.com 1 redirects tracking.leadlander.com	644 B
2	google.de www.google.de	218 B
2	google.com 1 redirects www.google.com	288 B
2	marketo.net munchkin.marketo.net	5 KB
2	doubleclick.net 1 redirects googleads.g.doubleclick.net stats.g.doubleclick.net	1 KB
1	mktoresp.com 306-zej-256.mktoresp.com	272 B
1	sf14g.com t.sf14g.com	37 KB
1	googleadservices.com www.googleadservices.com	9 KB
1	googletagmanager.com www.googletagmanager.com	32 KB
1	googleapis.com fonts.googleapis.com	1023 B
50	16

	Domain	Requested by
5	fonts.gstatic.com	www.zscaler.de
4	www.zscaler.com	cdn-4.zscaler.com
4	cdn-3.zscaler.com	www.zscaler.de cdn-4.zscaler.com
4	cdn.zscaler.com	www.zscaler.de
4	cdn-2.zscaler.com	www.zscaler.de
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.zscaler.de
3	cdn.cookielaw.org	www.zscaler.de cdn.cookielaw.org
3	pro.fontawesome.com	www.zscaler.de
3	cdn-5.zscaler.com	www.zscaler.de
3	www.zscaler.de	www.zscaler.de
2	tracking.leadlander.com	1 redirects
2	www.google.de	www.zscaler.de
2	www.google.com	1 redirects www.zscaler.de
2	munchkin.marketo.net	www.zscaler.de munchkin.marketo.net
2	cdn-4.zscaler.com	www.zscaler.de
1	306-zej-256.mktoresp.com	munchkin.marketo.net
1	stats.g.doubleclick.net	1 redirects
1	t.sf14g.com	www.zscaler.de
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	www.zscaler.de
1	fonts.googleapis.com	www.zscaler.de
50	22

This site contains links to these domains. Also see Links.

Domain
securecloudtransformation.zscaler.com
admin.zscaler.net
admin.zscalerone.net
admin.zscalertwo.net
admin.zscalerthree.net
admin.zscalerbeta.net
admin.zscloud.net
admin.private.zscaler.com
help.zscaler.com
www.zscaler.com
www.zscaler.fr
www.zscaler.jp
securitypreview.zscaler.com
community.zscaler.com
ir.zscaler.com
apex.zscaler.com
twitter.com
www.facebook.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
zscaler.com DigiCert SHA2 Extended Validation Server CA	`2019-04-08` - `2021-06-30`	2 years	crt.sh
cdn.zscaler.com DigiCert SHA2 High Assurance Server CA	`2016-06-24` - `2019-06-28`	3 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
pro.fontawesome.com Let's Encrypt Authority X3	`2019-03-13` - `2019-06-11`	3 months	crt.sh
sa437gl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2018-05-17` - `2020-08-19`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
www.googleadservices.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2018-07-09` - `2019-09-07`	a year	crt.sh
www.google.de Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
www.google.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
*.mktoresp.com GeoTrust RSA CA 2018	`2018-02-05` - `2020-02-05`	2 years	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2018-07-09` - `2019-09-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Frame ID: FC0B57278C71DA5CA0C12CD0287133C9
Requests: 50 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i
env /^Drupal$/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i
env /^Drupal$/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

HeadJS (JavaScript Libraries) Expand

Overall confidence: 50%
Detected patterns

env /^head$/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i
env /^Munchkin$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

50
Requests

100 %
HTTPS

47 %
IPv6

16
Domains

22
Subdomains

16
IPs

3
Countries

1165 kB
Transfer

2748 kB
Size

4
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://securecloudtransformation.zscaler.com/
Title: Request Your Copy

Search URL Search Domain Scan URL

URL: https://admin.zscaler.net/
Title: admin.zscaler.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerone.net/
Title: admin.zscalerone.net

Search URL Search Domain Scan URL

URL: https://admin.zscalertwo.net/
Title: admin.zscalertwo.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerthree.net/
Title: admin.zscalerthree.net

Search URL Search Domain Scan URL

URL: https://admin.zscalerbeta.net/
Title: admin.zscalerbeta.net

Search URL Search Domain Scan URL

URL: https://admin.zscloud.net/
Title: admin.zscloud.net

Search URL Search Domain Scan URL

URL: https://admin.private.zscaler.com/
Title: Zscaler Private Access

Search URL Search Domain Scan URL

URL: https://help.zscaler.com/zia?_ga=2.166933438.1473019286.1507094874-1668161512.1505066962
Title: Support

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/
Title: English

Search URL Search Domain Scan URL

URL: https://www.zscaler.fr/
Title: Français

Search URL Search Domain Scan URL

URL: https://www.zscaler.jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/products/zscaler-internet-access
Title: Produkte

Search URL Search Domain Scan URL

URL: http://securitypreview.zscaler.com/
Title: Jetzt Sicherheit überprüfen

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/solutions/cloud-security
Title: Lösungen

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/products/zpa-for-aws
Title: AWS

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/solutions/partners/silver-peak
Title: Silver Peak

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/solutions/partners/cisco-sd-wan
Title: Cisco SD-WAN

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/solutions/partners/velocloud
Title: VeloCloud

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/resources
Title: Ressourcen

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/zenith-community/cloud-first-architect
Title: Overview

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/c/cfa
Title: Join the Conversation

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/company/vulnerability-disclosure-program
Title: Vulnerability Disclosure Program

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/company/about-zscaler
Title: Unternehmen

Search URL Search Domain Scan URL

URL: https://community.zscaler.com/
Title: Zenith Community

Search URL Search Domain Scan URL

URL: https://ir.zscaler.com/
Title: Für Investoren

Search URL Search Domain Scan URL

URL: https://apex.zscaler.com/
Title: Partner-Anfrage

Search URL Search Domain Scan URL

URL: http://twitter.com/zscaler

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Zscaler?ref=ts

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zscaler

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ZscalerMarketing

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-6177009-1&cid=199823883.1556041634&jid=1998933040&gjid=1814590186&_gid=1684225946.1556041634&_u=aGBAgEADQ~&z=452126212 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=199823883.1556041634&jid=1998933040&_v=j73&z=452126212 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=199823883.1556041634&jid=1998933040&_v=j73&z=452126212&slf_rd=1&random=1281204731

Request Chain 48

https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.de%2Fblogs%2Fcorporate%2Fmalware-authors-have-already-won-iron-throne%253C%2Fspan%253E%253C%2Fli&referer=&fp=1a0c001199c9dd2260857e939d4111bb HTTP 302
https://tracking.leadlander.com/tracking.png

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 Primary Request li Show response
www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/ 49 KB
12 KB 831ms
370ms Document
text/html 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

68d0511aa1f288d4c7cff930f462b4ef11ed50009a4e9719d2f52d32adf9ef2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: www.zscaler.de
:scheme: https
:path: /blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 404
server: nginx
date: Tue, 23 Apr 2019 17:47:12 GMT
content-type: text/html; charset=utf-8
content-length: 11193
strict-transport-security: max-age=31536000; preload
x-drupal-cache: MISS
x-content-type-options: nosniff
access-control-allow-origin: https://cdn.zscaler.com https://cdn-2.zscaler.com https://cdn-3.zscaler.com https://cdn-4.zscaler.com https://cdn-5.zscaler.com https://www.zscaler.com https://info.zscaler.com http://info.zscaler.test http://info.zscaler.com https://dev.zscaler.com http://fonts.googleapis.com https://staging.zscaler.com http://www.zscaler.test
etag: "1556035367-1"
content-language: de
cache-control: public, max-age=86400
last-modified: Tue, 23 Apr 2019 16:02:47 GMT
expires: Sun, 19 Nov 1978 05:00:00 GMT
vary: Accept-Encoding
content-encoding: gzip
x-request-id: v-3cc7165e-65e1-11e9-85ff-87530cdaaf78
x-ah-environment: prod
age: 6264
via: varnish
x-cache: HIT
x-cache-hits: 168

GET
H2 200 css__BJ6Ou6QsBRtnFTmxaakamOIS8n4QswDP2XnnZ1sxtaM__NBuvkP6eInGIkb1aJvUHx5PX79XApuxBDkk_77W5tYk__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css
cdn-5.zscaler.com/sites/default/files/advagg_css/ 9 KB
3 KB 112ms
18ms Stylesheet
text/css 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-5.zscaler.com/sites/default/files/advagg_css/css__BJ6Ou6QsBRtnFTmxaakamOIS8n4QswDP2XnnZ1sxtaM__NBuvkP6eInGIkb1aJvUHx5PX79XApuxBDkk_77W5tYk__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

a63697b509acc4629d1f31050b2ae187a0a740d81280c45b373e98d2121ad22e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 03 Sep 2018 08:59:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20077410
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 2933
x-request-id: v-75e7502c-af55-11e8-a357-06dfa37c215e
last-modified: Mon, 03 Sep 2018 06:38:32 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 206438524 199103005
via: 1.1 varnish (Varnish/5.2), 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
expires: Mon, 02 Sep 2019 08:43:41 GMT
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
content-type: text/css
x-amz-cf-id: WcRRK2EF_xpP86Scoc7KXw90NEg_P8fcTDliG5cYA1-_V0eX2xIl9g==
x-cache-hits: 3

GET
H2 200 css__B6R1n5hUxJ1o1BWFmj6GlRKP80ajaoSTQm5aID3_N8w__XMmkF07YEEILSr_5suip2GpdbEMJ_R-22WGrZmdhdmY__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css
cdn-2.zscaler.com/sites/default/files/advagg_css/ 10 KB
3 KB 112ms
19ms Stylesheet
text/css 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-2.zscaler.com/sites/default/files/advagg_css/css__B6R1n5hUxJ1o1BWFmj6GlRKP80ajaoSTQm5aID3_N8w__XMmkF07YEEILSr_5suip2GpdbEMJ_R-22WGrZmdhdmY__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

dba7f69552c84f602fe58d4cb6755f58e70ef9cfaa21743b8b35b7892f32f169

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 03 Sep 2018 08:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20077411
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 2573
x-request-id: v-75963598-af55-11e8-b479-06dfa37c215e
last-modified: Mon, 03 Sep 2018 06:38:32 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 202736344 203325452
via: 1.1 varnish (Varnish/5.2), 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
expires: Mon, 02 Sep 2019 08:43:41 GMT
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
content-type: text/css
x-amz-cf-id: s_F97sWxjpLCxFyFNNNiF7ugJic9QxDwBwI1aqpn0XbXk6J16kcNow==
x-cache-hits: 3

GET
H2 200 css__eNtaUz0sxa7EdQoTABhVJ8QE-8BdUtqafSDZT7Nw3Hw__fAg_sVEGluhD-599VqqHQBHC4gSTwzqxmJ5xT2uLPIo__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css
cdn-2.zscaler.com/sites/default/files/advagg_css/ 67 KB
7 KB 128ms
35ms Stylesheet
text/css 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-2.zscaler.com/sites/default/files/advagg_css/css__eNtaUz0sxa7EdQoTABhVJ8QE-8BdUtqafSDZT7Nw3Hw__fAg_sVEGluhD-599VqqHQBHC4gSTwzqxmJ5xT2uLPIo__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

ae010921cf55648768192e7093d955589296a57547fc7829c60b2e2a1287a089

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 23 Mar 2019 03:23:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2730250
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 7152
x-request-id: v-f76fbfb8-4d1a-11e9-ad97-c7ea73914a3f
last-modified: Sun, 20 Jan 2019 12:16:28 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
via: varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: bjIYWp_gismGDr2dZjCmIeo2ukHeP4X_4Qz_2Gwy59pyYFkSLkTd3g==
expires: Sat, 21 Mar 2020 03:23:02 GMT

GET
H2 200 css__zt2v79BRnbKLQqxXI6VWIcLPzSPLQmS3708n4U7KO8o__VRBDvoJUsMeNbceG0V8okk3cYHuF_1U_xrStsiLbBrA__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css
cdn.zscaler.com/sites/default/files/advagg_css/ 882 B
949 B 111ms
18ms Stylesheet
text/css 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zscaler.com/sites/default/files/advagg_css/css__zt2v79BRnbKLQqxXI6VWIcLPzSPLQmS3708n4U7KO8o__VRBDvoJUsMeNbceG0V8okk3cYHuF_1U_xrStsiLbBrA__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

8b5a4c38e84431b3669f45f2d84e2562d121e7e6204518fec00ee798a53ef949

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 03 Sep 2018 08:59:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20077411
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 424
x-request-id: v-75a16c1a-af55-11e8-b103-06dfa37c215e
last-modified: Mon, 03 Sep 2018 06:38:32 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 205521045 203325456
via: 1.1 varnish (Varnish/5.2), 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
expires: Mon, 02 Sep 2019 08:43:41 GMT
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
content-type: text/css
x-amz-cf-id: 15vqyOd3LgEn0lDu7aKapmj1_Ix7KVJ4tQkhLKDFRQhwriJ0qdcEkg==
x-cache-hits: 3

GET
H2 200 css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__5MTq8oVUj49LXWjQtDKn2lGZjpG3CG5NCtkJlC56WBg__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css
cdn-3.zscaler.com/sites/default/files/advagg_css/ 698 KB
94 KB 160ms
67ms Stylesheet
text/css 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__5MTq8oVUj49LXWjQtDKn2lGZjpG3CG5NCtkJlC56WBg__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

71c0971fb73ff2aacb64a8d9f825340e232c6fcffc039f0e746946e66cc44dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 22 Apr 2019 07:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124902
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 96051
x-request-id: v-0346ef36-64cd-11e9-8cf1-035ba779e4ad
last-modified: Mon, 22 Apr 2019 07:05:18 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
via: varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
expires: Mon, 20 Apr 2020 07:05:29 GMT
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: BUvaH9BkDYM19y1hx3x85Z9VUreYG40sk9TgI9lUR0gYpXIaKn7SxQ==
x-cache-hits: 1

GET
H2 200 css
fonts.googleapis.com/ 18 KB
1023 B 20ms
17ms Stylesheet
text/css 2a00:1450:4001:81f::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81f::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

678221938b349cc06a42e2f9c817712ee18ea1cbf48e300cb6a4e34853dbccd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 23 Apr 2019 17:47:12 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 23 Apr 2019 17:47:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 1; mode=block
expires: Tue, 23 Apr 2019 17:47:12 GMT

GET
H2 200 all.css
pro.fontawesome.com/releases/v5.5.0/css/ 71 KB
15 KB 166ms
55ms Stylesheet
text/css 50.31.246.1
Fly.io

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.5.0/css/all.css
Requested by: Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.31.246.1 Chicago, United States, ASN40509 (FLY - Fly.io, Inc., US),
Reverse DNS: 202.ae1.cr1.cloud.sjc2.us.scnet.net
Software: Fly.io/0.1.1 /
Resource Hash: b03898672d84cf2362e40d6459d9ade748ecd338ffbeeee256e07630bd07e48c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Origin: https://www.zscaler.de

Response headers

date: Tue, 23 Apr 2019 17:47:12 GMT
content-encoding: gzip
fly-request-id: bNotex7tVEZDM5Hgd5xkfYwbgX
x-cache: HIT
status: 200
access-control-max-age: 3000
content-length: 14868
last-modified: Fri, 02 Nov 2018 15:36:35 GMT
server: Fly.io/0.1.1
etag: "75f13e3f5bea848834d983b9f682aa15"
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes

GET
H2 200 zscaler-header-globeIcon.svg
cdn.zscaler.com/sites/all/themes/zscaler/images/shared/ 1 KB
2 KB 155ms
70ms Image
image/svg+xml 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-globeIcon.svg

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

581dd3db6feb8516dfd8666c1ab32cfe0a6b0612e9def6d3d53c0d7385375dc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 26 Sep 2018 15:54:23 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 764286
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 1474
x-request-id: v-95cb3332-c129-11e8-ac7f-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 782200721 760951703
expires: Wed, 10 Oct 2018 01:14:58 GMT
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: dbx3YSCCepHdvbOM3-jD48EnUc7ymxcZ9iuJpiT7u3cPa0hO-vI96A==
x-cache-hits: 8

GET
H2 200 zscaler-home-navigation-contact.svg
cdn-2.zscaler.com/sites/all/themes/zscaler/images/shared/ 395 B
866 B 156ms
71ms Image
image/svg+xml 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-2.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-home-navigation-contact.svg

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

1d73a768fea8ea85aed3a572e2ca0c1b5e7348f9036edb5ad851b3e326eb9e73

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 13 Sep 2018 21:26:45 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 561732
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 395
x-request-id: v-3c82d78e-b68a-11e8-8bc6-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 492734917 478559317
expires: Wed, 26 Sep 2018 12:49:07 GMT
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: F0DfdDNx9UrXTuhYlAXjb_8cFnwBsLeBQzbO2ytMUiSkz7dLFxIKwg==
x-cache-hits: 10

GET
H2 200 zscaler-header-logo.png
cdn-3.zscaler.com/sites/all/themes/zscaler/images/shared/ 4 KB
4 KB 147ms
62ms Image
image/png 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-3.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-logo.png

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

b6f5ff4cfa2d209385754fb256451d4104387617e34131f5500822250e4f4c59

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 03 Sep 2018 20:36:31 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 420106
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 3795
x-request-id: v-6861c18c-af85-11e8-81fe-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 228547968 230819307
expires: Mon, 17 Sep 2018 14:26:55 GMT
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: Pz6Bk_1UcBtd73L73thyTF-xE3-kBeIzee6CJzydU1mjWFxuyli1XA==
x-cache-hits: 383

GET
H2 200 zscaler-header-globeIcon.svg
cdn-4.zscaler.com/sites/all/themes/zscaler/images/shared/ 1 KB
2 KB 147ms
71ms Image
image/svg+xml 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-4.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-globeIcon.svg

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

581dd3db6feb8516dfd8666c1ab32cfe0a6b0612e9def6d3d53c0d7385375dc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 26 Sep 2018 15:54:23 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 764286
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 1474
x-request-id: v-95cb3332-c129-11e8-ac7f-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 782200721 760951703
expires: Wed, 10 Oct 2018 01:14:58 GMT
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: 1b1WrnP3yTfkke1LlNmy5-zg1NUa7tiMK2DtIk9zgg8DLuiaCScBfg==
x-cache-hits: 8

GET
H2 200 zscaler-header-logo-white.png
cdn-5.zscaler.com/sites/all/themes/zscaler/images/shared/ 2 KB
3 KB 142ms
67ms Image
image/png 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-5.zscaler.com/sites/all/themes/zscaler/images/shared/zscaler-header-logo-white.png

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

840353e97eda0d0721411f79be9b32cf832898137e52e3de834e4a1ccc0f62c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 13 Dec 2018 06:47:05 GMT
via: varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 945799
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 2348
x-request-id: v-3d1fdcd2-fe97-11e8-a24c-2bef58f5ebd2
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
content-type: image/png
expires: Thu, 27 Dec 2018 05:23:35 GMT
cache-control: max-age=1209600
accept-ranges: bytes
x-amz-cf-id: ZqK8n8N00qYAHgCGHelTLXS6Uu48Wvi35Ueuw1ci0pUeICAgGea5IQ==
x-cache-hits: 1

GET
H2 200 zscaler-sideIcon-shield.png
cdn.zscaler.com/cdn/farfuture/kch0mK47piKYNqqgMacyMg3dy1eTW-85EOGEz8yhJ0I/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/ 288 B
811 B 135ms
70ms Image
image/png 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.zscaler.com/cdn/farfuture/kch0mK47piKYNqqgMacyMg3dy1eTW-85EOGEz8yhJ0I/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/zscaler-sideIcon-shield.png

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

5a83e9ab51f0cdb6c8dca84411c7370a9ad152fd4e5730848ea3a294d3b845d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 24 Mar 2019 06:35:20 GMT
via: varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 2717064
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 288
x-amz-cf-id: n4jz7djGMAAwAi_s6Ul6LyQBdut8cq_noCdLuSHT7aKPLIKvOgBvvw==
x-request-id: v-aa5fcee2-4d39-11e9-8940-1fe60e20f2dc
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/png
access-control-allow-origin: *
expires: Tue, 20 Jan 2037 04:20:42 GMT
cache-control: max-age=290304000, no-transform, public
accept-ranges: bytes
x-drupal-cache: MISS
x-cache-hits: 10

GET
H2 200 zscaler-sideIcon-share.png
cdn-3.zscaler.com/cdn/farfuture/u_3V4GExYuS8stsYJNF-Ng9UiEHiAnHZm8dRsQR3Vwo/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/ 284 B
807 B 24ms
16ms Image
image/png 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-3.zscaler.com/cdn/farfuture/u_3V4GExYuS8stsYJNF-Ng9UiEHiAnHZm8dRsQR3Vwo/mtime:1535525568/sites/all/themes/zscaler/images/home-page/fixed-buttons/zscaler-sideIcon-share.png

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

d74148ff31c75b243670de7e37dbb54d399185c0384e982da43388bece07a763

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 26 Oct 2018 01:15:45 GMT
via: varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 15527052
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 284
x-amz-cf-id: WVM8MBQBmfDsSwC7t12DUrvznfzvGK2ssQ0bFH5Krx93mDS3WTiMLg==
x-request-id: v-16d742b8-d8b8-11e8-8e3a-06dfa37c215e
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: nginx
strict-transport-security: max-age=31536000; preload
content-type: image/png
access-control-allow-origin: *
expires: Tue, 20 Jan 2037 04:20:42 GMT
cache-control: max-age=290304000, no-transform, public
accept-ranges: bytes
x-drupal-cache: MISS
x-cache-hits: 1

GET
H2 200 5cd9ad34-31a7-4b16-86cf-ca2f9488f47b.js Show response
cdn.cookielaw.org/langswitch/ 2 KB
1 KB 125ms
20ms Script
application/x-javascript 152.195.132.202
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/langswitch/5cd9ad34-31a7-4b16-86cf-ca2f9488f47b.js
Requested by: Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.132.202 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F0C) /
Resource Hash: 39a6e3bd69b21de8370db000e2d01027169b2ae704751c5e0384377c597af40f

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2019 17:47:12 GMT
content-encoding: gzip
content-md5: 6LLZAKRoY1moV+OdTD3EpQ==
x-cache: HIT
status: 200
content-length: 734
x-ms-lease-status: unlocked
last-modified: Fri, 14 Dec 2018 22:46:32 GMT
server: ECAcc (frc/8F0C)
etag: 0x8D66215FE780B22
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: be532a79-201e-008d-29f0-f99440000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Tue, 23 Apr 2019 21:47:12 GMT

GET
H2 200 js__rspbIP6HNPB6Bolqv1Zg4r_E6x4uAG5ZWlGgu4gai6E__Xb63z_NihD_loyQJidxACSUdEhmsYuRIPL3vTVolwJ4__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.js Show response
cdn-4.zscaler.com/sites/default/files/advagg_js/ 88 KB
32 KB 148ms
71ms Script
application/javascript 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-4.zscaler.com/sites/default/files/advagg_js/js__rspbIP6HNPB6Bolqv1Zg4r_E6x4uAG5ZWlGgu4gai6E__Xb63z_NihD_loyQJidxACSUdEhmsYuRIPL3vTVolwJ4__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.js

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

09d9c2b545a6735b727663aed80efaf9655756e4e6312c99f50a7234682b1517

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 18 Apr 2019 13:04:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 448937
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 31778
x-request-id: v-8fe6d9e2-61da-11e9-9d76-67607822eba5
last-modified: Thu, 18 Apr 2019 13:03:58 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
via: varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: 2rh4lzvNP275E8g1seJXi63tJ72pS0wp8IItfPAS0tKXV8bqYsGmsQ==
expires: Thu, 16 Apr 2020 13:04:55 GMT

GET
H2 200 js__N2w3MNbkMBVEaHZEuSDHy9eqjOd34q8QR23ga1GSthI__UaSBauOIHIAdfILgPZKtaSaoIttxVBs0wggJItyxzsI__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.js Show response
cdn-2.zscaler.com/sites/default/files/advagg_js/ 25 KB
9 KB 143ms
67ms Script
application/javascript 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-2.zscaler.com/sites/default/files/advagg_js/js__N2w3MNbkMBVEaHZEuSDHy9eqjOd34q8QR23ga1GSthI__UaSBauOIHIAdfILgPZKtaSaoIttxVBs0wggJItyxzsI__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.js

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

45b5732f734c6199b57da0ed7832ed2f674b67a8dd9486cd2ba8456a5f298173

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 03 Sep 2018 08:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20077336
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 8988
x-request-id: v-a1eadac2-af55-11e8-afed-06dfa37c215e
last-modified: Mon, 03 Sep 2018 06:38:33 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 200344114 202735672
via: 1.1 varnish (Varnish/5.2), 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
expires: Mon, 02 Sep 2019 08:44:55 GMT
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: PIeCJ7LXyLdx-uIsH3uAGLmLSM2kWuB0hwjf6-aU5QKHWGcpGdxQYQ==
x-cache-hits: 2

GET
H2 200 js__D_VCqW1yTtCwuVAFntOtASYdYPw_RI6fkHG2xHUn44I__qW7RFbcn4o51bPRlD0TnQWYN-qSn4RYrYKvDlTXS-pw__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.js Show response
cdn.zscaler.com/sites/default/files/advagg_js/ 7 KB
3 KB 143ms
66ms Script
application/javascript 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zscaler.com/sites/default/files/advagg_js/js__D_VCqW1yTtCwuVAFntOtASYdYPw_RI6fkHG2xHUn44I__qW7RFbcn4o51bPRlD0TnQWYN-qSn4RYrYKvDlTXS-pw__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.js

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

5f4407da08a159f50a278d4e86cda104a1738182beeca5d9b3fdc0a84fadb206

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 23 Mar 2019 03:23:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2730250
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 2543
x-request-id: v-f777719a-4d1a-11e9-bdfd-4733639263df
last-modified: Mon, 03 Sep 2018 06:38:33 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
via: varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: RGUv3Q0gFH5J2WLcuZzodTcIxD-si_NwraoEOFbTXT_m_CmMPp1zxw==
expires: Sat, 21 Mar 2020 03:23:02 GMT

GET
H2 200 js__yz39Oiuar8Bm5YQktDLGWAMlZL9dQp7tUMPmAwTni6A__G9NR1YrrUV98mSp7golIl8aJ5K4KOZ4vBnPo_GqY0wo__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.js Show response
cdn-5.zscaler.com/sites/default/files/advagg_js/ 639 KB
170 KB 115ms
39ms Script
application/javascript 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-5.zscaler.com/sites/default/files/advagg_js/js__yz39Oiuar8Bm5YQktDLGWAMlZL9dQp7tUMPmAwTni6A__G9NR1YrrUV98mSp7golIl8aJ5K4KOZ4vBnPo_GqY0wo__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.js

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

06a564ed26370d3d2731e63cda6948271c5a17196afb4388771a01002dc6ac2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 11:20:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23203
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 173669
x-request-id: v-ccd9dfe2-65b9-11e9-99e1-5333a5f195a1
last-modified: Tue, 23 Apr 2019 11:17:52 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
via: varnish, 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
cache-control: max-age=31449600, no-transform, public, immutable
accept-ranges: bytes
x-amz-cf-id: 0NTQwLpZny9p7zM81tMqW-T0nCgiqVygv2thiMXMVxzP6X32qjMQoQ==
expires: Tue, 21 Apr 2020 11:20:29 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 112 KB
32 KB 21ms
18ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

fd406a74e9214dd0dccb8d77d224f5c250acd9ec0c891700be6eafbc766b087d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:12 GMT
content-encoding: br
last-modified: Mon, 22 Apr 2019 23:01:36 GMT
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32354
x-xss-protection: 0
expires: Tue, 23 Apr 2019 17:47:12 GMT

GET
H2 200 ce1c0db6-3aef-4cd2-8618-584cf1c733bb.js Show response
cdn.cookielaw.org/consent/ 71 KB
15 KB 19ms
18ms Script
application/x-javascript 152.195.132.202
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/consent/ce1c0db6-3aef-4cd2-8618-584cf1c733bb.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/5cd9ad34-31a7-4b16-86cf-ca2f9488f47b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.132.202 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8EA7) /
Resource Hash: 33ebe9dc90ce01fa6f72c7d85c58498328af510f17428f8963272794bf84bf0e

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2019 17:47:12 GMT
content-encoding: gzip
content-md5: 8lWjSKQxzTOiCBeTG/oN5w==
x-cache: HIT
status: 200
content-length: 15069
x-ms-lease-status: unlocked
last-modified: Fri, 14 Dec 2018 22:46:34 GMT
server: ECAcc (frc/8EA7)
etag: 0x8D66216000DE891
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 66c4d7aa-401e-00fb-2fed-f910fc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Tue, 23 Apr 2019 21:47:12 GMT

GET
H2 200 zscaler-CFA-sliding-banner-desktop-image-background@2x.jpg
www.zscaler.de/sites/all/themes/zscaler/images/zenith-community/splash/ 254 KB
255 KB 374ms
373ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.de/sites/all/themes/zscaler/images/zenith-community/splash/zscaler-CFA-sliding-banner-desktop-image-background@2x.jpg

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

8fa3c2a3b0ea588da135bad53393ccb2683f07178cff158b449692e2cfc421de

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/zenith-community/splash/zscaler-CFA-sliding-banner-desktop-image-background@2x.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.zscaler.de
referer: https://www.zscaler.de/
:scheme: https
:method: GET
Referer: https://www.zscaler.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:12 GMT
via: varnish
x-content-type-options: nosniff
age: 22389
x-cache: HIT
status: 200
x-cache-hits: 337
x-ah-environment: prod
content-length: 260126
x-request-id: v-b1effb2e-65bb-11e9-ba2f-3f33d347e690
last-modified: Tue, 09 Apr 2019 18:02:23 GMT
server: nginx
vary: Host
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
expires: Tue, 07 May 2019 11:34:03 GMT

GET
H2 200 media-center-blogs-header.jpg
www.zscaler.de/sites/all/themes/zscaler/images/blog/ 67 KB
67 KB 554ms
553ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.de/sites/all/themes/zscaler/images/blog/media-center-blogs-header.jpg

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

11fbdeb8d0b9e6aeed619d2161067766d43aadf25fbe1a953bced52745e9c654

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /sites/all/themes/zscaler/images/blog/media-center-blogs-header.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.zscaler.de
referer: https://www.zscaler.de/
:scheme: https
:method: GET
Referer: https://www.zscaler.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:12 GMT
via: varnish
x-content-type-options: nosniff
age: 13289
x-cache: HIT
status: 200
x-cache-hits: 177
x-ah-environment: prod
content-length: 68454
x-request-id: v-e2701652-65d0-11e9-814a-c3851f9a25b8
last-modified: Wed, 29 Aug 2018 06:23:14 GMT
server: nginx
vary: Host
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
expires: Tue, 07 May 2019 14:05:43 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:821::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.de

Response headers

date: Mon, 25 Mar 2019 20:20:20 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:14:42 GMT
server: sffe
age: 2496412
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11180
x-xss-protection: 1; mode=block
expires: Tue, 24 Mar 2020 20:20:20 GMT

GET
H2 200 fa-solid-900.woff2
pro.fontawesome.com/releases/v5.5.0/webfonts/ 108 KB
108 KB 51ms
50ms Font
font/woff2 50.31.246.1
Fly.io

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.5.0/webfonts/fa-solid-900.woff2
Requested by: Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.31.246.1 Chicago, United States, ASN40509 (FLY - Fly.io, Inc., US),
Reverse DNS: 202.ae1.cr1.cloud.sjc2.us.scnet.net
Software: Fly.io/0.1.1 /
Resource Hash: 88876fcd5eb71de865d889ea63df11b023ef1d1365124305c2708f61cbb04339

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pro.fontawesome.com/releases/v5.5.0/css/all.css
Origin: https://www.zscaler.de

Response headers

date: Tue, 23 Apr 2019 17:47:12 GMT
content-encoding: gzip
fly-request-id: bNotex8sfNUgHo4omiM87ABBLb
x-cache: HIT
status: 200
access-control-max-age: 3000
content-length: 110861
last-modified: Fri, 02 Nov 2018 15:38:02 GMT
server: Fly.io/0.1.1
etag: "a265bbc20e40ae6e6b45e0b78ab08c41"
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:821::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.de

Response headers

date: Mon, 25 Mar 2019 20:20:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:33 GMT
server: sffe
age: 2496432
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 1; mode=block
expires: Tue, 24 Mar 2020 20:20:00 GMT

GET
H2 200 BngMUXZYTXPIvIBgJJSb6ufN5qA.ttf
fonts.gstatic.com/s/robotoslab/v8/ 36 KB
22 KB 8ms
7ms Font
font/ttf 2a00:1450:4001:821::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v8/BngMUXZYTXPIvIBgJJSb6ufN5qA.ttf

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7a82cce050413ff3209826bf9be046b27767973a9a3eee6d9037c8ea9cf160be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__5MTq8oVUj49LXWjQtDKn2lGZjpG3CG5NCtkJlC56WBg__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css
Origin: https://www.zscaler.de

Response headers

date: Fri, 08 Mar 2019 20:14:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3965541
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 22699
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Feb 2019 22:29:01 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Mar 2020 20:14:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:821::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i
Origin: https://www.zscaler.de

Response headers

date: Mon, 25 Mar 2019 20:20:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:38 GMT
server: sffe
age: 2496432
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 1; mode=block
expires: Tue, 24 Mar 2020 20:20:00 GMT

GET
H2 200 fa-brands-400.woff2
pro.fontawesome.com/releases/v5.5.0/webfonts/ 68 KB
68 KB 115ms
113ms Font
font/woff2 50.31.246.1
Fly.io

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.5.0/webfonts/fa-brands-400.woff2
Requested by: Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.31.246.1 Chicago, United States, ASN40509 (FLY - Fly.io, Inc., US),
Reverse DNS: 202.ae1.cr1.cloud.sjc2.us.scnet.net
Software: Fly.io/0.1.1 /
Resource Hash: e705082b8a630b4d0190bb13e20f4d127f75ad88c271c749ff0c4e10c6acacf9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pro.fontawesome.com/releases/v5.5.0/css/all.css
Origin: https://www.zscaler.de

Response headers

date: Tue, 23 Apr 2019 17:47:12 GMT
content-encoding: gzip
fly-request-id: bNotex8vEYifNT92SGZntcS1Uy
x-cache: HIT
status: 200
access-control-max-age: 3000
content-length: 69687
last-modified: Fri, 02 Nov 2018 15:37:32 GMT
server: Fly.io/0.1.1
etag: "0896516daa9ef0a4169465a6fa281d68"
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes

GET
H2 200 KFOmCnqEu92Fr1Mu4mxP.ttf
fonts.gstatic.com/s/roboto/v19/ 35 KB
20 KB 8ms
7ms Font
font/ttf 2a00:1450:4001:821::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxP.ttf

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__5MTq8oVUj49LXWjQtDKn2lGZjpG3CG5NCtkJlC56WBg__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css
Origin: https://www.zscaler.de

Response headers

date: Mon, 25 Mar 2019 20:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2496041
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 20742
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2019 20:12:00 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Mar 2020 20:26:32 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 23 KB
9 KB 98ms
27ms Script
text/javascript 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.16.130 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

a30b4bc09a16307b627da7e1c5f6cbb228a710f6d04646e4251b1cdbb3c74ac1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 8838
x-xss-protection: 0
server: cafe
etag: 10480866605128409369
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 23 Apr 2019 17:47:13 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 886
date: Tue, 23 Apr 2019 17:32:27 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17543
expires: Tue, 23 Apr 2019 19:32:27 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 51 KB
19 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:81c::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5KQJVPX&t=gtm1&cid=1619804956.1556041633

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

e95f60f0dd5d38280d2c73b6ff322763c656fedc1f8d4644050e4e213b64253c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:13 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 19706
x-xss-protection: 0
expires: Tue, 23 Apr 2019 17:47:13 GMT

GET
H2 200 optanon.css
cdn.cookielaw.org/skins/4.1.0/default_responsive_alert_bottom_two_button_white/v2/css/ 20 KB
4 KB 18ms
14ms Stylesheet
text/css 152.195.132.202
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/skins/4.1.0/default_responsive_alert_bottom_two_button_white/v2/css/optanon.css
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/ce1c0db6-3aef-4cd2-8618-584cf1c733bb.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.132.202 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F3C) /
Resource Hash: 9d56984e444ac0e72cfe8c2f2e10d1dcf6c2703f14cde5563497965b429888ab

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2019 17:47:13 GMT
content-encoding: gzip
content-md5: ytEacEdnAUuNFRkILpqIRw==
x-cache: HIT
status: 200
content-length: 3578
x-ms-lease-status: unlocked
last-modified: Tue, 26 Mar 2019 21:19:29 GMT
server: ECAcc (frc/8F3C)
etag: 0x8D6B230BB84942B
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 696467aa-601e-00c5-32d1-f2a6dd000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=2592000
x-ms-version: 2009-09-19
accept-ranges: bytes
expires: Tue, 23 Apr 2019 21:47:13 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/ 2 KB
1 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1556041633278&cv=9&fst=1556041633278&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg430&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.de%2Fblogs%2Fcorporate%2Fmalware-authors-have-already-won-iron-throne%253C%2Fspan%253E%253C%2Fli&tiba=Page%20not%20found%20%7C%20Zscaler&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:80b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

20a4a6263e1aef6f3afdfca4317d4c5485d0a08ce8df334e3f8972109de36e0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Apr 2019 17:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 990
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 116ms
56ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 23 Apr 2019 17:47:13 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Apr 2019 02:53:44 GMT
Server: Apache
ETag: "54520320df20b526337717d6d28181fc:1554432824"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 37 KB
37 KB 413ms
126ms Script
application/javascript 52.87.20.48
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.87.20.48 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-87-20-48.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:13 GMT
last-modified: Tue, 16 Oct 2018 18:33:02 GMT
server: Kestrel
etag: "1d4657eab9c909b"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 37787

GET
H2 200 zscaler-home-navigation-dropDown-products.jpg
www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/ 21 KB
21 KB 382ms
341ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-products.jpg

Requested by

Host: cdn-4.zscaler.com
URL: https://cdn-4.zscaler.com/sites/default/files/advagg_js/js__rspbIP6HNPB6Bolqv1Zg4r_E6x4uAG5ZWlGgu4gai6E__Xb63z_NihD_loyQJidxACSUdEhmsYuRIPL3vTVolwJ4__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

8521546462c374cd8318bbfbe95ff5c775195d06afb71b4d44eea64a3e42b020

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:13 GMT
via: varnish
x-content-type-options: nosniff
age: 22638
x-cache: HIT
status: 200
x-ah-environment: prod
content-length: 21040
x-request-id: v-1e16bb72-65bb-11e9-b222-3fc259f3b83d
last-modified: Thu, 06 Dec 2018 23:45:14 GMT
server: nginx
vary: Host
content-type: image/jpeg
expires: Tue, 07 May 2019 11:29:54 GMT
cache-control: max-age=1209600
accept-ranges: bytes
x-cache-hits: 3465

GET
H2 200 zscaler-home-navigation-dropDown-solutions.jpg
www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/ 17 KB
18 KB 381ms
341ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-solutions.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

52ae784bbd156dfe8f7311c85d5753314cbd9d963ec95a62e6665c99d0268a7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:13 GMT
via: varnish
x-content-type-options: nosniff
age: 22638
x-cache: HIT
status: 200
x-ah-environment: prod
content-length: 17746
x-request-id: v-1e16aace-65bb-11e9-b2ec-1bcc2fcced26
last-modified: Thu, 06 Dec 2018 23:45:14 GMT
server: nginx
vary: Host
content-type: image/jpeg
expires: Tue, 07 May 2019 11:29:54 GMT
cache-control: max-age=1209600
accept-ranges: bytes
x-cache-hits: 3459

GET
H2 200 zscaler-home-navigation-dropDown-resources.jpg
www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/ 22 KB
22 KB 374ms
341ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-resources.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

d7dd3f4c3fcd4d440cd3aa820cc4da361dd28a055f0a05bf60dbac778c3528a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:13 GMT
via: varnish
x-content-type-options: nosniff
age: 22638
x-cache: HIT
status: 200
x-ah-environment: prod
content-length: 22243
x-request-id: v-1e16a7f4-65bb-11e9-ad6b-d73b7e80f7ae
last-modified: Thu, 06 Dec 2018 23:45:14 GMT
server: nginx
vary: Host
content-type: image/jpeg
expires: Tue, 07 May 2019 11:29:54 GMT
cache-control: max-age=1209600
accept-ranges: bytes
x-cache-hits: 3452

GET
H2 200 zscaler-home-navigation-dropDown-company.jpg
www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/ 21 KB
21 KB 374ms
341ms Image
image/jpeg 35.166.119.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zscaler.com/sites/all/themes/zscaler/images/shared/menu-backgrounds/zscaler-home-navigation-dropDown-company.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.119.124 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-166-119-124.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

e9622a721ead53a7e422bf180cb5a0aab8a5190b678bc3a1e1a29bc02a5314e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 23 Apr 2019 17:47:13 GMT
via: varnish
x-content-type-options: nosniff
age: 22638
x-cache: HIT
status: 200
x-ah-environment: prod
content-length: 21662
x-request-id: v-1e16bc44-65bb-11e9-8db1-3fd0017762a5
last-modified: Thu, 06 Dec 2018 23:45:14 GMT
server: nginx
vary: Host
content-type: image/jpeg
expires: Tue, 07 May 2019 11:29:54 GMT
cache-control: max-age=1209600
accept-ranges: bytes
x-cache-hits: 3464

GET
H2 200 icon-enlarge-btn.svg
cdn-3.zscaler.com/sites/all/themes/zscaler/images/resources/ransomware/ 3 KB
3 KB 20ms
17ms Image
image/svg+xml 13.35.253.87
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-3.zscaler.com/sites/all/themes/zscaler/images/resources/ransomware/icon-enlarge-btn.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-87.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn-3.zscaler.com/sites/default/files/advagg_css/css__rYCziEYTjOWjo3Mp2qs6JASjmKL-fah2-SWsEGKXY7o__5MTq8oVUj49LXWjQtDKn2lGZjpG3CG5NCtkJlC56WBg__4ZlRkwCu8MfgNAU9NnkidbG0kFznBsvZKocLYAkKzdw.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 09:21:57 GMT
via: 1.1 varnish (Varnish/5.2), 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 550407
x-cache: Hit from cloudfront
status: 200
x-ah-environment: prod
content-length: 2612
x-request-id: v-33e803c8-b23f-11e8-a6be-06dfa37c215e
last-modified: Wed, 29 Aug 2018 06:52:48 GMT
server: nginx
x-varnish: 389876661
cache-control: max-age=1209600
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: J-afD5Srt4uto8u41TQRrTDECDxWuXQL2GY2Auz_hEP-3mvYO5fOjg==
expires: Wed, 01 May 2019 08:53:46 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 7ms
6ms Image
image/gif 2a00:1450:4001:81c::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j73&a=740789924&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.de%2Fblogs%2Fcorporate%2Fmalware-authors-have-already-won-iron-throne%253C%2Fspan%253E%253C%2Fli&ul=en-us&de=UTF-8&dt=Page%20not%20found%20%7C%20Zscaler&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGBAgEADQ~&jid=1998933040&gjid=1814590186&cid=199823883.1556041634&tid=UA-6177009-1&_gid=1684225946.1556041634&gtm=2wg4305SLZFK&z=1240342775

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2019 07:15:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 3925890
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-6177009-1&cid=199823883.1556041634&jid=1998933040&gjid=1814590186&_gid=1684225946.1556041634&_u=aGBAgEADQ~&z=452126212
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=199823883.1556041634&jid=1998933040&_v=j73&z=452126212
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=199823883.1556041634&jid=1998933040&_v=j73&z=452126212&slf_rd=1&random=1281204731

42 B
109 B

23ms
20ms

Image
image/gif

2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=199823883.1556041634&jid=1998933040&_v=j73&z=452126212&slf_rd=1&random=1281204731

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Apr 2019 17:47:13 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Apr 2019 17:47:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6177009-1&cid=199823883.1556041634&jid=1998933040&_v=j73&z=452126212&slf_rd=1&random=1281204731
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/973777747/ 42 B
109 B 29ms
24ms Image
image/gif 2a00:1450:4001:81e::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973777747/?random=1556041633278&cv=9&fst=1556038800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg430&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.de%2Fblogs%2Fcorporate%2Fmalware-authors-have-already-won-iron-throne%253C%2Fspan%253E%253C%2Fli&tiba=Page%20not%20found%20%7C%20Zscaler&async=1&fmt=3&cdct=2&is_vtc=1&random=337311641&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81e::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Apr 2019 17:47:13 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/973777747/ 42 B
109 B 25ms
24ms Image
image/gif 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/973777747/?random=1556041633278&cv=9&fst=1556038800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg430&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.de%2Fblogs%2Fcorporate%2Fmalware-authors-have-already-won-iron-throne%253C%2Fspan%253E%253C%2Fli&tiba=Page%20not%20found%20%7C%20Zscaler&async=1&fmt=3&cdct=2&is_vtc=1&random=337311641&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.zscaler.de
URL: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Apr 2019 17:47:13 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/155/ 9 KB
4 KB 178ms
177ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/155/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 23 Apr 2019 17:47:13 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Nov 2018 03:18:20 GMT
Server: Apache
ETag: "c67dad42946949112916578f78706df8:1543547900"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3923
Expires: Thu, 01 Aug 2019 17:47:13 GMT

GET
H/1.1 200
OK visitWebPage Show response
306-zej-256.mktoresp.com/webevents/ 2 B
272 B 563ms
100ms XHR
text/plain 192.28.144.124
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL: https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1556041633827&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-www.zscaler.de-1556041633778-75511&_mchHo=www.zscaler.de&_mchPo=&_mchRu=%2Fblogs%2Fcorporate%2Fmalware-authors-have-already-won-iron-throne%3C%2Fspan%3E%3C%2Fli&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/155/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software: spray-can/1.3.3 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
Origin: https://www.zscaler.de

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 23 Apr 2019 17:47:14 GMT
Content-Encoding: gzip
Server: spray-can/1.3.3
Content-Length: 22
X-Request-Id: e5342720-1d71-4dc1-be4d-f983d1a012c4
Content-Type: text/plain; charset=UTF-8

GET
H/1.1

200
OK

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.de%2Fblogs%2Fcorporate%2Fmalware-authors-have-already-won-iron-throne%253C%2Fspan%253E%253C%2Fli&referer=...
https://tracking.leadlander.com/tracking.png

68 B
347 B

108ms
103ms

Image
image/png

34.224.11.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.224.11.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-34-224-11-24.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.zscaler.de/blogs/corporate/malware-authors-have-already-won-iron-throne%3C/span%3E%3C/li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 23 Apr 2019 17:47:14 GMT
Last-Modified: Wed, 26 Sep 2018 16:48:51 GMT
Server: Kestrel
ETag: "1d455b8cd761bc4"
Strict-Transport-Security: max-age=2592000
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Location: /tracking.png
Date: Tue, 23 Apr 2019 17:47:14 GMT
Server: Kestrel
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=2592000

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.zscaler.de/	1970-01-19 17:45:13	Name: _mkto_trk Value: id:306-ZEJ-256&token:_mch-www.zscaler.de-1556041633778-75511
.zscaler.de/	1970-01-19 00:14:01	Name: _dc_gtm_UA-6177009-1 Value: 1
.zscaler.de/	1970-01-19 00:15:28	Name: _gid Value: GA1.2.1684225946.1556041634
.zscaler.de/	1970-01-19 17:45:13	Name: _ga Value: GA1.2.199823883.1556041634

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

306-zej-256.mktoresp.com
cdn-2.zscaler.com
cdn-3.zscaler.com
cdn-4.zscaler.com
cdn-5.zscaler.com
cdn.cookielaw.org
cdn.zscaler.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
munchkin.marketo.net
pro.fontawesome.com
stats.g.doubleclick.net
t.sf14g.com
tracking.leadlander.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.zscaler.com
www.zscaler.de
13.35.253.87
152.195.132.202
172.217.16.130
184.31.84.223
192.28.144.124
2a00:1450:4001:80b::2002
2a00:1450:4001:815::2008
2a00:1450:4001:81c::200e
2a00:1450:4001:81e::2004
2a00:1450:4001:81f::2003
2a00:1450:4001:81f::200a
2a00:1450:4001:821::2003
2a00:1450:400c:c08::9a
34.224.11.24
35.166.119.124
50.31.246.1
52.87.20.48
06a564ed26370d3d2731e63cda6948271c5a17196afb4388771a01002dc6ac2c
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
09d9c2b545a6735b727663aed80efaf9655756e4e6312c99f50a7234682b1517
0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27
11fbdeb8d0b9e6aeed619d2161067766d43aadf25fbe1a953bced52745e9c654
1d73a768fea8ea85aed3a572e2ca0c1b5e7348f9036edb5ad851b3e326eb9e73
20a4a6263e1aef6f3afdfca4317d4c5485d0a08ce8df334e3f8972109de36e0e
33ebe9dc90ce01fa6f72c7d85c58498328af510f17428f8963272794bf84bf0e
39a6e3bd69b21de8370db000e2d01027169b2ae704751c5e0384377c597af40f
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
45b5732f734c6199b57da0ed7832ed2f674b67a8dd9486cd2ba8456a5f298173
52ae784bbd156dfe8f7311c85d5753314cbd9d963ec95a62e6665c99d0268a7b
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
581dd3db6feb8516dfd8666c1ab32cfe0a6b0612e9def6d3d53c0d7385375dc0
5a83e9ab51f0cdb6c8dca84411c7370a9ad152fd4e5730848ea3a294d3b845d2
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5f4407da08a159f50a278d4e86cda104a1738182beeca5d9b3fdc0a84fadb206
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76
678221938b349cc06a42e2f9c817712ee18ea1cbf48e300cb6a4e34853dbccd2
68d0511aa1f288d4c7cff930f462b4ef11ed50009a4e9719d2f52d32adf9ef2e
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
71c0971fb73ff2aacb64a8d9f825340e232c6fcffc039f0e746946e66cc44dcf
7a82cce050413ff3209826bf9be046b27767973a9a3eee6d9037c8ea9cf160be
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
840353e97eda0d0721411f79be9b32cf832898137e52e3de834e4a1ccc0f62c8
8521546462c374cd8318bbfbe95ff5c775195d06afb71b4d44eea64a3e42b020
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
88876fcd5eb71de865d889ea63df11b023ef1d1365124305c2708f61cbb04339
8b5a4c38e84431b3669f45f2d84e2562d121e7e6204518fec00ee798a53ef949
8fa3c2a3b0ea588da135bad53393ccb2683f07178cff158b449692e2cfc421de
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9d56984e444ac0e72cfe8c2f2e10d1dcf6c2703f14cde5563497965b429888ab
a30b4bc09a16307b627da7e1c5f6cbb228a710f6d04646e4251b1cdbb3c74ac1
a63697b509acc4629d1f31050b2ae187a0a740d81280c45b373e98d2121ad22e
ae010921cf55648768192e7093d955589296a57547fc7829c60b2e2a1287a089
b03898672d84cf2362e40d6459d9ade748ecd338ffbeeee256e07630bd07e48c
b6f5ff4cfa2d209385754fb256451d4104387617e34131f5500822250e4f4c59
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
d74148ff31c75b243670de7e37dbb54d399185c0384e982da43388bece07a763
d7dd3f4c3fcd4d440cd3aa820cc4da361dd28a055f0a05bf60dbac778c3528a0
dba7f69552c84f602fe58d4cb6755f58e70ef9cfaa21743b8b35b7892f32f169
e705082b8a630b4d0190bb13e20f4d127f75ad88c271c749ff0c4e10c6acacf9
e95f60f0dd5d38280d2c73b6ff322763c656fedc1f8d4644050e4e213b64253c
e9622a721ead53a7e422bf180cb5a0aab8a5190b678bc3a1e1a29bc02a5314e3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
fd406a74e9214dd0dccb8d77d224f5c250acd9ec0c891700be6eafbc766b087d

www.zscaler.de Open in urlscan Pro 35.166.119.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

50 Requests

100 %HTTPS

47 %IPv6

16 Domains

22 Subdomains

16 IPs

3 Countries

1165 kBTransfer

2748 kBSize

4 Cookies

31 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.zscaler.de Open in urlscan Pro
35.166.119.124 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

100 %
HTTPS

47 %
IPv6

16
Domains

22
Subdomains

16
IPs

3
Countries

1165 kB
Transfer

2748 kB
Size

4
Cookies

50 HTTP transactions
0 data transactions