Submitted URL: http://links.readitquik.us/els/v1/qjP3M9NKKEtk/TkxTTHNlc3BmbFB0MHhRYkNRL3ZVOHltVlBFYmFDOEZMNllWaW5IK2pnZXprcitMSHFHc09KSzlq...
Effective URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Submission: On October 09 via api from US

Summary

This website contacted 43 IPs in 9 countries across 43 domains to perform 138 HTTP transactions. The main IP is 2606:4700::6813:d53e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 1st 2020. Valid for: a year.
This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.142.0.45 16509 (AMAZON-02)
1 25 2606:4700::68... 13335 (CLOUDFLAR...)
36 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 52.44.242.176 14618 (AMAZON-AES)
2 104.109.95.62 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2 172.217.23.162 15169 (GOOGLE)
1 6 2.18.233.40 16625 (AKAMAI-AS)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
4 68.232.35.12 15133 (EDGECAST)
3 2a03:2880:f01... 32934 (FACEBOOK)
3 104.109.70.122 20940 (AKAMAI-ASN1)
1 163.171.132.119 54994 (QUANTILNE...)
4 2a00:1450:401... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 192.28.144.124 15224 (OMNITURE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
14 19 54.228.166.45 16509 (AMAZON-02)
1 3 185.33.220.240 29990 (ASN-APPNEX)
1 206.19.49.24 7018 (ATT-INTER...)
1 93.184.220.42 15133 (EDGECAST)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f11... 32934 (FACEBOOK)
2 52.29.125.201 16509 (AMAZON-02)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 18.197.47.23 16509 (AMAZON-02)
1 2 2.18.234.21 16625 (AKAMAI-AS)
1 69.173.144.139 26667 (RUBICONPR...)
1 2 70.42.32.127 13789 (INTERNAP-...)
1 185.64.190.80 62713 (AS-PUBMATIC)
1 1 2a00:1288:f03... 10310 (YAHOO-1)
1 141.226.228.48 200478 (TABOOLA-AS)
1 2 35.158.206.167 16509 (AMAZON-02)
1 2 52.59.128.17 16509 (AMAZON-02)
1 2 34.98.64.218 15169 (GOOGLE)
1 151.101.14.110 54113 (FASTLY)
2 162.247.242.20 23467 (NEWRELIC-...)
138 43
Apex Domain
Subdomains
Transfer
36 googleusercontent.com
lh3.googleusercontent.com
lh4.googleusercontent.com
lh6.googleusercontent.com
lh5.googleusercontent.com
6 MB
25 zscaler.com
www.zscaler.com
1 MB
24 adroll.com
s.adroll.com
d.adroll.com
29 KB
4 doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
3 KB
4 reactful.com
visitor.reactful.com
tracking.reactful.com
106 KB
4 bizible.com
cdn.bizible.com
34 KB
4 gstatic.com
fonts.gstatic.com
44 KB
3 linkedin.com
px.ads.linkedin.com
www.linkedin.com
3 KB
3 facebook.com
www.facebook.com
452 B
3 google.de
www.google.de
259 B
3 google.com
www.google.com
380 B
3 adnxs.com
secure.adnxs.com
ib.adnxs.com
3 KB
3 6sc.co
j.6sc.co
c.6sc.co
b.6sc.co
8 KB
3 facebook.net
connect.facebook.net
159 KB
3 cookielaw.org
cdn.cookielaw.org
24 KB
2 nr-data.net
bam.nr-data.net
457 B
2 openx.net
us-u.openx.net
479 B
2 bidswitch.net
x.bidswitch.net
1003 B
2 3lift.com
eb2.3lift.com
740 B
2 outbrain.com
sync.outbrain.com
829 B
2 casalemedia.com
dsum-sec.casalemedia.com
2 KB
2 6sense.com
epsilon.6sense.com
301 B
2 leadlander.com
tracking.leadlander.com
520 B
2 google-analytics.com
www.google-analytics.com
18 KB
2 techtarget.com
trk.techtarget.com
apt.techtarget.com
3 KB
2 licdn.com
snap.licdn.com
3 KB
2 marketo.net
munchkin.marketo.net
7 KB
1 newrelic.com
js-agent.newrelic.com
10 KB
1 taboola.com
sync.taboola.com
218 B
1 yahoo.com
ads.yahoo.com
732 B
1 pubmatic.com
simage2.pubmatic.com
1010 B
1 rubiconproject.com
pixel.rubiconproject.com
239 B
1 advertising.com
pixel.advertising.com
125 B
1 bizibly.com
cdn.bizibly.com
344 B
1 consensu.org
d.adroll.mgr.consensu.org
138 B
1 ytimg.com
s.ytimg.com
37 KB
1 mktoresp.com
306-zej-256.mktoresp.com
311 B
1 youtube.com
www.youtube.com
1 KB
1 googleadservices.com
www.googleadservices.com
11 KB
1 googletagmanager.com
www.googletagmanager.com
57 KB
1 sf14g.com
t.sf14g.com
37 KB
1 googleapis.com
fonts.googleapis.com
1 KB
1 readitquik.us
links.readitquik.us
272 B
138 43
Domain Requested by
25 www.zscaler.com 1 redirects www.zscaler.com
18 d.adroll.com 13 redirects www.zscaler.com
12 lh3.googleusercontent.com www.zscaler.com
10 lh5.googleusercontent.com www.zscaler.com
8 lh4.googleusercontent.com www.zscaler.com
6 s.adroll.com 1 redirects www.googletagmanager.com
www.zscaler.com
s.adroll.com
d.adroll.com
6 lh6.googleusercontent.com www.zscaler.com
4 cdn.bizible.com www.googletagmanager.com
www.zscaler.com
cdn.bizible.com
4 fonts.gstatic.com fonts.googleapis.com
3 www.facebook.com www.zscaler.com
connect.facebook.net
3 www.google.de www.zscaler.com
3 www.google.com www.zscaler.com
3 visitor.reactful.com www.zscaler.com
cdn.bizible.com
3 connect.facebook.net www.zscaler.com
connect.facebook.net
3 cdn.cookielaw.org www.zscaler.com
cdn.cookielaw.org
2 bam.nr-data.net js-agent.newrelic.com
cdn.bizible.com
2 us-u.openx.net 1 redirects www.zscaler.com
2 ib.adnxs.com 1 redirects www.zscaler.com
2 x.bidswitch.net 1 redirects www.zscaler.com
2 eb2.3lift.com 1 redirects www.zscaler.com
2 sync.outbrain.com 1 redirects www.zscaler.com
2 dsum-sec.casalemedia.com 1 redirects www.zscaler.com
2 px.ads.linkedin.com 1 redirects www.zscaler.com
2 epsilon.6sense.com cdn.bizible.com
2 tracking.leadlander.com 1 redirects www.zscaler.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 www.google-analytics.com www.googletagmanager.com
www.zscaler.com
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 munchkin.marketo.net www.zscaler.com
munchkin.marketo.net
1 tracking.reactful.com cdn.bizible.com
1 js-agent.newrelic.com www.zscaler.com
1 cm.g.doubleclick.net 1 redirects
1 sync.taboola.com www.zscaler.com
1 ads.yahoo.com 1 redirects
1 simage2.pubmatic.com www.zscaler.com
1 pixel.rubiconproject.com www.zscaler.com
1 pixel.advertising.com www.zscaler.com
1 www.linkedin.com 1 redirects
1 b.6sc.co www.zscaler.com
1 cdn.bizibly.com www.zscaler.com
1 apt.techtarget.com www.zscaler.com
1 secure.adnxs.com j.6sc.co
1 c.6sc.co j.6sc.co
1 d.adroll.mgr.consensu.org 1 redirects
1 s.ytimg.com www.youtube.com
1 stats.g.doubleclick.net www.google-analytics.com
1 306-zej-256.mktoresp.com munchkin.marketo.net
1 trk.techtarget.com www.zscaler.com
1 j.6sc.co www.zscaler.com
1 www.youtube.com www.zscaler.com
1 www.googleadservices.com www.googletagmanager.com
1 www.googletagmanager.com www.zscaler.com
1 t.sf14g.com www.zscaler.com
1 fonts.googleapis.com www.zscaler.com
1 links.readitquik.us 1 redirects
138 55
Subject Issuer Validity Valid
zscaler.com
DigiCert SHA2 Extended Validation Server CA
2020-02-01 -
2021-06-30
a year crt.sh
*.googleusercontent.com
GTS CA 1O1
2020-09-03 -
2020-11-26
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2020-07-01 -
2021-07-01
a year crt.sh
upload.video.google.com
GTS CA 1O1
2020-09-22 -
2020-12-15
3 months crt.sh
t.sf14g.com
Go Daddy Secure Certificate Authority - G2
2020-09-09 -
2021-09-09
a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2020-03-14 -
2021-04-13
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2020-09-22 -
2020-12-15
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2020-09-22 -
2020-12-15
3 months crt.sh
www.googleadservices.com
GTS CA 1O1
2020-09-22 -
2020-12-15
3 months crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA
2020-01-29 -
2021-04-29
a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
*.google.com
GTS CA 1O1
2020-09-22 -
2020-12-15
3 months crt.sh
io.bizible.com
DigiCert SHA2 Secure Server CA
2020-10-07 -
2021-11-08
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-09-11 -
2020-12-10
3 months crt.sh
*.6sc.co
DigiCert SHA2 Secure Server CA
2020-01-07 -
2021-04-07
a year crt.sh
trk.techtarget.com
Sectigo RSA Domain Validation Secure Server CA
2020-02-17 -
2022-05-17
2 years crt.sh
*.reactful.com
Go Daddy Secure Certificate Authority - G2
2020-03-12 -
2021-05-09
a year crt.sh
*.mktoresp.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2022-01-21
2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-09-22 -
2020-12-15
3 months crt.sh
adroll.mgr.consensu.org
Amazon
2020-10-08 -
2021-11-07
a year crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA
2019-01-23 -
2021-03-08
2 years crt.sh
*.techtarget.com
Sectigo RSA Domain Validation Secure Server CA
2019-10-25 -
2021-10-24
2 years crt.sh
s2.wac.edgecastcdn.net
DigiCert SHA2 Secure Server CA
2019-05-01 -
2020-11-18
2 years crt.sh
*.leadlander.com
Go Daddy Secure Certificate Authority - G2
2020-04-28 -
2022-04-28
2 years crt.sh
www.google.de
GTS CA 1O1
2020-09-22 -
2020-12-15
3 months crt.sh
*.6sense.com
Amazon
2020-07-29 -
2021-08-28
a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2020-08-05 -
2021-02-05
6 months crt.sh
*.google.de
GTS CA 1O1
2020-09-22 -
2020-12-15
3 months crt.sh
pixel.advertising.com
DigiCert SHA2 High Assurance Server CA
2020-10-04 -
2021-03-31
6 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2020-03-02 -
2021-04-01
a year crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA
2019-01-10 -
2021-01-14
2 years crt.sh
*.outbrain.com
Thawte RSA CA 2018
2019-10-29 -
2021-11-23
2 years crt.sh
*.pubmatic.com
Sectigo RSA Organization Validation Secure Server CA
2019-02-22 -
2021-02-21
2 years crt.sh
*.taboola.com
DigiCert SHA2 Secure Server CA
2020-08-11 -
2021-12-31
a year crt.sh
*.3lift.com
Amazon
2020-07-04 -
2021-08-05
a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA
2020-04-23 -
2022-05-04
2 years crt.sh
*.openx.net
GeoTrust RSA CA 2018
2020-06-18 -
2021-08-17
a year crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-01 -
2021-05-07
7 months crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA
2020-02-05 -
2022-02-08
2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Frame ID: E072486AA993E195B27A6C4BFFAB5B7E
Requests: 136 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://links.readitquik.us/els/v1/qjP3M9NKKEtk/TkxTTHNlc3BmbFB0MHhRYkNRL3ZVOHltVlBFYmFDOEZMNllWaW5IK2pn... HTTP 302
    https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE HTTP 301
    https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers expires /19 Nov 1978/i

Overall confidence: 100%
Detected patterns
  • headers expires /19 Nov 1978/i

Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

138
Requests

99 %
HTTPS

44 %
IPv6

43
Domains

55
Subdomains

43
IPs

9
Countries

7982 kB
Transfer

11050 kB
Size

20
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://links.readitquik.us/els/v1/qjP3M9NKKEtk/TkxTTHNlc3BmbFB0MHhRYkNRL3ZVOHltVlBFYmFDOEZMNllWaW5IK2pnZXprcitMSHFHc09KSzlqK2c4L2poZ3ZKUElaRUZPVFYrYUtmNkR1ajZSRjdtbWM1c0s3eEZMVVVRWTJYRGN0blE9S0 HTTP 302
    https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE HTTP 301
    https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87
  • https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 89
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/ULSJHTPGTZGY3EPPZSKHKS?_s=cfaed81e97ff7ae99bb80bbb97ae5e95&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=cfaed81e97ff7ae99bb80bbb97ae5e95&_b=2
Request Chain 95
  • https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&referer=&fp=5d2f10942569cca69057fc09abaea819 HTTP 302
  • https://tracking.leadlander.com/tracking.png
Request Chain 106
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1602205093947&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1602205093947%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fresearch%252Fjoker-playing-hide-and-seek-google-play%253Fsiteid%253DRIQSITE%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1602205093947&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&liSync=true
Request Chain 111
  • https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&pv=10240019408.527058&cookie=&adroll_s_ref=&keyw= HTTP 302
  • https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
Request Chain 114
  • https://d.adroll.com/cm/aol/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Request Chain 115
  • https://d.adroll.com/cm/index/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expiration=1633741094 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expiration=1633741094&C=1
Request Chain 116
  • https://d.adroll.com/cm/n/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expires=365
Request Chain 117
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&rdrctExp=true
Request Chain 118
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Request Chain 119
  • https://d.adroll.com/cm/r/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
  • https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Request Chain 120
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
Request Chain 121
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://eb2.3lift.com/xuid?mid=4714&xuid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&dongle=c85e HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Request Chain 123
  • https://d.adroll.com/cm/b/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
Request Chain 124
  • https://d.adroll.com/cm/x/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://ib.adnxs.com/setuid?entity=172&code=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
Request Chain 126
  • https://d.adroll.com/cm/o/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=24912577544d8db85960234a193e52c1 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=24912577544d8db85960234a193e52c1
Request Chain 127
  • https://d.adroll.com/cm/g/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS&google_nid=adroll4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=JJEld1RNjbhZYCNKGT5SwQ HTTP 302
  • https://d.adroll.com/cm/g/in

138 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request joker-playing-hide-and-seek-google-play
www.zscaler.com/blogs/research/
Redirect Chain
  • http://links.readitquik.us/els/v1/qjP3M9NKKEtk/TkxTTHNlc3BmbFB0MHhRYkNRL3ZVOHltVlBFYmFDOEZMNllWaW5IK2pnZXprcitMSHFHc09KSzlqK2c4L2poZ3ZKUElaRUZPVFYrYUtmNkR1ajZSRjdtbWM1c0s3eEZMVVVRWTJYRGN0blE9S0
  • https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
  • https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
98 KB
23 KB
Document
General
Full URL
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0eb6b953c760b767843a8742ae636bd9372459c66e586b5c29667dc65a0833f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.zscaler.com
:scheme
https
:path
/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d85cd5d0a3a390c7b23d632cb0df213081602205089
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 09 Oct 2020 00:58:11 GMT
content-type
text/html; charset=UTF-8
cache-control
max-age=2764800, public
link
<https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play>; rel="canonical"
x-ua-compatible
IE=edge
content-language
en
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
expires
Sun, 19 Nov 1978 05:00:00 GMT
last-modified
Thu, 08 Oct 2020 23:42:44 GMT
vary
X-UA-Device,Accept-Encoding
x-request-id
v-f68acf6c-09bf-11eb-9815-47d5c63f56c4
x-ah-environment
prod
age
4526
via
varnish
x-cache
HIT
x-cache-hits
7
cf-cache-status
DYNAMIC
cf-request-id
05ac769adf0000c2db3dad4200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
server
cloudflare
cf-ray
5df426d7cf65c2db-FRA
content-encoding
br

Redirect headers

status
301
date
Fri, 09 Oct 2020 00:58:10 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d85cd5d0a3a390c7b23d632cb0df213081602205089; expires=Sun, 08-Nov-20 00:58:09 GMT; path=/; domain=.www.zscaler.com; HttpOnly; SameSite=Lax
x-redirect-id
22026
x-ua-compatible
IE=edge
content-language
en
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
vary
X-UA-Device
location
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
x-request-id
v-794b5ba6-09ca-11eb-aa29-b7f027aa9fdd
x-ah-environment
prod
cache-control
max-age=900, public
age
11
via
varnish
x-cache
HIT
x-cache-hits
3
cf-cache-status
DYNAMIC
cf-request-id
05ac7698070000c2db3dac3200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
server
cloudflare
cf-ray
5df426d33b85c2db-FRA
google_tag.script.js
www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/
347 B
364 B
Script
General
Full URL
https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/google_tag.script.js?qhwh5f
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
15324
x-cache
HIT
status
200
x-cache-hits
59
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
cf-request-id
05ac769e510000c2db3daf2200000001
x-request-id
v-b01eb670-09a5-11eb-84de-37a19ddbf28a
last-modified
Thu, 08 Oct 2020 20:34:34 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
application/javascript
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426dd4ccbc2db-FRA
expires
Fri, 30 Oct 2020 00:58:11 GMT
css_q18vFNz3vVs9u-ltuWmTYJRXMPWg_xdBVF0VIqCopSU.css
www.zscaler.com/sites/default/files/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css_q18vFNz3vVs9u-ltuWmTYJRXMPWg_xdBVF0VIqCopSU.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab5f2f14dcf7bd5b3dbbe96db9699360945730f5a0ff1741545d1522a0a8a525
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
762354
x-cache
HIT
status
200
x-cache-hits
40
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
cf-request-id
05ac769e500000c2db3daeb200000001
x-request-id
v-8d9a8ec4-0245-11eb-ba51-435cfd1f27ca
last-modified
Fri, 25 Sep 2020 16:45:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426dd4cc4c2db-FRA
expires
Fri, 30 Oct 2020 00:58:11 GMT
zscaler-stylesheet.min.css
www.zscaler.com/sites/default/files/cohesion/styles/base/
321 KB
21 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/cohesion/styles/base/zscaler-stylesheet.min.css?qhwh5f
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f7f29f1c4a97b61b20266abe779b44c449256e968276759ba26ae936b33b682
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
15324
x-cache
HIT
status
200
x-cache-hits
60
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
cf-request-id
05ac769e500000c2db3daec200000001
x-request-id
v-b00eb1a8-09a5-11eb-a155-0f75aa1526d9
last-modified
Thu, 08 Oct 2020 13:37:54 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426dd4cc5c2db-FRA
expires
Fri, 30 Oct 2020 00:58:11 GMT
css_nUg_4u9yNhaXFIEbU5ZfM00ttl4YMfY7c6l1OcHo1EE.css
www.zscaler.com/sites/default/files/css/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css_nUg_4u9yNhaXFIEbU5ZfM00ttl4YMfY7c6l1OcHo1EE.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d483fe2ef7236169714811b53965f334d2db65e1831f63b73a97539c1e8d441
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1017973
x-cache
HIT
status
200
x-cache-hits
24
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
cf-request-id
05ac769e500000c2db3daed200000001
x-request-id
v-47abaa8a-effb-11ea-a39c-cb499da96cfb
last-modified
Wed, 26 Aug 2020 05:19:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426dd4cc6c2db-FRA
expires
Fri, 30 Oct 2020 00:58:11 GMT
zscaler-stylesheet.min.css
www.zscaler.com/sites/default/files/cohesion/styles/theme/
18 KB
2 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/cohesion/styles/theme/zscaler-stylesheet.min.css?qhwh5f
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c413c90e7f2759537f148b44bc0af402ddc9fccbdf914a15bbb64f3975802a5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
15324
x-cache
HIT
status
200
x-cache-hits
60
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
cf-request-id
05ac769e510000c2db3daee200000001
x-request-id
v-b00d9598-09a5-11eb-a6b3-5fbefe743429
last-modified
Thu, 08 Oct 2020 13:37:54 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426dd4cc7c2db-FRA
expires
Fri, 30 Oct 2020 00:58:11 GMT
css_x9K6SsP3v-Nm3Ib67T4g1-6EHxUISbdTR7Hw3TG-6qA.css
www.zscaler.com/sites/default/files/css/
376 B
307 B
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css_x9K6SsP3v-Nm3Ib67T4g1-6EHxUISbdTR7Hw3TG-6qA.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7d2ba4ac3f7bfe366dc86faed3e20d7ee841f150849b75347b1f0dd31beeaa0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1022468
x-cache
HIT
status
200
x-cache-hits
9
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
cf-request-id
05ac769e510000c2db3daef200000001
x-request-id
v-f24f1f04-effa-11ea-b290-538b4d53749e
last-modified
Wed, 02 Sep 2020 13:39:51 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426dd4cc8c2db-FRA
expires
Fri, 30 Oct 2020 00:58:11 GMT
subscription
www.zscaler.com/webform/css/
73 B
412 B
Stylesheet
General
Full URL
https://www.zscaler.com/webform/css/subscription?qhvxu7&qhwh5f
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57140e2d39089d723259e3e86568864036fac49f93021d1def07076ccec81bda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:12 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
15812
x-cache
HIT
status
200
x-ah-environment
prod
content-encoding
br
vary
X-UA-Device,Accept-Encoding
cf-request-id
05ac769e510000c2db3daf0200000001
x-request-id
v-b00d16e0-09a5-11eb-b38e-1772b84c3ce9
x-ua-compatible
IE=edge
last-modified
Thu, 08 Oct 2020 20:34:39 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"1602189279"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-language
en
content-type
text/css; charset=UTF-8
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
max-age=2764800, public
cf-ray
5df426dd4cc9c2db-FRA
x-cache-hits
1957
css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
www.zscaler.com/sites/default/files/css/
1 MB
126 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08524cc29d6f9d07cfa673f4edda500727f2fcd589b60c66477c345801d32754
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
217583
x-cache
HIT
status
200
x-cache-hits
3
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
cf-request-id
05ac769e510000c2db3daf1200000001
x-request-id
v-e16310aa-07cf-11eb-a5b9-3b581cf848bc
last-modified
Tue, 06 Oct 2020 12:31:34 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/css
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426dd4ccac2db-FRA
expires
Fri, 30 Oct 2020 00:58:11 GMT
logo.svg
www.zscaler.com/themes/custom/zscaler/
4 KB
2 KB
Image
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/logo.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9889de61b49684c87111bcc4c726a73c3e6d799ca8eefa7f3dc109d533e92470
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1214180
x-cache
HIT
status
200
x-cache-hits
41
x-ah-environment
prod
content-encoding
br
vary
Host, Accept-Encoding
cf-request-id
05ac769e760000c2db3daf6200000001
x-request-id
v-c1054f8c-fdeb-11ea-a521-fb97a211ab60
last-modified
Sat, 25 Jul 2020 17:39:53 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/svg+xml
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426dd8d0bc2db-FRA
expires
Fri, 30 Oct 2020 00:58:11 GMT
zscaler-header-logo-white.png
www.zscaler.com/themes/custom/zscaler/images/logo/
2 KB
3 KB
Image
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/images/logo/zscaler-header-logo-white.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
840353e97eda0d0721411f79be9b32cf832898137e52e3de834e4a1ccc0f62c8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1022455
cf-polished
status=not_needed
x-cache
HIT
status
200
cf-bgj
imgq:100,h2pri
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
2348
cf-request-id
05ac769e780000c2db3daf8200000001
x-request-id
v-5a60bfe0-fe00-11ea-a23d-07697ca69002
last-modified
Sat, 25 Jul 2020 17:40:50 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/png
expires
Fri, 30 Oct 2020 00:58:11 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426dd8d0ec2db-FRA
x-cache-hits
78
default-male-avatar.png
www.zscaler.com/sites/default/files/default_images/
1 KB
1 KB
Image
General
Full URL
https://www.zscaler.com/sites/default/files/default_images/default-male-avatar.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cee0f42bacb66c692d133237b126c52c7f4edc916d591bab14851735e16b20ca
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1017544
cf-polished
origSize=3145, status=vary_header_present
x-cache
HIT
status
200
cf-bgj
imgq:100,h2pri
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
1205
cf-request-id
05ac769e780000c2db3daf9200000001
x-request-id
v-3f00290a-effc-11ea-b256-37f9c6966583
last-modified
Wed, 29 Jul 2020 20:39:23 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/png
expires
Fri, 30 Oct 2020 00:58:11 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426dd8d10c2db-FRA
x-cache-hits
9
Omu57LifqnSv_ydMyTVeUJYBC8MTwogGxk76_AxuO4GpZBslG94LhrxDeWYuBpMDXLLGTofZjLAMG7DSIdYMEkbaP41iD7IGEe4YTrw1m8QToueCDXuRga33HWCJ8Y0T6b8k9qL4
lh3.googleusercontent.com/
11 KB
11 KB
Image
General
Full URL
https://lh3.googleusercontent.com/Omu57LifqnSv_ydMyTVeUJYBC8MTwogGxk76_AxuO4GpZBslG94LhrxDeWYuBpMDXLLGTofZjLAMG7DSIdYMEkbaP41iD7IGEe4YTrw1m8QToueCDXuRga33HWCJ8Y0T6b8k9qL4
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
a99a335ce1405af2cfa898bc47e241045a7a4a23a72eabf30ee1ffe62181f3e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:26 GMT
x-content-type-options
nosniff
age
7245
status
200
content-disposition
inline;filename="jokeicon1.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10928
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 19:28:18 GMT
gy1S2kl4ne6t0rGx48W7b-wRzRObDz78IMR22eX58kVuSLbhBOIGMhXxh4awl-7GqgYSKpoRaOqALeAGVMSA_-xsXneiIEF6k-qZ_d6_27Pad0JvouEH5UBgWYDf7ceM-8zGIJu9
lh3.googleusercontent.com/
15 KB
15 KB
Image
General
Full URL
https://lh3.googleusercontent.com/gy1S2kl4ne6t0rGx48W7b-wRzRObDz78IMR22eX58kVuSLbhBOIGMhXxh4awl-7GqgYSKpoRaOqALeAGVMSA_-xsXneiIEF6k-qZ_d6_27Pad0JvouEH5UBgWYDf7ceM-8zGIJu9
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5d5c9f4ffa50de634b8f15b1c508146edffc34adca1ae8fba7a9b2a1ba2ae996
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:26 GMT
x-content-type-options
nosniff
age
7245
status
200
content-disposition
inline;filename="jokeicon2.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15753
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 19:28:18 GMT
DbKDNtgFGHjBJRjEqan9fitlb1VcfD3RA8Qi8Ps0oGhhJw6ECBRkERXtAaLV19A3za6FJlyEcfMqfOFs4CqOa9tjoDwMC4KJCln3iZwB2q8vJrWYW6JffhE1pkamDB_4kgMkr-JU
lh4.googleusercontent.com/
9 KB
9 KB
Image
General
Full URL
https://lh4.googleusercontent.com/DbKDNtgFGHjBJRjEqan9fitlb1VcfD3RA8Qi8Ps0oGhhJw6ECBRkERXtAaLV19A3za6FJlyEcfMqfOFs4CqOa9tjoDwMC4KJCln3iZwB2q8vJrWYW6JffhE1pkamDB_4kgMkr-JU
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ac5d6d8084a9af03181aacc1b45467b313b655650df763a752f0098808c2d685
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:26 GMT
x-content-type-options
nosniff
age
7245
status
200
content-disposition
inline;filename="jokeicon3.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9150
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
Z4yFowLNn2c8BeaE4L5QhfEyKt8uPVY2qSLEoAy7ug9JijHPOvvymd1PqzO9sZ2N3AaEEGQHrVjJ9wlIgwpd4mak6pbWkKPQ16rfrLF01C9KIvMHutyH8aSQunqipfmU-a2Z8BHF
lh3.googleusercontent.com/
14 KB
14 KB
Image
General
Full URL
https://lh3.googleusercontent.com/Z4yFowLNn2c8BeaE4L5QhfEyKt8uPVY2qSLEoAy7ug9JijHPOvvymd1PqzO9sZ2N3AaEEGQHrVjJ9wlIgwpd4mak6pbWkKPQ16rfrLF01C9KIvMHutyH8aSQunqipfmU-a2Z8BHF
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6005f9409d43a7d1f0f3cdc7250c4db02a10ab67b046c0423271eaf88122f03a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon4.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14648
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 19:16:18 GMT
peI3qpVitwHaVQdZgzJu5M3Azwh2SFI71KYqFX75uMANcCvtPgQ-Cjd-Jks9DIZVVFaz8Njl2k0M8U9v7brzp04Rhp-HtxlcUMoknYsZU7CP6dJi_OgMB5M72UNEcCkG3it1prwc
lh6.googleusercontent.com/
18 KB
18 KB
Image
General
Full URL
https://lh6.googleusercontent.com/peI3qpVitwHaVQdZgzJu5M3Azwh2SFI71KYqFX75uMANcCvtPgQ-Cjd-Jks9DIZVVFaz8Njl2k0M8U9v7brzp04Rhp-HtxlcUMoknYsZU7CP6dJi_OgMB5M72UNEcCkG3it1prwc
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6354079bb92318035f5bb581be7fc96ac798a61b98eae143365e1e6c56ab2aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon5.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17990
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
ycSXfM3Jfhiodji0puoUnIrSqIg5vUqLAD7YlTZ3SxqfGAiz_qaypoX0SjOuK2UtfvQsTVYYw0kW80loSR92I7pHGIE3RSufvt4kusVYxN3D9CtzC67f_okpzzOY-qBIKjESQrZ_
lh6.googleusercontent.com/
12 KB
12 KB
Image
General
Full URL
https://lh6.googleusercontent.com/ycSXfM3Jfhiodji0puoUnIrSqIg5vUqLAD7YlTZ3SxqfGAiz_qaypoX0SjOuK2UtfvQsTVYYw0kW80loSR92I7pHGIE3RSufvt4kusVYxN3D9CtzC67f_okpzzOY-qBIKjESQrZ_
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ffb294518fb4a19a52210d6d52759246962aec7b470e2120769e981235386f39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon6.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12377
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
uPhmpYACyfkyB6IdARauXJkgvUIrzjjrM_YjT6PVyS_oAFI_6wcZSpiAFwPMnM-0irStIb4_MXvVZCIkNFEVahEIaRn5BqgpETkDnn6HdnOEI1pAzzb_SUhutxXsNLSz2lbHrZ_i
lh5.googleusercontent.com/
17 KB
18 KB
Image
General
Full URL
https://lh5.googleusercontent.com/uPhmpYACyfkyB6IdARauXJkgvUIrzjjrM_YjT6PVyS_oAFI_6wcZSpiAFwPMnM-0irStIb4_MXvVZCIkNFEVahEIaRn5BqgpETkDnn6HdnOEI1pAzzb_SUhutxXsNLSz2lbHrZ_i
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
414e035dabd7149bd9dc8bf2a064bf379c91b6532e512a014d415da203f15937
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon7.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17563
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
C6d7ZMJOFJhglTtAoV-QTFgioZnuLReCWKzTN2Jo2tbOVn_vNVH1bGDxE1UWdj7Z9UpZWK1goKhN5WATKFN4DqheHLz6AahX0FMgCKpwgrhnXiiQDAmPJ0Uy9p8zccUGt32XtQc_
lh4.googleusercontent.com/
10 KB
10 KB
Image
General
Full URL
https://lh4.googleusercontent.com/C6d7ZMJOFJhglTtAoV-QTFgioZnuLReCWKzTN2Jo2tbOVn_vNVH1bGDxE1UWdj7Z9UpZWK1goKhN5WATKFN4DqheHLz6AahX0FMgCKpwgrhnXiiQDAmPJ0Uy9p8zccUGt32XtQc_
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e871d3409eafbb7cda1fbd639f2cccb8ea1d2dda702417638b23691e0f27a58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon8.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9774
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
N_F99jk3jCwTfvJWaN_l9OV2uw-7pMFjrXOZVJ6Sruq6-AKQcnlO-aOkse98Iar1E3Lp9bCLMpnDIcuf-vUfWFNBBFNJUPJVKk-7hHsTqD6kTQd6IM4S4LRS3f9dFT8qdzv224Gy
lh5.googleusercontent.com/
21 KB
21 KB
Image
General
Full URL
https://lh5.googleusercontent.com/N_F99jk3jCwTfvJWaN_l9OV2uw-7pMFjrXOZVJ6Sruq6-AKQcnlO-aOkse98Iar1E3Lp9bCLMpnDIcuf-vUfWFNBBFNJUPJVKk-7hHsTqD6kTQd6IM4S4LRS3f9dFT8qdzv224Gy
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
55a784861beee911457f2ac22fc73ba998738bb73149a6da6b8e74dca4a028fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon9.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21559
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
ogRX3z-sHS8sQ6LBDbLNgZ8y9FrLmPsjdfBaASjN_g_Upd76Av3VMX2TnL5F_YSmoMp3Fobo4nZWegC21Tq8OheqtmnmdcHSEzlVGjtUSfZDIuoABXZMDYvgCGt6sqQwiV0cQKDe
lh6.googleusercontent.com/
5 KB
5 KB
Image
General
Full URL
https://lh6.googleusercontent.com/ogRX3z-sHS8sQ6LBDbLNgZ8y9FrLmPsjdfBaASjN_g_Upd76Av3VMX2TnL5F_YSmoMp3Fobo4nZWegC21Tq8OheqtmnmdcHSEzlVGjtUSfZDIuoABXZMDYvgCGt6sqQwiV0cQKDe
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b1e93f71939eeb43c6a154f93fa2d50616d154fa6fe70287aaba4856054141ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon10.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4828
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
aCjp2FdxNmLEv6DaJOkD_SHei5LElQUf9Q3Dl_P7kf4xe78hKZT6QwEHQsUBzyoGi_v6st7DS8j8G-wbXt1DZnlNxqoLAd9hg9w_izxmwEZRSSgOvbWu_05D2IIS6Zt2l1V6hDvh
lh3.googleusercontent.com/
5 KB
6 KB
Image
General
Full URL
https://lh3.googleusercontent.com/aCjp2FdxNmLEv6DaJOkD_SHei5LElQUf9Q3Dl_P7kf4xe78hKZT6QwEHQsUBzyoGi_v6st7DS8j8G-wbXt1DZnlNxqoLAd9hg9w_izxmwEZRSSgOvbWu_05D2IIS6Zt2l1V6hDvh
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
2e68f0843479b96daee91d53be04bb6b3f1633edb5bcb6ec72e4dc3b41feb389
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon13.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5574
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 16:50:55 GMT
TQwtcp5beg3YLKuxkdT1dQZkXS0W97QoApnucVs7FfLpihmYd7X-TIoSMXjZYQiGqyDXPvOVJTdXuaCOvUhMQfA9vUJANsfyaFa27quz7yqQLSvQ9JQpES8bAufr4DmvcDjVLau5
lh6.googleusercontent.com/
7 KB
7 KB
Image
General
Full URL
https://lh6.googleusercontent.com/TQwtcp5beg3YLKuxkdT1dQZkXS0W97QoApnucVs7FfLpihmYd7X-TIoSMXjZYQiGqyDXPvOVJTdXuaCOvUhMQfA9vUJANsfyaFa27quz7yqQLSvQ9JQpES8bAufr4DmvcDjVLau5
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d05ff81c8b5cac3c72323becb5a6266e1176760f46a708d849306b1b0821b8ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon14.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7503
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
V89X6UVx3mNdJ0raFlHOUCsqeBy7pApmkCCY3uJJH9hWore1b70wT338L-8iwIuPq1cr2H5BXywtXZzhPVq_H7Yl4F2mf71BGp8kh--8vS4-RI3nJC3QzZYw-s1CjCBkscywUqOb
lh5.googleusercontent.com/
5 KB
5 KB
Image
General
Full URL
https://lh5.googleusercontent.com/V89X6UVx3mNdJ0raFlHOUCsqeBy7pApmkCCY3uJJH9hWore1b70wT338L-8iwIuPq1cr2H5BXywtXZzhPVq_H7Yl4F2mf71BGp8kh--8vS4-RI3nJC3QzZYw-s1CjCBkscywUqOb
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
cc3e6c0561bbb2df775e499687dbd98ddb12a44f5bddc7d91126b69bae71b622
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="jokeicon15.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5132
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
qH88WBQfPldtm0__s4lhT_Uc5V4Yf81fE1MMbG462Si6YcS41GgQNeOtJj6Qn8UOB8IckXsxutVvsArXhY1j-2PwiWqtEMz3dmAEGuKPgl_ajUb2mXi3KCZZcC-xRTP61LynHklE
lh5.googleusercontent.com/
3 KB
3 KB
Image
General
Full URL
https://lh5.googleusercontent.com/qH88WBQfPldtm0__s4lhT_Uc5V4Yf81fE1MMbG462Si6YcS41GgQNeOtJj6Qn8UOB8IckXsxutVvsArXhY1j-2PwiWqtEMz3dmAEGuKPgl_ajUb2mXi3KCZZcC-xRTP61LynHklE
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
654891f06e1879d48f67e6430294b88f9d35c6d2e49d8bc8fac3fc0e1e985d16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="joker11.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3428
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
csivLzdrD-_iyHcBlFQBtj_cZV_-9lkV31z8XCrBjLv_xlQoZwTvCL3NtVIgxzam7VrWDjfZ7PGis1LmBGsl3VpKkK74BEjum7DcO-sATai04xlRZyl7ND6LkDg-1NRFc06xBcgJ
lh3.googleusercontent.com/
5 KB
5 KB
Image
General
Full URL
https://lh3.googleusercontent.com/csivLzdrD-_iyHcBlFQBtj_cZV_-9lkV31z8XCrBjLv_xlQoZwTvCL3NtVIgxzam7VrWDjfZ7PGis1LmBGsl3VpKkK74BEjum7DcO-sATai04xlRZyl7ND6LkDg-1NRFc06xBcgJ
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ea9e081c68b45e758159cf783e3c9d8bc711eb63880802ed5067de90bbaf63cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="joker12.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5342
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 16:13:37 GMT
ajSH7eQN1DEcSxBlif0dKdo4raKhNikZVSVpiRyRW0d_Ic3GiFUzrPYS7GPX-U9U1gh2HMWnrBroaNMmb7R2PVXy0kNJgNAzagMJzDjQIdSeQ-Qn1B1DboV7lJ1LpPrzxNNJG1GF
lh3.googleusercontent.com/
313 KB
313 KB
Image
General
Full URL
https://lh3.googleusercontent.com/ajSH7eQN1DEcSxBlif0dKdo4raKhNikZVSVpiRyRW0d_Ic3GiFUzrPYS7GPX-U9U1gh2HMWnrBroaNMmb7R2PVXy0kNJgNAzagMJzDjQIdSeQ-Qn1B1DboV7lJ1LpPrzxNNJG1GF
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9a4214766ab3f2d916fdf88e8a68f17ab8101058364455e6ef9b7c1ebd2e4941
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="proxy1.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
320684
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 16:16:49 GMT
-TojUAinL1n0oFQTnL5WQUQaf-IhcyB5Cc4iKPcidy5BUOsRXRCQePNEESJ4sohW5i1GHXgZ0kQZV8a8UZxm9Xv41MHlR62VIZ15LYzP_3bubz0G2A5gK0LkW6M1-DJZI_MHapds
lh4.googleusercontent.com/
251 KB
251 KB
Image
General
Full URL
https://lh4.googleusercontent.com/-TojUAinL1n0oFQTnL5WQUQaf-IhcyB5Cc4iKPcidy5BUOsRXRCQePNEESJ4sohW5i1GHXgZ0kQZV8a8UZxm9Xv41MHlR62VIZ15LYzP_3bubz0G2A5gK0LkW6M1-DJZI_MHapds
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
61d5d919f269ec75970f502e55f039d54e973f9cad8acb36822f826ca7a69848
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="proxydownload.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
257098
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
Du7CvZw02t8jk1wZO4eWC9-ClPq9BExFC6D8ke4zTL8NFOha-BX8KADVTZYgY5PKld4kBhvj7mE9rDkxvC4IzYdJ1giQUxNpYRiGyJsAA3-eobMrm0H6m1DehYccEz--kRkG6BCq
lh5.googleusercontent.com/
303 KB
303 KB
Image
General
Full URL
https://lh5.googleusercontent.com/Du7CvZw02t8jk1wZO4eWC9-ClPq9BExFC6D8ke4zTL8NFOha-BX8KADVTZYgY5PKld4kBhvj7mE9rDkxvC4IzYdJ1giQUxNpYRiGyJsAA3-eobMrm0H6m1DehYccEz--kRkG6BCq
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
270ed0289706cc8027fa60ec5c84b34586d0414beecf4dcec5ae57f733e2c26a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="proxydownloadfinalpayload.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
310683
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
ZModASnHZp8fQD-bvdj0vcrETAlI54ef09sis3mkpE3fM8_xW32nT47VLKWoOWywWlsbEM_9Age-nrxWZmFRnZhWeuPXK28HCxE-fzxQyD0-zJzpAtBMY7eKYWZI3Csuz29Jfa0y
lh4.googleusercontent.com/
381 KB
381 KB
Image
General
Full URL
https://lh4.googleusercontent.com/ZModASnHZp8fQD-bvdj0vcrETAlI54ef09sis3mkpE3fM8_xW32nT47VLKWoOWywWlsbEM_9Age-nrxWZmFRnZhWeuPXK28HCxE-fzxQyD0-zJzpAtBMY7eKYWZI3Csuz29Jfa0y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b282e23d78a0b867403d49f234725097e62aa10cd1c853fc73f36137588352e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="blackdragondalvikstage1.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
389659
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
SugClxlO6bfTcQB_y0NAKxcItcxpZkBoU-iF1wJCvjIveCv3DgQ3y_vAPKYtsFcu95-ROqF6mKLYZxHhkc9RxBrZiGdVJh9kpEMSIxemSdCzlEsGRzbRz9AdFRSvCtqdZfwvnnKd
lh5.googleusercontent.com/
522 KB
522 KB
Image
General
Full URL
https://lh5.googleusercontent.com/SugClxlO6bfTcQB_y0NAKxcItcxpZkBoU-iF1wJCvjIveCv3DgQ3y_vAPKYtsFcu95-ROqF6mKLYZxHhkc9RxBrZiGdVJh9kpEMSIxemSdCzlEsGRzbRz9AdFRSvCtqdZfwvnnKd
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1480e4b9e9939f4e92277111828dc99c63660c80d057c06ac4c6eee9792a131b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="stage2apkdownload.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
534375
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
q8gzm6sPggGeKWtbRV6_T3fAQ6lr8qkLMGnlU-k71YhBJB_nNqm5dwTQjCPPhVp5DT87DtuFgioyPYBbHXnTuEq29lw2ESY0SYIj1euxT-SlYanPHrg4c9XyFSJRL5s4PXhL9RMT
lh5.googleusercontent.com/
345 KB
345 KB
Image
General
Full URL
https://lh5.googleusercontent.com/q8gzm6sPggGeKWtbRV6_T3fAQ6lr8qkLMGnlU-k71YhBJB_nNqm5dwTQjCPPhVp5DT87DtuFgioyPYBbHXnTuEq29lw2ESY0SYIj1euxT-SlYanPHrg4c9XyFSJRL5s4PXhL9RMT
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4aace271d6e0f5da8a6f0df0702d2bd15ba171d1334db8cc80aa5b334bfed54b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="blackdragondalvikstage1code.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
352897
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
qLM6-vYQGwSl25B5o6UyOqZn19-UFmJbNx8iO3FycTfilwJELSVwJxWbgcQuFxzwEj_m2lOJJ89HrY4jLIfsbG6dhLMYDc4tHC370COr9DHsYO8MJPODVfX-j-htiV7bgYn1JWvT
lh3.googleusercontent.com/
106 KB
106 KB
Image
General
Full URL
https://lh3.googleusercontent.com/qLM6-vYQGwSl25B5o6UyOqZn19-UFmJbNx8iO3FycTfilwJELSVwJxWbgcQuFxzwEj_m2lOJJ89HrY4jLIfsbG6dhLMYDc4tHC370COr9DHsYO8MJPODVfX-j-htiV7bgYn1JWvT
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b2b2c0170e98b0712b955cbf8bbc14326be6bac0376b319edc1b1935d4983fc4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="stage2apkdownloadcode.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
108201
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 16:16:49 GMT
L83ygFgYJ47JaYe9Com3GjQnzRjQ5TpgL3qeJcCsjXz5LljACXmVH-MI4NB02M2epFy7oNNsK6wzwhXnH-RjDJM7637xS9yKrPQYNDTx2h-IPNIK_TgnT7Qv_0H0GCjP5gls1eV4
lh6.googleusercontent.com/
264 KB
264 KB
Image
General
Full URL
https://lh6.googleusercontent.com/L83ygFgYJ47JaYe9Com3GjQnzRjQ5TpgL3qeJcCsjXz5LljACXmVH-MI4NB02M2epFy7oNNsK6wzwhXnH-RjDJM7637xS9yKrPQYNDTx2h-IPNIK_TgnT7Qv_0H0GCjP5gls1eV4
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
77b15ae3a803d11f183fb5935927d8035da1f2403055659689e2b0701b431484
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="3stagecod1.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
270478
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
d7sRI5o6tUb3SwmoNia5GFhx0_KcbzK3vp7HetvhsQnJTPfORs3FP6ympYTPQvF44RgfgV8lKgLohA7csMHPAjuQCOCa4aCrojfQoYj8tncMcoQ49sitmWHg2bbZuIsNdafM1Mzy
lh4.googleusercontent.com/
257 KB
257 KB
Image
General
Full URL
https://lh4.googleusercontent.com/d7sRI5o6tUb3SwmoNia5GFhx0_KcbzK3vp7HetvhsQnJTPfORs3FP6ympYTPQvF44RgfgV8lKgLohA7csMHPAjuQCOCa4aCrojfQoYj8tncMcoQ49sitmWHg2bbZuIsNdafM1Mzy
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c21c8ea908c2f8d7239b1aeec3fe10a2553b28da6c7dddbfd473825765121cd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="secondstageshift.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
263604
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
VXD8KkjkEexdeNo4Q2YWFIXJcdOH5c7zjt1fZ9KHdXK3sSA_QlDlHOlU1HHKEvM8rwEAJ4zdbRmskxEIMNa9rvubnMuWcKBMigckKhC9CnJj9Popgmoh6KLImCDIfi-fFAeIQFdy
lh5.googleusercontent.com/
49 KB
49 KB
Image
General
Full URL
https://lh5.googleusercontent.com/VXD8KkjkEexdeNo4Q2YWFIXJcdOH5c7zjt1fZ9KHdXK3sSA_QlDlHOlU1HHKEvM8rwEAJ4zdbRmskxEIMNa9rvubnMuWcKBMigckKhC9CnJj9Popgmoh6KLImCDIfi-fFAeIQFdy
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8cbbd6827af738145cca58e174d2fb5cdb2c0ecbd2a7d4fa83010b4afd265ca9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="secondstageshift2.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49924
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
6JdDBQk-elIsH6l6iIjiP3ciqS3UeOFY_OGY8vZhZPT-dme2IuO1eHHm7V30A_ehSh4abti6ND0yScBVj_isY_ZwpnYU4JbSiogHwduwuYSGLhTRgwekhh64QEmnmE6Q6Y9yA5Au
lh5.googleusercontent.com/
471 KB
471 KB
Image
General
Full URL
https://lh5.googleusercontent.com/6JdDBQk-elIsH6l6iIjiP3ciqS3UeOFY_OGY8vZhZPT-dme2IuO1eHHm7V30A_ehSh4abti6ND0yScBVj_isY_ZwpnYU4JbSiogHwduwuYSGLhTRgwekhh64QEmnmE6Q6Y9yA5Au
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
0d20889fa156bff90f2f3062e033502bbf035dc80ef214a872cfa114803a246e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="blackdragondalvikstage2.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
482042
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
jocl3w_n4Giy5PJQsOiyJm8MT-QS9o6VM0l1HfqpDMQoxedpVRkifO-OQZjYIqgc3zTkYWbhCYigzNZgh314sQjHQCr9qPOnWKHs4-k8JhCT9WCzUqUQrcszy_QIuiVx9m0zrZLC
lh4.googleusercontent.com/
330 KB
330 KB
Image
General
Full URL
https://lh4.googleusercontent.com/jocl3w_n4Giy5PJQsOiyJm8MT-QS9o6VM0l1HfqpDMQoxedpVRkifO-OQZjYIqgc3zTkYWbhCYigzNZgh314sQjHQCr9qPOnWKHs4-k8JhCT9WCzUqUQrcszy_QIuiVx9m0zrZLC
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
bd758009f99406c94c2fefc42675c0bf5e64144601407f63fe9ce225e8f4688a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="stage2finalapkdownload.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
337836
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
jijMYDsHQ9Mv0OdEcwy889_wnaZeD8uxr5Qek7pvblVy9Qj60c2Ype1uiR7m2mZV6hJGG6v0ODo3atecD-arFlkfhYw9bq2FcMRNILRWSsw_JxuRF7Tb4Ek0RGpa0Xkzr5ab_HAX
lh6.googleusercontent.com/
197 KB
197 KB
Image
General
Full URL
https://lh6.googleusercontent.com/jijMYDsHQ9Mv0OdEcwy889_wnaZeD8uxr5Qek7pvblVy9Qj60c2Ype1uiR7m2mZV6hJGG6v0ODo3atecD-arFlkfhYw9bq2FcMRNILRWSsw_JxuRF7Tb4Ek0RGpa0Xkzr5ab_HAX
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
fa793d29251ea169a565209f1b8e7f9f415939b9430ae4256a10a4f384932cd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="backendapipayload1.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
202017
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
q-pc2m1bmSeFfyjb9SIv0wuz7uCUA5fk3--JVbMXL_CBvWsej55SbrKPed38GV0Nzri8T9G-8rv9ZY0Kc-3ZMNmoyvBu4D0Hg_4LdIWO-9cdtL0x-1juJEl0w-Zh7AaDHredjEXh
lh4.googleusercontent.com/
270 KB
270 KB
Image
General
Full URL
https://lh4.googleusercontent.com/q-pc2m1bmSeFfyjb9SIv0wuz7uCUA5fk3--JVbMXL_CBvWsej55SbrKPed38GV0Nzri8T9G-8rv9ZY0Kc-3ZMNmoyvBu4D0Hg_4LdIWO-9cdtL0x-1juJEl0w-Zh7AaDHredjEXh
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
a25a7319ee17dcc08828c9993df0a77ef30f3a314d6b6f7e609f25fb16d79c35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="backendapipayload2.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
276603
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
bExa6sBh_vhNi3jqWGJVOIwT-0w-NhL10KBHKmfGMVA6pVLfVUeV1WRTIjj4dI4AHKUBlrmCgJFf8UKRZpRPnKj7I2ZrkgnuRvdXagb7Ryi_9tJdq6jzzah7TMki4QVXHXh0XAU8
lh3.googleusercontent.com/
277 KB
277 KB
Image
General
Full URL
https://lh3.googleusercontent.com/bExa6sBh_vhNi3jqWGJVOIwT-0w-NhL10KBHKmfGMVA6pVLfVUeV1WRTIjj4dI4AHKUBlrmCgJFf8UKRZpRPnKj7I2ZrkgnuRvdXagb7Ryi_9tJdq6jzzah7TMki4QVXHXh0XAU8
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
23e927f07fd97e29a3c11f33bc01a8b4240022601a38f3477953371559e48220
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="backendapipayload3.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
283429
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 16:13:37 GMT
HzTDPQkonqTn2HwspE0eRQGR_qbOTeIWQWkVOkUyrfvX8UtXVai_XdG5UcEM1P2sJNz2DP0McFdwvHOb0quYqhcDwQr7Ii93rJPFmeQKvULlWcrWnOq2dStK1r54rbx6bYHqLv_y
lh3.googleusercontent.com/
275 KB
276 KB
Image
General
Full URL
https://lh3.googleusercontent.com/HzTDPQkonqTn2HwspE0eRQGR_qbOTeIWQWkVOkUyrfvX8UtXVai_XdG5UcEM1P2sJNz2DP0McFdwvHOb0quYqhcDwQr7Ii93rJPFmeQKvULlWcrWnOq2dStK1r54rbx6bYHqLv_y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
345eb6f4a8809a0dfc580319437f5fa457f8d191d674cceb54f8c84131c7171b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="finalpayloaddes.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
282068
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 19:48:11 GMT
sncdZrPyScupUKV8HyQnvB9Gxotr5hn5izcIS-jK5WzRfLiT25raBYy0q5IAAgAAgoIRs2Q4NYUkxw7E1RwsaG8uijC0q5xcSCNlpO20IkDe7dWk8BW6rmj8e87lKhShzveENZ4h
lh3.googleusercontent.com/
382 KB
382 KB
Image
General
Full URL
https://lh3.googleusercontent.com/sncdZrPyScupUKV8HyQnvB9Gxotr5hn5izcIS-jK5WzRfLiT25raBYy0q5IAAgAAgoIRs2Q4NYUkxw7E1RwsaG8uijC0q5xcSCNlpO20IkDe7dWk8BW6rmj8e87lKhShzveENZ4h
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9e0a6a6d487bd8701885621f82f5a84dfaf70435c83a2e34cd39ee7e75d0810a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="finalpayloadc2s.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
391477
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 16:16:49 GMT
YaGXhi6eHYeNmNppLEVwffYqX2Fjmttzw5hXuHlVaZ4aNcbuVP0NN11ORXWGn22ngpfpupBfKuGpml6QmBmyfdz5rFCDcJDR7TJJ1LB2CNq7ZMlPFMAByBCmrcz30e1KIniEk0tF
lh3.googleusercontent.com/
457 KB
457 KB
Image
General
Full URL
https://lh3.googleusercontent.com/YaGXhi6eHYeNmNppLEVwffYqX2Fjmttzw5hXuHlVaZ4aNcbuVP0NN11ORXWGn22ngpfpupBfKuGpml6QmBmyfdz5rFCDcJDR7TJJ1LB2CNq7ZMlPFMAByBCmrcz30e1KIniEk0tF
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b6b71d4d2aefb38ad25d37323487aa482049e9cfde39678c4212829ed205858c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="finalpayloaobfuscated.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
467461
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 16:13:37 GMT
S2e7eOYjZj7vdHWX0B7s1Y5fcqy5CLflDUZJPgcalejFlVzW5PJtSEhtCNUmmafuWijTo98yTt8Q2MWvoPS9mWHJ47YU0Oc8urQdYnfzEHP19z56H1OlLXPGf39LSQ-aOK2o95Qp
lh4.googleusercontent.com/
393 KB
393 KB
Image
General
Full URL
https://lh4.googleusercontent.com/S2e7eOYjZj7vdHWX0B7s1Y5fcqy5CLflDUZJPgcalejFlVzW5PJtSEhtCNUmmafuWijTo98yTt8Q2MWvoPS9mWHJ47YU0Oc8urQdYnfzEHP19z56H1OlLXPGf39LSQ-aOK2o95Qp
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
0335a8b504a92288b8b0efa835f4315e3800b93465c6eaae3acb130291371eee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="finalpayloadsms.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
402356
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
eMXsJl0CtMisCHemo8C50S1YDR7y68o_ZTzdPeLSGfyKEEcPXcXMYwHlMy2aeIY2DDStANSIKjQGpfmMynYjnX8MY6ZLAIoy4rd1R546LT6_S1u1m-JIMOW2A6p0oLs1Zqp2NP3s
lh5.googleusercontent.com/
119 KB
120 KB
Image
General
Full URL
https://lh5.googleusercontent.com/eMXsJl0CtMisCHemo8C50S1YDR7y68o_ZTzdPeLSGfyKEEcPXcXMYwHlMy2aeIY2DDStANSIKjQGpfmMynYjnX8MY6ZLAIoy4rd1R546LT6_S1u1m-JIMOW2A6p0oLs1Zqp2NP3s
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9947be7b09f33f9cf29e80cd2d0e562639da61329b71ff5bea23c30c5938f3e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="finalpayloadwapfraud.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122323
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 08 Oct 2020 07:51:10 GMT
CdkRXreUiZJjj2LLoP8GoB52ZPtKaJjsAyHTEHOBB2QrH086FyG6zBEQJY-6sCty_eUW1Ar63SBqLYdivkSU4aTncxl5p-hMoDZuo3ceidTwcokFZ2SRUWMlRi6UdYm9ot4D16Iw
lh3.googleusercontent.com/
97 KB
97 KB
Image
General
Full URL
https://lh3.googleusercontent.com/CdkRXreUiZJjj2LLoP8GoB52ZPtKaJjsAyHTEHOBB2QrH086FyG6zBEQJY-6sCty_eUW1Ar63SBqLYdivkSU4aTncxl5p-hMoDZuo3ceidTwcokFZ2SRUWMlRi6UdYm9ot4D16Iw
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c155e37896f034062f0d1dc0ab679e8e5deb72e0bfd620b185111b8cc63a993f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 22:57:27 GMT
x-content-type-options
nosniff
age
7244
status
200
content-disposition
inline;filename="finalpayloadwapfraud2.png"
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98855
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 16:16:49 GMT
Woman-GettyImages-516141682.jpg
www.zscaler.com/sites/default/files/images/blogs/
271 KB
272 KB
Image
General
Full URL
https://www.zscaler.com/sites/default/files/images/blogs/Woman-GettyImages-516141682.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b5b2b1c674aa9a78594a0b399f98dfd4bd29ee2207e11edb28482850077d090
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
118656
cf-polished
origSize=323090, status=vary_header_present
x-cache
HIT
status
200
cf-bgj
imgq:100,h2pri
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
277823
cf-request-id
05ac769e790000c2db3dafa200000001
x-request-id
v-360bb260-08b6-11eb-81f2-bf11d5ab1a0a
last-modified
Thu, 01 Oct 2020 16:58:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/jpeg
expires
Fri, 30 Oct 2020 00:58:11 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426dd8d11c2db-FRA
x-cache-hits
1
zscaler-blog-internet-security-2_5.jpg
www.zscaler.com/sites/default/files/images/blogs/----category-images/internet-security/
41 KB
42 KB
Image
General
Full URL
https://www.zscaler.com/sites/default/files/images/blogs/----category-images/internet-security/zscaler-blog-internet-security-2_5.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c8a0df6afdbc1059568916219c605f47de362f47a5a3dbd952f79406275034
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
20162
cf-polished
origSize=44096, status=vary_header_present
x-cache
HIT
status
200
cf-bgj
imgq:100,h2pri
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
42395
cf-request-id
05ac769e790000c2db3dafb200000001
x-request-id
v-625526b8-0996-11eb-b8df-c3d0f8123c51
last-modified
Fri, 04 Sep 2020 11:31:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/jpeg
expires
Fri, 30 Oct 2020 00:58:11 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426dd8d12c2db-FRA
x-cache-hits
29
email-decode.min.js
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
881 B
Script
General
Full URL
https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 06 Oct 2020 11:13:20 GMT
server
cloudflare
etag
W/"5f7c5150-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
strict-transport-security
max-age=31536000; preload
cf-ray
5df426dd8d0ac2db-FRA
cf-request-id
05ac769e760000c2db3daf5200000001
expires
Sun, 11 Oct 2020 00:58:11 GMT
92ede4fc-c076-4245-8c3f-85e672763690.js
cdn.cookielaw.org/langswitch/
2 KB
1 KB
Script
General
Full URL
https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Oct 2020 00:58:11 GMT
content-encoding
GZIP
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
wNMyoZp2a7YtIJ5FlCf5Pg==
age
1543
status
200
vary
Accept-Encoding
content-length
737
cf-request-id
05ac769edd00002c2629a08200000001
x-ms-lease-status
unlocked
last-modified
Thu, 23 Jul 2020 20:39:49 GMT
server
cloudflare
etag
0x8D82F488B1FF248
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
c1ef666c-401e-0138-43d9-77dfea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5df426de2eaf2c26-FRA
js_mkG4oFo8ITvEB8m7WvchG6vBZgu6vaSu8RiwMvEgmu4.js
www.zscaler.com/sites/default/files/js/
650 KB
168 KB
Script
General
Full URL
https://www.zscaler.com/sites/default/files/js/js_mkG4oFo8ITvEB8m7WvchG6vBZgu6vaSu8RiwMvEgmu4.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a41b8a05a3c213bc407c9bb5af7211babc1660bbabda4aef118b032f1209aee
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:11 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
132051
x-cache
MISS
status
200
x-ah-environment
prod
content-encoding
br
vary
Host,Accept-Encoding
cf-request-id
05ac769e780000c2db3daf7200000001
x-request-id
v-0c67fa3c-0897-11eb-9822-6f59a9ffb8c8
last-modified
Wed, 07 Oct 2020 12:17:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
text/javascript
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426dd8d0dc2db-FRA
expires
Fri, 30 Oct 2020 00:58:11 GMT
css
fonts.googleapis.com/
15 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2b54788dd0f1140ff76962ca20b5748907079d67f85f140f2d517848eb3e0208
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 09 Oct 2020 00:58:11 GMT
server
ESF
date
Fri, 09 Oct 2020 00:58:11 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 09 Oct 2020 00:58:11 GMT
sf14g.js
t.sf14g.com/
37 KB
37 KB
Script
General
Full URL
https://t.sf14g.com/sf14g.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.242.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-242-176.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:12 GMT
last-modified
Thu, 06 Aug 2020 14:28:30 GMT
server
Kestrel
etag
"1d66bfddb0de89b"
strict-transport-security
max-age=2592000
content-type
application/javascript
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
37787
expires
-1
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-95-62.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Aug 2020 03:11:00 GMT
Server
AkamaiNetStorage
ETag
"a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
gtm.js
www.googletagmanager.com/
207 KB
57 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing_production/google_tag.script.js?qhwh5f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d6ca296495227fb98735cef3f6df6551a1450b4d91a59e18e4951a59eebabb77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:12 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58458
x-xss-protection
0
last-modified
Fri, 09 Oct 2020 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 09 Oct 2020 00:58:12 GMT
75590e24-f605-4d9c-b92c-ca09a93d469f.js
cdn.cookielaw.org/consent/
107 KB
19 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/92ede4fc-c076-4245-8c3f-85e672763690.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
418536118c08ae693b45715835c8ea0ffcab2b6298f2c05d63b6238a5342a5d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Oct 2020 00:58:12 GMT
content-encoding
GZIP
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
F5JM4YKIbDfUDqJkjqiySw==
age
1539
status
200
vary
Accept-Encoding
content-length
18198
cf-request-id
05ac76a1760000c27c8d143200000001
x-ms-lease-status
unlocked
last-modified
Thu, 23 Jul 2020 20:39:52 GMT
server
cloudflare
etag
0x8D82F488D37C4E4
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
9d959f43-e01e-0090-14d9-774daa000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5df426e25c96c27c-FRA
zscaler-blog-post-hero-cyber-security.jpg
www.zscaler.com/sites/default/files/images/page/blog/
39 KB
39 KB
Image
General
Full URL
https://www.zscaler.com/sites/default/files/images/page/blog/zscaler-blog-post-hero-cyber-security.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
990dc3a0b9d056b7002553baf193a4f8c7bbae191a585904e467ccbc9108368b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:12 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1003031
cf-polished
origSize=41486, status=vary_header_present
x-cache
HIT
status
200
cf-bgj
imgq:100,h2pri
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
39631
cf-request-id
05ac76a1980000c2db3db06200000001
x-request-id
v-79caacbe-fde8-11ea-bd5a-173cadcbb2d7
last-modified
Thu, 30 Jul 2020 13:52:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/jpeg
expires
Fri, 30 Oct 2020 00:58:12 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426e28997c2db-FRA
x-cache-hits
68
zscaler-blog-mobile-malware-1%402x.jpg
www.zscaler.com/sites/default/files/images/blogs/----category-images/mobile-malware/
69 KB
70 KB
Image
General
Full URL
https://www.zscaler.com/sites/default/files/images/blogs/----category-images/mobile-malware/zscaler-blog-mobile-malware-1%402x.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
502a2173b53302f128e94d3f02b5a42165aff2acf093d7fd13f4f2aea2a4f7f6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:12 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1227378
cf-polished
origSize=100598, status=vary_header_present
x-cache
HIT
status
200
cf-bgj
imgq:100,h2pri
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
70914
cf-request-id
05ac76a1980000c2db3db07200000001
x-request-id
v-1ab5d81e-fe30-11ea-acae-8bd51f4e7fd2
last-modified
Fri, 04 Sep 2020 11:15:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/jpeg
expires
Fri, 30 Oct 2020 00:58:12 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426e28998c2db-FRA
x-cache-hits
27
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.zscaler.com
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 06 Oct 2020 14:47:52 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
209420
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11016
x-xss-protection
0
expires
Wed, 06 Oct 2021 14:47:52 GMT
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.zscaler.com
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 02 Oct 2020 05:22:43 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
588929
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11180
x-xss-protection
0
expires
Sat, 02 Oct 2021 05:22:43 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.zscaler.com
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 05 Oct 2020 11:04:06 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
309246
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11056
x-xss-protection
0
expires
Tue, 05 Oct 2021 11:04:06 GMT
fa-solid-900.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/
134 KB
135 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-solid-900.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d23676da3d5b10007f7f675da723f274604cd88397dc25c4721519973994a71
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:12 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1016151
x-cache
HIT
status
200
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
137704
cf-request-id
05ac76a1b90000c2db3db09200000001
x-request-id
v-348e8a58-fde3-11ea-a1fb-4b7773c9445f
last-modified
Sat, 25 Jul 2020 17:40:50 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
access-control-allow-origin
*
expires
Fri, 30 Oct 2020 00:58:12 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426e2c9b5c2db-FRA
x-cache-hits
236
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.zscaler.com
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:300,400,700
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 05 Oct 2020 11:04:15 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
309237
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11020
x-xss-protection
0
expires
Tue, 05 Oct 2021 11:04:15 GMT
fa-light-300.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/
181 KB
181 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-light-300.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dc6a571eb2c6ef91003bd4dd0ed914d0bbe394d4347bb503e0d3b1b9295a6db
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:12 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1016151
x-cache
HIT
status
200
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
185360
cf-request-id
05ac76a1c70000c2db3db0a200000001
x-request-id
v-7798d7c2-effb-11ea-a775-2387e3afdca5
last-modified
Sat, 25 Jul 2020 17:40:50 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
access-control-allow-origin
*
expires
Fri, 30 Oct 2020 00:58:12 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426e2d9c1c2db-FRA
x-cache-hits
23
fa-brands-400.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/
74 KB
75 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-brands-400.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79e40ce5098ca3d5d3ed476b2b4e156829bdec21fb8c07bab967f6525f5c5677
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:12 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1016151
x-cache
HIT
status
200
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
76008
cf-request-id
05ac76a1c70000c2db3db0b200000001
x-request-id
v-f2f1a030-effa-11ea-94e1-070aedc2daca
last-modified
Sat, 25 Jul 2020 17:39:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
access-control-allow-origin
*
expires
Fri, 30 Oct 2020 00:58:12 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426e2d9c2c2db-FRA
x-cache-hits
22
icon-enlarge-btn.svg
www.zscaler.com/themes/custom/zscaler/images/icons/
3 KB
1 KB
Image
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/images/icons/icon-enlarge-btn.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:12 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1006134
x-cache
HIT
status
200
x-cache-hits
1
x-ah-environment
prod
content-encoding
br
vary
Host, Accept-Encoding
cf-request-id
05ac76a29a0000c2db3db0d200000001
x-request-id
v-43bef792-f014-11ea-bba5-97eb086ef595
last-modified
Sat, 25 Jul 2020 17:40:50 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/svg+xml
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
cf-ray
5df426e42acbc2db-FRA
expires
Fri, 30 Oct 2020 00:58:12 GMT
munchkin.js
munchkin.marketo.net/159/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/159/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-95-62.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:12 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 May 2020 02:24:14 GMT
Server
AkamaiNetStorage
ETag
"79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4810
Expires
Sun, 17 Jan 2021 00:58:12 GMT
optanon.css
cdn.cookielaw.org/skins/6.3.0/default_responsive_alert_bottom_two_button_white/v2/css/
20 KB
4 KB
Stylesheet
General
Full URL
https://cdn.cookielaw.org/skins/6.3.0/default_responsive_alert_bottom_two_button_white/v2/css/optanon.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/75590e24-f605-4d9c-b92c-ca09a93d469f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 09 Oct 2020 00:58:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
PWkyRiXr+QHryDwIyQmJag==
age
2971
status
200
vary
Accept-Encoding
content-length
3587
cf-request-id
05ac76a4250000c27c8d152200000001
x-ms-lease-status
unlocked
last-modified
Fri, 10 Jul 2020 04:10:55 GMT
server
cloudflare
etag
0x8D824873E42B519
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
a456da9b-501e-00e4-16d9-77cbec000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5df426e6af93c27c-FRA
conversion_async.js
www.googleadservices.com/pagead/
29 KB
11 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
d859a4dd217c69f291adef445e1c3a938ef7d850af3ba0f79f8ae081cda89e12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11343
x-xss-protection
0
server
cafe
etag
2112904452244658753
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 09 Oct 2020 00:58:13 GMT
roundtrip.js
s.adroll.com/j/
38 KB
13 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
46c7beac35c555eb521ac843574a9d23990a3cb66ea66f4790ae79c6ec1b59b4

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
vkOVpwEy.RjRS7Sepp3ckuYNboFxY3Jv
Content-Encoding
gzip
ETag
"ed6ec40ab151cdbc6acf0d7c55464ec8"
x-amz-request-id
880600AC6C9C1667
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
12290
x-amz-id-2
bLbq8FlI91DUxqB4UwWsL1Q+oXFXAatrrU0BTTbivK3PpdjQV4XOQFAoKsAPLFDuVBAcXabm4vA=
Last-Modified
Thu, 08 Oct 2020 19:42:21 GMT
Server
AmazonS3
Date
Fri, 09 Oct 2020 00:58:13 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
insight.min.js
snap.licdn.com/li.lms-analytics/
965 B
761 B
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:13 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Sep 2020 22:01:48 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=29218
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
448
iframe_api
www.youtube.com/
859 B
1 KB
Script
General
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
f3c76e2b6dd991d89123b14eaf5604a62e41bfc722cecbe7bc7cb0ae5114870c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:13 GMT
x-content-type-options
nosniff
server
YouTube Frontend Proxy
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
status
200
cache-control
no-cache
content-type
application/javascript
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Tue, 27 Apr 1971 19:44:06 GMT
bizible.js
cdn.bizible.com/scripts/
86 KB
33 KB
Script
General
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BA7) /
Resource Hash
4c77b84665a1e6bfb24ec928a1ed9045818099f6a6f2e26e2bb22a560067183f

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:13 GMT
content-encoding
gzip
last-modified
Thu, 08 Oct 2020 14:36:33 GMT
server
ECS (amb/6BA7)
age
29901
etag
"02a1e6b809dd61:0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
33784
fbevents.js
connect.facebook.net/en_US/
88 KB
23 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23070
x-xss-protection
0
pragma
public
x-fb-debug
M83F8LrzjUOSZ67WyHfwEb97G9DPns6ihSq7r8eRgdW2CdQwyk6kaoNVw37TDc9fDtS1tjfbLOcNBO05gUjIuQ==
x-fb-trip-id
664085054
date
Fri, 09 Oct 2020 00:58:13 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
6si.min.js
j.6sc.co/
15 KB
7 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.70.122 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-70-122.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Sep 2020 22:09:24 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5f6d1914-3a6c"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age
86400
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
6116
tracking.js
trk.techtarget.com/
4 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
PWS/8.3.1.0.8 /
Resource Hash
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:13 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Jun 2019 20:11:17 GMT
Server
PWS/8.3.1.0.8
Age
205
X-Ws-Request-Id
5f7fb5a5_PSdgflkfFRA2so7_14137-35852
Content-Type
text/javascript
Via
1.1 PSmgnyNY2no188:0 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control
max-age=600
X-Cache-Spec
Yes
X-Px
ht PSdgflkfFRA2gb73FRA
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1711
Expires
Fri, 09 Oct 2020 01:04:48 GMT
main.rtfl.js
visitor.reactful.com/dist/
270 KB
105 KB
Script
General
Full URL
https://visitor.reactful.com/dist/main.rtfl.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4010:c05::79 Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
fdde3016f0fc51a46ce7cf095d624618f57ec46bfe4100631d2d416ddbe132ad

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 05:25:06 GMT
content-encoding
gzip
server
Google Frontend
age
70387
etag
"8t1MTw"
content-type
application/javascript; charset=UTF-8
status
200
x-cloud-trace-context
308d775ab8d904e1017b51a0fbfad7d3
cache-control
public,public, max-age=432000
content-length
106683
expires
Tue, 13 Oct 2020 05:25:06 GMT
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
1473
date
Fri, 09 Oct 2020 00:33:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Fri, 09 Oct 2020 02:33:40 GMT
visitWebPage
306-zej-256.mktoresp.com/webevents/
2 B
311 B
XHR
General
Full URL
https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1602205093037&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-zscaler.com-1602205093036-31363&_mchHo=www.zscaler.com&_mchPo=&_mchRu=%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=&_mchQp=siteid%3DRIQSITE
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:13 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
09ea8318-5a6d-4f44-871b-6e306a295d00
1778897272132032
connect.facebook.net/signals/config/
234 KB
68 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1778897272132032?v=2.9.27&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a3399f8ac46185c73a35b367abb87833931d1f77196b138ccb145dae72ed46b1
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
69794
x-xss-protection
0
pragma
public
x-fb-debug
a5mp8txQnnh+gGshU3ISkGpybd/mfplESt+6eR/2DKPxnmdqAAHqcgn2cSjgXJxe46KQati5UJQpHmVpbv6GxA==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Fri, 09 Oct 2020 00:58:13 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
87 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-6177009-1&cid=1674576684.1602205094&jid=831281837&gjid=1697698895&_gid=369755703.1602205094&_u=YGBAgEABAAAAAE~&z=841057997
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 09 Oct 2020 00:58:13 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
62 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=1934963980&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&ul=en-us&de=UTF-8&dt=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=831281837&gjid=1697698895&cid=1674576684.1602205094&tid=UA-6177009-1&_gid=369755703.1602205094&gtm=2wg9u15SLZFK&z=1493027825
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Oct 2020 15:01:46 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
35787
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
insight.beta.min.js
snap.licdn.com/li.lms-analytics/
4 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:13 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Sep 2020 22:01:48 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=24028
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1799
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1602205093788&cv=9&fst=1602205093788&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&tiba=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2f159f03ec722521d0aef34f26bfac6075656f6224d5fcb2142a94a10d533618
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1063
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1602205093792&cv=9&fst=1602205093792&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&tiba=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c63b703ebd374c28f06a16fcdd1ef3dfc3da1cdb295b06d3f7bca3047810bc2f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1063
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vflRKz1gy/
104 KB
37 KB
Script
General
Full URL
https://s.ytimg.com/yts/jsbin/www-widgetapi-vflRKz1gy/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2a11b91e727afb0246f5e0b36ae217194395b7ae1af62dc1477971aa3623954d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 07 Oct 2020 03:53:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
162304
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37780
x-xss-protection
0
last-modified
Wed, 07 Oct 2020 00:43:32 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=691200
accept-ranges
bytes
timing-allow-origin
https://www.youtube.com
expires
Thu, 15 Oct 2020 03:53:09 GMT
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B
Script
General
Full URL
https://s.adroll.com/j/exp/index.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
0A9DFB41B15EF3A2
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified
Fri, 31 Jul 2020 16:11:15 GMT
Server
AmazonS3
Date
Fri, 09 Oct 2020 00:58:14 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Fri, 09 Oct 2020 00:58:13 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/
0
705 B
Script
General
Full URL
https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
fmbuqLlTshKHe0uyBEVLBoMhsn69YSRY
ETag
"d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id
4F8630D5E926499D
x-amz-server-side-encryption
AES256
Connection
keep-alive
Content-Length
0
x-amz-id-2
aYJBB997lgPwNTE6VwfehETi5Q2A+63OV4a+cmRBIg1ToTnkgZZMIbxDW0BOHBkTL5GMF3eLFDw=
Last-Modified
Thu, 08 Oct 2020 21:21:22 GMT
Server
AmazonS3
Date
Fri, 09 Oct 2020 00:58:13 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/ULSJHTPGTZGY3EPPZSKHKS?_s=cfaed81e97ff7ae99bb80bbb97ae5e95&_b=2
  • https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=cfaed81e97ff7ae99bb80bbb97ae5e95&_b=2
394 B
862 B
Script
General
Full URL
https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=cfaed81e97ff7ae99bb80bbb97ae5e95&_b=2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.166.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-166-45.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
423f10554d1e324ef22127d5667c16184bb7ee01f4b221fb673c4c59ec533c7e

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
server
nginx/1.18.0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
application/javascript
content-length
394

Redirect headers

status
302
date
Fri, 09 Oct 2020 00:58:13 GMT
server
nginx/1.18.0
content-length
105
location
https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS/?_s=cfaed81e97ff7ae99bb80bbb97ae5e95&_b=2
/
c.6sc.co/
47 B
371 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.70.122 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-70-122.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
52bd19c1c2ab5965413e6562261cac555306222bc5c77f8592d214fd6511c2d8

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:13 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.zscaler.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
getuidj
secure.adnxs.com/
11 B
703 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.240 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 09 Oct 2020 00:58:13 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 717.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.153:80
AN-X-Request-Uuid
cbbd754b-d4db-46b6-97c7-4b7b98ae092d
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.zscaler.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
activity.gif
apt.techtarget.com/activity/
43 B
450 B
Image
General
Full URL
https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=2334982&version=2.0&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&r=1602205093800
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:14 GMT
Last-Modified
Tue, 26 Mar 2019 18:30:29 GMT
ETag
"2b-5850384023492"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=18
Content-Length
43
ipv
cdn.bizible.com/m/
43 B
304 B
Image
General
Full URL
https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=2b7cd93bae0241c1b6e44f8ff6ca4392&_biz_s=278b65&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&_biz_t=1602205093806&_biz_i=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&_biz_n=0&rnd=978461&cdn_o=a&_biz_z=1602205093808
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B75) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
last-modified
Fri, 02 Oct 2020 01:56:47 GMT
server
ECS (amb/6B75)
age
601286
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
u
cdn.bizibly.com/
43 B
344 B
Image
General
Full URL
https://cdn.bizibly.com/u?_biz_u=2b7cd93bae0241c1b6e44f8ff6ca4392&_biz_s=278b65&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&_biz_t=1602205093813&_biz_i=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&rnd=112856&cdn_o=a&_biz_z=1602205093813
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.42 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B97) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
last-modified
Fri, 09 Oct 2020 00:53:19 GMT
server
ECS (amb/6B97)
age
294
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
tracking.png
tracking.leadlander.com/
Redirect Chain
  • https://tracking.leadlander.com/api/tracking?accountId=14146&page=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&referer=&fp=5d2f10942...
  • https://tracking.leadlander.com/tracking.png
68 B
296 B
Image
General
Full URL
https://tracking.leadlander.com/tracking.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.242.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-242-176.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
last-modified
Wed, 26 Sep 2018 16:48:51 GMT
server
Kestrel
etag
"1d455b8cd761bc4"
strict-transport-security
max-age=2592000
content-type
image/png
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
68
expires
-1

Redirect headers

status
302
date
Fri, 09 Oct 2020 00:58:14 GMT
server
Kestrel
access-control-allow-origin
*
location
/tracking.png
content-length
0
strict-transport-security
max-age=2592000
ga-audiences
www.google.com/ads/
42 B
250 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-6177009-1&cid=1674576684.1602205094&jid=831281837&_u=YGBAgEABAAAAAE~&z=283201680
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
106 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-6177009-1&cid=1674576684.1602205094&jid=831281837&_u=YGBAgEABAAAAAE~&z=283201680
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
visitor.reactful.com/config/494419/
0
0
Other
General
Full URL
https://visitor.reactful.com/config/494419/?page=%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play&hash=&referer=&user_id=&hshkgid=6571dab2-feda-4980-a01f-9220a8e2e5e9&cb_rtfl=_rtfl_jsonp_0
Protocol
H2
Server
2a00:1450:4010:c05::79 Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
url-params-data
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

status
200
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://www.zscaler.com
access-control-allow-methods
GET
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
content-type
text/javascript
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-cloud-trace-context
65386e34e882ed3521f1034b4855abb3
date
Fri, 09 Oct 2020 00:58:14 GMT
server
Google Frontend
content-length
0
expires
Fri, 09 Oct 2020 00:58:14 GMT
/
visitor.reactful.com/config/494419/
3 KB
1 KB
XHR
General
Full URL
https://visitor.reactful.com/config/494419/?page=%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play&hash=&referer=&user_id=&hshkgid=6571dab2-feda-4980-a01f-9220a8e2e5e9&cb_rtfl=_rtfl_jsonp_0
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4010:c05::79 Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
759dbf3b59afeb8e0928ba4f9207bdc423e3edaa5f63cd6343e9ee29de2c794f

Request headers

Url-Params-Data
eyJzaXRlaWQiOiJSSVFTSVRFIn0=
Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:14 GMT
content-encoding
gzip
server
Google Frontend
status
200
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
access-control-allow-origin
https://www.zscaler.com
x-cloud-trace-context
fe2e59c1aa15d333b75f7ca70f413455;o=1
cache-control
no-cache
access-control-allow-credentials
true
content-type
text/html; charset=utf-8
access-control-allow-headers
Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length
795
expires
Fri, 09 Oct 2020 00:58:14 GMT
/
www.facebook.com/tr/
44 B
258 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&rl=&if=false&ts=1602205093931&sw=1600&sh=1200&v=2.9.27&r=stable&ec=0&o=30&fbp=fb.1.1602205093930.226221922&it=1602205093187&coo=false&rqm=GET
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:13 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 09 Oct 2020 00:58:13 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=&visitor=517adc29-c17c-4494-8563-8f99244a5b8e&session=02481c0c-e9e1-49cd-8e3b-b6106eeafd41&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22Joker%20is%20one%20of%20the%20most%20prominent%20types%20of%20malware%20targeting%20Android%20and%20keeps%20finding%20its%20way%20into%20Google%E2%80%99s%20official%20application%20market.%22%2C%22keywords%22%3A%22joker%2C%20ThreatLabZ%2C%20Android%2C%20Google%20Play%2C%20malware%22%2C%22title%22%3A%22Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog%22%7D&cb=05093934&r=&thirdParty=%7B%7D&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.70.122 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-70-122.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:14 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
xdc.js
cdn.bizible.com/
116 B
411 B
Script
General
Full URL
https://cdn.bizible.com/xdc.js?_biz_u=2b7cd93bae0241c1b6e44f8ff6ca4392&_biz_h=-1906410348&cdn_o=a&jsVer=4.20.08.28
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BBB) /
Resource Hash
cde2180b4fd4eddc41183f0f99750dac770436929ba8b811ea8ac9d31e5aa450

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:13 GMT
content-encoding
gzip
server
ECS (amb/6BBB)
etag
D86B209A
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
private, must-revalidate, max-age=21600
content-type
text/javascript; charset=utf-8
content-length
218
details
epsilon.6sense.com/v1/company/
0
0
Other
General
Full URL
https://epsilon.6sense.com/v1/company/details
Protocol
H2
Server
52.29.125.201 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
authorization,epsiloncookie
Origin
https://www.zscaler.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

status
200
date
Fri, 09 Oct 2020 00:58:13 GMT
server
nginx/1.16.0
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
access-control-max-age
1800
access-control-allow-methods
OPTIONS,GET
access-control-allow-headers
authorization,epsiloncookie
details
epsilon.6sense.com/v1/company/
128 B
301 B
XHR
General
Full URL
https://epsilon.6sense.com/v1/company/details
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.125.201 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
05301854d614340b7c1954bf2f43ea5c7306f464865570b1881bc5f2be9fd737

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Authorization
Token d9a28eea7120bf0c47191c72d2fdf42c4de8fc4e
EpsilonCookie
9fb51002d5300000a5b57f5f660000001d9d0200

Response headers

date
Fri, 09 Oct 2020 00:58:14 GMT
server
nginx/1.16.0
status
200
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
content-length
128
u
cdn.bizible.com/m/
43 B
121 B
Image
General
Full URL
https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A306-ZEJ-256%26token%3A_mch-zscaler.com-1602205093036-31363&_biz_u=2b7cd93bae0241c1b6e44f8ff6ca4392&_biz_s=278b65&_biz_l=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&_biz_t=1602205093814&_biz_i=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&_biz_n=1&rnd=248707&cdn_o=a&_biz_z=1602205093946
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BBE) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
last-modified
Fri, 02 Oct 2020 01:12:10 GMT
server
ECS (amb/6BBE)
age
603964
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1602205093947&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1602205093947%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblog...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1602205093947&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&liSync=...
0
273 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1602205093947&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&liSync=true
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:14 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
1MTiYwstPBZAuwMx6CoAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
dUKXXAstPBaAFgf67ioAAA==
pragma
no-cache
x-li-pop
afd-prod-esv5
x-msedge-ref
Ref A: 4C0C40C891C94692B634838EF7C5F21E Ref B: FRAEDGE1115 Ref C: 2020-10-09T00:58:14Z
x-frame-options
sameorigin
date
Fri, 09 Oct 2020 00:58:14 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1602205093947&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/973777747/
42 B
65 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/973777747/?random=1602205093788&cv=9&fst=1602201600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&tiba=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&async=1&fmt=3&is_vtc=1&random=563765442&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/973777747/
42 B
65 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/973777747/?random=1602205093788&cv=9&fst=1602201600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&tiba=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&async=1&fmt=3&is_vtc=1&random=563765442&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/812494211/
42 B
65 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/812494211/?random=1602205093792&cv=9&fst=1602201600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&tiba=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&async=1&fmt=3&is_vtc=1&random=97860798&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/812494211/
42 B
88 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/812494211/?random=1602205093792&cv=9&fst=1602201600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9u1&sendb=1&frm=0&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&tiba=Joker%20Playing%20Hide-and-Seek%20with%20Google%20Play%20%7C%20blog&async=1&fmt=3&is_vtc=1&random=97860798&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
XYPZFM5QENHXRH7RBBI5PW.js
s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/
Redirect Chain
  • https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-pl...
  • https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
6 KB
3 KB
Script
General
Full URL
https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
6d73c46f2a728f1e21f9c7d123379c125d8d3213ef485de951de1b763f5d8754

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
KcilK0A8Hjflst5pBhY5FI0e5zJ2VBTp
Content-Encoding
gzip
ETag
"a576713fd9c6bbeeb8b436eda5289dcf"
x-amz-request-id
BBAE0AAB0D4B1389
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2044
x-amz-id-2
kBylQ7fmn48vBGX+uN+ZEMDgdZcjxxhVsDXx02vxIjZl6dgw9alZdJZ0FeWoT4/LguYeSubGxKo=
Last-Modified
Wed, 29 Jul 2020 14:53:17 GMT
Server
AmazonS3
Date
Fri, 09 Oct 2020 00:58:14 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

date
Fri, 09 Oct 2020 00:58:14 GMT
x-segment-display-name
Visitors to Unsegmented Pages
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
302
content-length
0
pragma
no-cache
x-conversion-value
0.00
server
nginx/1.18.0
x-rule
*
x-segment-eid
XYPZFM5QENHXRH7RBBI5PW
location
https://s.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/XYPZFM5QENHXRH7RBBI5PW.js
cache-control
no-store, no-cache, must-revalidate
x-pixel-eid
22OEOVE2YNFA3EKSRERISY
x-segment-name
*
x-advertisable-eid
ULSJHTPGTZGY3EPPZSKHKS
x-conversion-currency
sendrolling.js
s.adroll.com/j/
9 KB
3 KB
Script
General
Full URL
https://s.adroll.com/j/sendrolling.js
Requested by
Host: d.adroll.com
URL: https://d.adroll.com/pixel/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&pv=10240019408.527058&cookie=&adroll_s_ref=&keyw=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
NM.EHVfGEDu2TYFqb1osrv1zRII373EC
Content-Encoding
gzip
ETag
"15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id
75B93B99450D9821
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2039
x-amz-id-2
LLXPK6WOd/JkL78v3IWpxVYE6WLY0eyso2S9SGWA5fuDVP/IFReKscAk0ef5FiAsTnpUaCbbaQA=
Last-Modified
Mon, 03 Feb 2020 20:32:06 GMT
Server
AmazonS3
Date
Fri, 09 Oct 2020 00:58:14 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
476377582537549
connect.facebook.net/signals/config/
234 KB
68 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/476377582537549?v=2.9.27&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
342dcf68c55ca02d35bddcb800e66b359245939e9b0b324b84564ad46ea2ab2a
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
69786
x-xss-protection
0
pragma
public
x-fb-debug
jQrtf++Bx5Y3zKg5c2m+Jd2e5CbvhAlU22olgdh+4v2vaPt21fQmQlr0q/1/SlC8hJncYG/B4g12akFRGtHs6g==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Fri, 09 Oct 2020 00:58:14 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
sync
pixel.advertising.com/ups/55980/
Redirect Chain
  • https://d.adroll.com/cm/aol/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%...
  • https://pixel.advertising.com/ups/55980/sync?uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
0
125 B
Image
General
Full URL
https://pixel.advertising.com/ups/55980/sync?uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.197.47.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-47-23.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Fri, 09 Oct 2020 00:58:14 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
server
nginx/1.18.0
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://pixel.advertising.com/ups/55980/sync?uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
cache-control
no-store, no-cache, must-revalidate
content-length
167
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://d.adroll.com/cm/index/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsitei...
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expiration=1633741094
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expiration=1633741094&C=1
43 B
1003 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expiration=1633741094&C=1
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 09 Oct 2020 00:58:14 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 09 Oct 2020 00:58:14 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 09 Oct 2020 00:58:14 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expiration=1633741094&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
333
Expires
Fri, 09 Oct 2020 00:58:14 GMT
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://d.adroll.com/cm/n/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3D...
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expires=365
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expires=365
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
66ef90d06496cfd000aab8206f2b6221
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
server
nginx/1.18.0
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&expires=365
cache-control
no-store, no-cache, must-revalidate
content-length
124
cookie-sync
sync.outbrain.com/
Redirect Chain
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsi...
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&rdrctExp=true
0
475 B
Image
General
Full URL
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&rdrctExp=true
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.127 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 00:58:14 GMT
Cache-Control
no-cache
X-TraceId
77789b46db36d210fedcff5834481ffd
Content-Length
0

Redirect headers

Location
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&rdrctExp=true
Date
Fri, 09 Oct 2020 00:58:14 GMT
X-TraceId
c56d5d1280ea2ea9096ef03a4a1527b3
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/
Redirect Chain
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsi...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...
1 B
1010 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection
close
Pragma
no-cache
Date
Fri, 09 Oct 2020 00:58:14 GMT
X-lat
Pug23028:0:333
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control
no-store, no-cache, private
Content-Type
text/html; charset=utf-8
Content-Length
1

Redirect headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
server
nginx/1.18.0
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
cache-control
no-store, no-cache, must-revalidate
content-length
220
in
d.adroll.com/cm/r/
Redirect Chain
  • https://d.adroll.com/cm/r/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3D...
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
  • https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
42 B
500 B
Image
General
Full URL
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.166.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-166-45.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
server
nginx/1.18.0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42

Redirect headers

date
Fri, 09 Oct 2020 00:58:14 GMT
referrer-policy
no-referrer-when-downgrade
server
ATS
age
0
status
302
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsit...
  • https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
0
218 B
Image
General
Full URL
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
tbl-x-upstream
10.40.20.14:10213
date
Fri, 09 Oct 2020 00:58:14 GMT
server
nginx
x-fastly-to-nlb-rtt
3880

Redirect headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
server
nginx/1.18.0
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
cache-control
no-store, no-cache, must-revalidate
content-length
111
xuid
eb2.3lift.com/
Redirect Chain
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3F...
  • https://eb2.3lift.com/xuid?mid=4714&xuid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&dongle=c85e
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.206.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-206-167.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 09 Oct 2020 00:58:14 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

status
302
date
Fri, 09 Oct 2020 00:58:14 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
location
/xuid?ld=1&mid=4714&xuid=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
in
d.adroll.com/cm/mk/ULSJHTPGTZGY3EPPZSKHKS/
42 B
500 B
Image
General
Full URL
https://d.adroll.com/cm/mk/ULSJHTPGTZGY3EPPZSKHKS/in?id=id%3A306-ZEJ-256%26token%3A_mch-zscaler.com-1602205093036-31363
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.166.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-166-45.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
server
nginx/1.18.0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42
sync
x.bidswitch.net/ul_cb/
Redirect Chain
  • https://d.adroll.com/cm/b/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3D...
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
43 B
410 B
Image
General
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.59.128.17 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-59-128-17.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 09 Oct 2020 00:58:14 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status
302
date
Fri, 09 Oct 2020 00:58:14 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
location
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
bounce
ib.adnxs.com/
Redirect Chain
  • https://d.adroll.com/cm/x/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3D...
  • https://ib.adnxs.com/setuid?entity=172&code=MjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.240 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 09 Oct 2020 00:58:14 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 717.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.49:80
AN-X-Request-Uuid
1aab1b37-82f2-47cf-9822-0bacb60403f0
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 09 Oct 2020 00:58:14 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 717.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.237:80
AN-X-Request-Uuid
86eb04e3-aafe-4dcb-b004-8e0cc1416088
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMjQ5MTI1Nzc1NDRkOGRiODU5NjAyMzRhMTkzZTUyYzE
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
out
d.adroll.com/cm/l/
42 B
180 B
Image
General
Full URL
https://d.adroll.com/cm/l/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&xid_ch=f&advertisable=ULSJHTPGTZGY3EPPZSKHKS
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.166.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-166-45.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 09 Oct 2020 00:58:14 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.18.0
content-length
42
vary
Cookie
content-type
image/gif
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://d.adroll.com/cm/o/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3D...
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=24912577544d8db85960234a193e52c1
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=24912577544d8db85960234a193e52c1
43 B
180 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=24912577544d8db85960234a193e52c1
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.194.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
via
1.1 google
server
OXGW/16.194.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
status
200
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Fri, 09 Oct 2020 00:58:14 GMT
via
1.1 google
server
OXGW/16.194.0
status
302
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=24912577544d8db85960234a193e52c1
alt-svc
clear
content-length
0
in
d.adroll.com/cm/g/
Redirect Chain
  • https://d.adroll.com/cm/g/out?adroll_fpc=1f7edbf0d1b686b653e94be362598712-1602205093986&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3D...
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=JJEld1RNjbhZYCNKGT5SwQ
  • https://d.adroll.com/cm/g/in
42 B
536 B
Image
General
Full URL
https://d.adroll.com/cm/g/in
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.166.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-166-45.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
server
nginx/1.18.0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42
x-result
g.-1.-1.-1

Redirect headers

pragma
no-cache
date
Fri, 09 Oct 2020 00:58:14 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://d.adroll.com/cm/g/in
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
225
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/
44 B
146 B
Image
General
Full URL
https://www.facebook.com/tr/?id=476377582537549&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&rl=&if=false&ts=1602205094097&cd[segment_eid]=XYPZFM5QENHXRH7RBBI5PW&sw=1600&sh=1200&v=2.9.27&r=stable&ec=0&o=29&fbp=fb.1.1602205093930.226221922&it=1602205093187&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:14 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 09 Oct 2020 00:58:14 GMT
/
www.facebook.com/tr/
0
48 B
Other
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryuID8yzqBRdNiP5bk

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Fri, 09 Oct 2020 00:58:14 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
nr-1184.min.js
js-agent.newrelic.com/
27 KB
10 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-1184.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:14 GMT
content-encoding
gzip
x-amz-request-id
56EA6FC207045B4A
x-cache
HIT
status
200
content-length
10624
x-amz-id-2
uuJq8l4/GQY+JgvDjzOrYyBmMFeI+giKQUxO070uUoDDC3xFCWuCaTfbc4ynBcc3qgltYSdwh7A=
x-served-by
cache-fra19156-FRA
last-modified
Mon, 28 Sep 2020 16:34:45 GMT
server
AmazonS3
x-timer
S1602205095.614272,VS0,VE0
etag
"3d7f312be60d08a2568e311e4762f3af"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
702
zscaler-cookie-icon-close.png
www.zscaler.com/themes/custom/zscaler/images/icons/one-trust/
236 B
492 B
Image
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/images/icons/one-trust/zscaler-cookie-icon-close.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d94534aa8cc0c365f7a30e88ec2c02207767496c6f6461244e653b4efbe621b8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:14 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1017970
cf-polished
status=not_needed
x-cache
HIT
status
200
cf-bgj
imgq:100,h2pri
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
236
cf-request-id
05ac76aad40000c2db3db2b200000001
x-request-id
v-f559e706-effa-11ea-9f7a-c39c2d4ff120
last-modified
Sat, 25 Jul 2020 17:39:53 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/png
expires
Fri, 30 Oct 2020 00:58:14 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426f15d35c2db-FRA
x-cache-hits
18
zscaler-cookie-icon-asterik.png
www.zscaler.com/themes/custom/zscaler/images/icons/one-trust/
337 B
577 B
Image
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/images/icons/one-trust/zscaler-cookie-icon-asterik.png
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d53e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50886a52a5df5dc5e0ac727bc7e969b3fe9ccf6b3bb23270c51c23cebbdd6329
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_CFJMwp1vnQfPpnP07dpQByfy_NWJtgxmR3w0WAHTJ1Q.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 00:58:14 GMT
via
varnish
x-content-type-options
nosniff
cf-cache-status
HIT
age
1017970
cf-polished
status=not_needed
x-cache
HIT
status
200
cf-bgj
imgq:100,h2pri
x-ah-environment
prod
vary
Host, Accept-Encoding
content-length
337
cf-request-id
05ac76aad50000c2db3db2c200000001
x-request-id
v-ca661336-fdeb-11ea-8a61-434c88055b53
last-modified
Sat, 25 Jul 2020 17:40:50 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/png
expires
Fri, 30 Oct 2020 00:58:14 GMT
cache-control
public, max-age=1814400
content-security-policy
frame-ancestors 'self';
accept-ranges
bytes
cf-ray
5df426f15d37c2db-FRA
x-cache-hits
153
2148692b96
bam.nr-data.net/1/
57 B
275 B
Script
General
Full URL
https://bam.nr-data.net/1/2148692b96?a=546882274&v=1184.ab39b52&to=Ml1VMkNXDEBTWxZaWAsXdgVFXw1dHXwQRkcEVGsIXlIHb3FXDEdFClRbA0NqLFxWXTRaUhJ7WAhFRA1fXl0QHgkTUVIR&rst=5365&ck=1&ref=https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play&ap=513&be=2135&fe=5322&dc=2918&perf=%7B%22timing%22:%7B%22of%22:1602205089280,%22n%22:0,%22f%22:1245,%22dn%22:1245,%22dne%22:1245,%22c%22:1245,%22ce%22:1245,%22rq%22:1246,%22rp%22:2118,%22rpe%22:2124,%22dl%22:2121,%22di%22:2917,%22ds%22:2919,%22de%22:3461,%22dc%22:5322,%22l%22:5322,%22le%22:5354%7D,%22navigation%22:%7B%7D%7D&fp=3488&fcp=3488&at=HhpWRAtNH04%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.20 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-8.nr-data.net
Software
/
Resource Hash
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
57
Content-Type
text/javascript;charset=ISO-8859-1
12f54809-dc62-4835-9fac-be1ae7eb5d39
https://www.zscaler.com/
3 KB
0
Script
General
Full URL
blob:https://www.zscaler.com/12f54809-dc62-4835-9fac-be1ae7eb5d39
Requested by
Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
759dbf3b59afeb8e0928ba4f9207bdc423e3edaa5f63cd6343e9ee29de2c794f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
2987
Content-Type
text/html
/
tracking.reactful.com/tracking/494419/
6 B
116 B
XHR
General
Full URL
https://tracking.reactful.com/tracking/494419/
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4010:c05::79 Lappeenranta, Finland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56

Request headers

Accept
*/*
Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 09 Oct 2020 00:58:15 GMT
content-encoding
gzip
server
Google Frontend
status
200
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
a6ace905aac838b5dc1be950ee2188d6
cache-control
no-cache
content-length
26
2148692b96
bam.nr-data.net/events/1/
24 B
182 B
XHR
General
Full URL
https://bam.nr-data.net/events/1/2148692b96?a=546882274&v=1184.ab39b52&to=Ml1VMkNXDEBTWxZaWAsXdgVFXw1dHXwQRkcEVGsIXlIHb3FXDEdFClRbA0NqLFxWXTRaUhJ7WAhFRA1fXl0QHgkTUVIR&rst=15366&ck=1&ref=https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.20 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-8.nr-data.net
Software
/
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://www.zscaler.com/blogs/research/joker-playing-hide-and-seek-google-play?siteid=RIQSITE
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.zscaler.com
Access-Control-Allow-Credentials
true
Content-Length
24
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| NREUM object| newrelic function| __nr_require number| sf14gv function| OptanonWrapper undefined| mystripe function| $ function| jQuery object| drupalSettings object| Drupal function| Popper object| APP object| UTIL object| bootstrap object| FormValidation function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry function| Sifter object| MicroPlugin function| Selectize object| IPv6 object| punycode object| SecondLevelDomains function| URI function| URITemplate function| imagesLoaded object| dataLayer object| OneTrust string| containerName string| languageSwitcherFileName string| useDocumentLanguage string| languageSwitcherFilePathPart string| languageSwitcherURL function| getLanguageSwitcherScriptPath function| isLanguageSwitcherFile string| languageKey object| single_optin_parent object| single_optin_checkbox function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin undefined| a undefined| c function| jsonFeed object| Optanon string| OnetrustActiveGroups string| OptanonActiveGroups object| google_tag_manager string| llfp object| google_tag_data string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| _linkedin_data_partner_id function| onYouTubeIframeAPIReady function| fbq function| _fbq function| processEpsilonData object| _6si object| techtargetic object| _rctfl string| GoogleAnalyticsObject function| ga object| MunchkinTracker object| gaplugins object| gaGlobal object| gaData function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| YT object| YTConfig function| onYTReady string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks undefined| adroll_tpc_callback boolean| _storagePopulated object| true object| Bizible object| BizTrackingA object| BizA object| _vis_opt_queue object| LC_API undefined| _ function| lintrk boolean| _already_called_lintrk object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportGELQueue_ object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingGelSequenceIdObj_ boolean| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country number| adroll_xavier_called number| __adroll_xid_ch object| adroll_currency object| adroll_conversion_value object| adroll_conversion_value_in_dollars object| adroll_exp_list boolean| adroll_sendrolling_hashed_only object| _rctfl_track

20 Cookies

Domain/Path Name / Value
.www.zscaler.com/ Name: __adroll_fpc
Value: 1f7edbf0d1b686b653e94be362598712-1602205093986
www.zscaler.com/ Name: _gd_session
Value: 02481c0c-e9e1-49cd-8e3b-b6106eeafd41
.zscaler.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
www.zscaler.com/ Name: _gd_visitor
Value: 517adc29-c17c-4494-8563-8f99244a5b8e
www.zscaler.com/ Name: _an_uid
Value: 0
www.zscaler.com/ Name: _gd_svisitor
Value: 9fb51002d5300000a5b57f5f660000001d9d0200
.zscaler.com/ Name: _fbp
Value: fb.1.1602205093930.226221922
.zscaler.com/ Name: _biz_pendingA
Value: %5B%5D
.zscaler.com/ Name: _biz_nA
Value: 2
.zscaler.com/ Name: _biz_uid
Value: 2b7cd93bae0241c1b6e44f8ff6ca4392
.zscaler.com/ Name: _dc_gtm_UA-6177009-1
Value: 1
.www.zscaler.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Fri+Oct+09+2020+02%3A58%3A14+GMT%2B0200+(Central+European+Summer+Time)&version=6.3.0&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fresearch%2Fjoker-playing-hide-and-seek-google-play%3Fsiteid%3DRIQSITE&groups=101%3A1%2C1%3A1%2C0_138025%3A1%2C122%3A1%2C2%3A1%2C0_137957%3A1%2C116%3A1%2C0_138118%3A1%2C119%3A1%2C3%3A1%2C0_138119%3A1%2C4%3A1%2C121%3A1%2C0_138125%3A1%2C0_138122%3A1%2C0_192188%3A1%2C0_192175%3A1%2C0_192171%3A1%2C0_138160%3A1%2C0_138127%3A1%2C0_138123%3A1%2C0_192189%3A1%2C0_192172%3A1%2C0_138128%3A1%2C0_192190%3A1%2C0_138129%3A1%2C0_192170%3A1%2C102%3A1%2C103%3A1%2C104%3A1%2C105%3A1%2C106%3A1%2C107%3A1%2C108%3A1%2C109%3A1%2C110%3A1%2C111%3A1%2C112%3A1%2C113%3A1%2C114%3A1%2C115%3A1%2C117%3A1%2C118%3A1%2C120%3A1%2C123%3A1%2C124%3A1%2C125%3A1%2C126%3A1%2C127%3A1%2C128%3A1%2C129%3A1%2C130%3A1
.www.zscaler.com/ Name: __ar_v4
Value: %7CULSJHTPGTZGY3EPPZSKHKS%3A20201008%3A1%7C22OEOVE2YNFA3EKSRERISY%3A20201008%3A1%7CXYPZFM5QENHXRH7RBBI5PW%3A20201008%3A1
.zscaler.com/ Name: _ga
Value: GA1.2.1674576684.1602205094
.zscaler.com/ Name: _biz_sid
Value: 278b65
.www.zscaler.com/ Name: __cfduid
Value: dbb5363f9e7a7f036080531c773cb38681602205092
.zscaler.com/ Name: _gid
Value: GA1.2.369755703.1602205094
.www.zscaler.com/ Name: _rtfl_s_handshake_guid
Value: 6571dab2-feda-4980-a01f-9220a8e2e5e9
.zscaler.com/ Name: _mkto_trk
Value: id:306-ZEJ-256&token:_mch-zscaler.com-1602205093036-31363
.zscaler.com/ Name: _gcl_au
Value: 1.1.1015886356.1602205093

3 Console Messages

Source Level URL
Text
console-api log (Line 1)
Message:
in callback
console-api log (Line 1)
Message:
[object Object]
console-api log (Line 2)
Message:
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

306-zej-256.mktoresp.com
ads.yahoo.com
apt.techtarget.com
b.6sc.co
bam.nr-data.net
c.6sc.co
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
dsum-sec.casalemedia.com
eb2.3lift.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
j.6sc.co
js-agent.newrelic.com
lh3.googleusercontent.com
lh4.googleusercontent.com
lh5.googleusercontent.com
lh6.googleusercontent.com
links.readitquik.us
munchkin.marketo.net
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
s.adroll.com
s.ytimg.com
secure.adnxs.com
simage2.pubmatic.com
snap.licdn.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.sf14g.com
tracking.leadlander.com
tracking.reactful.com
trk.techtarget.com
us-u.openx.net
visitor.reactful.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.youtube.com
www.zscaler.com
x.bidswitch.net
104.109.70.122
104.109.95.62
141.226.228.48
151.101.14.110
162.247.242.20
163.171.132.119
172.217.23.162
18.142.0.45
18.197.47.23
185.33.220.240
185.64.190.80
192.28.144.124
2.18.233.40
2.18.234.21
206.19.49.24
2606:4700::6810:9440
2606:4700::6813:d53e
2620:1ec:21::14
2a00:1288:f03d:1fa::2000
2a00:1450:4001:800::200a
2a00:1450:4001:806::2003
2a00:1450:4001:815::2003
2a00:1450:4001:816::2008
2a00:1450:4001:81a::2001
2a00:1450:4001:81d::2004
2a00:1450:4001:81e::200e
2a00:1450:4001:81f::200e
2a00:1450:4001:821::2002
2a00:1450:4001:825::200e
2a00:1450:400c:c00::9c
2a00:1450:4010:c05::79
2a02:26f0:6c00:28c::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
34.98.64.218
35.158.206.167
52.29.125.201
52.44.242.176
52.59.128.17
54.228.166.45
68.232.35.12
69.173.144.139
70.42.32.127
93.184.220.42
0335a8b504a92288b8b0efa835f4315e3800b93465c6eaae3acb130291371eee
05301854d614340b7c1954bf2f43ea5c7306f464865570b1881bc5f2be9fd737
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
08524cc29d6f9d07cfa673f4edda500727f2fcd589b60c66477c345801d32754
0c413c90e7f2759537f148b44bc0af402ddc9fccbdf914a15bbb64f3975802a5
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d20889fa156bff90f2f3062e033502bbf035dc80ef214a872cfa114803a246e
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0f7f29f1c4a97b61b20266abe779b44c449256e968276759ba26ae936b33b682
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1480e4b9e9939f4e92277111828dc99c63660c80d057c06ac4c6eee9792a131b
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
23e927f07fd97e29a3c11f33bc01a8b4240022601a38f3477953371559e48220
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
270ed0289706cc8027fa60ec5c84b34586d0414beecf4dcec5ae57f733e2c26a
2a11b91e727afb0246f5e0b36ae217194395b7ae1af62dc1477971aa3623954d
2b54788dd0f1140ff76962ca20b5748907079d67f85f140f2d517848eb3e0208
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e68f0843479b96daee91d53be04bb6b3f1633edb5bcb6ec72e4dc3b41feb389
2f159f03ec722521d0aef34f26bfac6075656f6224d5fcb2142a94a10d533618
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
342dcf68c55ca02d35bddcb800e66b359245939e9b0b324b84564ad46ea2ab2a
345eb6f4a8809a0dfc580319437f5fa457f8d191d674cceb54f8c84131c7171b
3e630c1952503eb5a33e15aad315e03ae9d699c1c03ec1027c234933b37c9671
3e871d3409eafbb7cda1fbd639f2cccb8ea1d2dda702417638b23691e0f27a58
414e035dabd7149bd9dc8bf2a064bf379c91b6532e512a014d415da203f15937
418536118c08ae693b45715835c8ea0ffcab2b6298f2c05d63b6238a5342a5d2
423f10554d1e324ef22127d5667c16184bb7ee01f4b221fb673c4c59ec533c7e
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc
46c7beac35c555eb521ac843574a9d23990a3cb66ea66f4790ae79c6ec1b59b4
4aace271d6e0f5da8a6f0df0702d2bd15ba171d1334db8cc80aa5b334bfed54b
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c77b84665a1e6bfb24ec928a1ed9045818099f6a6f2e26e2bb22a560067183f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
502a2173b53302f128e94d3f02b5a42165aff2acf093d7fd13f4f2aea2a4f7f6
50886a52a5df5dc5e0ac727bc7e969b3fe9ccf6b3bb23270c51c23cebbdd6329
52bd19c1c2ab5965413e6562261cac555306222bc5c77f8592d214fd6511c2d8
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a784861beee911457f2ac22fc73ba998738bb73149a6da6b8e74dca4a028fc
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57140e2d39089d723259e3e86568864036fac49f93021d1def07076ccec81bda
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d23676da3d5b10007f7f675da723f274604cd88397dc25c4721519973994a71
5d5c9f4ffa50de634b8f15b1c508146edffc34adca1ae8fba7a9b2a1ba2ae996
6005f9409d43a7d1f0f3cdc7250c4db02a10ab67b046c0423271eaf88122f03a
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
61d5d919f269ec75970f502e55f039d54e973f9cad8acb36822f826ca7a69848
6354079bb92318035f5bb581be7fc96ac798a61b98eae143365e1e6c56ab2aa3
654891f06e1879d48f67e6430294b88f9d35c6d2e49d8bc8fac3fc0e1e985d16
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6b5b2b1c674aa9a78594a0b399f98dfd4bd29ee2207e11edb28482850077d090
6d73c46f2a728f1e21f9c7d123379c125d8d3213ef485de951de1b763f5d8754
759dbf3b59afeb8e0928ba4f9207bdc423e3edaa5f63cd6343e9ee29de2c794f
779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37
77b15ae3a803d11f183fb5935927d8035da1f2403055659689e2b0701b431484
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
79e40ce5098ca3d5d3ed476b2b4e156829bdec21fb8c07bab967f6525f5c5677
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
840353e97eda0d0721411f79be9b32cf832898137e52e3de834e4a1ccc0f62c8
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8cbbd6827af738145cca58e174d2fb5cdb2c0ecbd2a7d4fa83010b4afd265ca9
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9889de61b49684c87111bcc4c726a73c3e6d799ca8eefa7f3dc109d533e92470
990dc3a0b9d056b7002553baf193a4f8c7bbae191a585904e467ccbc9108368b
9947be7b09f33f9cf29e80cd2d0e562639da61329b71ff5bea23c30c5938f3e4
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
9a41b8a05a3c213bc407c9bb5af7211babc1660bbabda4aef118b032f1209aee
9a4214766ab3f2d916fdf88e8a68f17ab8101058364455e6ef9b7c1ebd2e4941
9d483fe2ef7236169714811b53965f334d2db65e1831f63b73a97539c1e8d441
9dc6a571eb2c6ef91003bd4dd0ed914d0bbe394d4347bb503e0d3b1b9295a6db
9e0a6a6d487bd8701885621f82f5a84dfaf70435c83a2e34cd39ee7e75d0810a
a25a7319ee17dcc08828c9993df0a77ef30f3a314d6b6f7e609f25fb16d79c35
a3399f8ac46185c73a35b367abb87833931d1f77196b138ccb145dae72ed46b1
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
a99a335ce1405af2cfa898bc47e241045a7a4a23a72eabf30ee1ffe62181f3e2
ab5f2f14dcf7bd5b3dbbe96db9699360945730f5a0ff1741545d1522a0a8a525
ac5d6d8084a9af03181aacc1b45467b313b655650df763a752f0098808c2d685
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1e93f71939eeb43c6a154f93fa2d50616d154fa6fe70287aaba4856054141ac
b282e23d78a0b867403d49f234725097e62aa10cd1c853fc73f36137588352e2
b2b2c0170e98b0712b955cbf8bbc14326be6bac0376b319edc1b1935d4983fc4
b6b71d4d2aefb38ad25d37323487aa482049e9cfde39678c4212829ed205858c
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc14b8a5bdb868d718c59e30703d928b218050d4c2a891d8d85ece159e523b23
bd758009f99406c94c2fefc42675c0bf5e64144601407f63fe9ce225e8f4688a
c155e37896f034062f0d1dc0ab679e8e5deb72e0bfd620b185111b8cc63a993f
c21c8ea908c2f8d7239b1aeec3fe10a2553b28da6c7dddbfd473825765121cd2
c63b703ebd374c28f06a16fcdd1ef3dfc3da1cdb295b06d3f7bca3047810bc2f
c7d2ba4ac3f7bfe366dc86faed3e20d7ee841f150849b75347b1f0dd31beeaa0
cc3e6c0561bbb2df775e499687dbd98ddb12a44f5bddc7d91126b69bae71b622
cde2180b4fd4eddc41183f0f99750dac770436929ba8b811ea8ac9d31e5aa450
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cee0f42bacb66c692d133237b126c52c7f4edc916d591bab14851735e16b20ca
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56
d05ff81c8b5cac3c72323becb5a6266e1176760f46a708d849306b1b0821b8ad
d0c8a0df6afdbc1059568916219c605f47de362f47a5a3dbd952f79406275034
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
d6ca296495227fb98735cef3f6df6551a1450b4d91a59e18e4951a59eebabb77
d859a4dd217c69f291adef445e1c3a938ef7d850af3ba0f79f8ae081cda89e12
d94534aa8cc0c365f7a30e88ec2c02207767496c6f6461244e653b4efbe621b8
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e0eb6b953c760b767843a8742ae636bd9372459c66e586b5c29667dc65a0833f
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea9e081c68b45e758159cf783e3c9d8bc711eb63880802ed5067de90bbaf63cc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f3c76e2b6dd991d89123b14eaf5604a62e41bfc722cecbe7bc7cb0ae5114870c
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
fa793d29251ea169a565209f1b8e7f9f415939b9430ae4256a10a4f384932cd2
fdde3016f0fc51a46ce7cf095d624618f57ec46bfe4100631d2d416ddbe132ad
ffb294518fb4a19a52210d6d52759246962aec7b470e2120769e981235386f39