Submitted URL: http://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Effective URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Submission: On September 01 via api from DE — Scanned from DE

Summary

This website contacted 42 IPs in 6 countries across 31 domains to perform 118 HTTP transactions. The main IP is 2606:4700::6812:1c4a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zscaler.com. The Cisco Umbrella rank of the primary domain is 62651.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 7th 2023. Valid for: a year.
This is the only time www.zscaler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
24 2606:4700::68... 13335 (CLOUDFLAR...)
8 2606:4700::68... 13335 (CLOUDFLAR...)
7 104.17.73.206 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 151.101.2.137 54113 (FASTLY)
9 95.101.111.184 20940 (AKAMAI-ASN1)
2 6 2600:9000:225... 16509 (AMAZON-02)
2 2a02:26f0:310... 20940 (AKAMAI-ASN1)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 152.195.15.58 15133 (EDGECAST)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 52.7.151.245 14618 (AMAZON-AES)
1 2600:9000:20e... 16509 (AMAZON-02)
1 35.244.142.80 15169 (GOOGLE)
1 108.138.15.119 16509 (AMAZON-02)
1 34.200.53.159 14618 (AMAZON-AES)
2 104.64.124.188 16625 (AKAMAI-AS)
1 162.247.241.14 23467 (NEWRELIC-...)
2 34.111.208.231 396982 (GOOGLE-CL...)
2 2600:9000:20e... 16509 (AMAZON-02)
4 5 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 2001:4860:480... 15169 (GOOGLE)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 2a05:d018:cc3... 16509 (AMAZON-02)
1 192.28.144.124 15224 (OMNITURE)
1 44.232.97.199 16509 (AMAZON-02)
4 13.224.189.129 16509 (AMAZON-02)
1 37.252.171.53 29990 (ASN-APPNEX)
1 2a02:26f0:310... 20940 (AKAMAI-ASN1)
2 35.158.23.65 16509 (AMAZON-02)
1 35.81.173.170 16509 (AMAZON-02)
1 34.212.4.35 ()
118 42
Apex Domain
Subdomains
Transfer
32 zscaler.com
www.zscaler.com — Cisco Umbrella Rank: 62651
info.zscaler.com — Cisco Umbrella Rank: 603523
2 MB
10 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5691
c.6sc.co — Cisco Umbrella Rank: 8562
ipv6.6sc.co — Cisco Umbrella Rank: 5947
b.6sc.co — Cisco Umbrella Rank: 3992
22 KB
8 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 357
129 KB
7 adroll.com
s.adroll.com — Cisco Umbrella Rank: 2803
d.adroll.com — Cisco Umbrella Rank: 1311
28 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 365
www.linkedin.com — Cisco Umbrella Rank: 625
px4.ads.linkedin.com — Cisco Umbrella Rank: 6371
5 KB
6 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3238
www.google.com — Cisco Umbrella Rank: 2
1 KB
5 google.de
www.google.de — Cisco Umbrella Rank: 6457
885 B
5 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
stats.g.doubleclick.net — Cisco Umbrella Rank: 87
5 KB
4 fullcircleinsights.com
st.fullcircleinsights.com — Cisco Umbrella Rank: 101876
4 KB
3 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 881
gw.linkedin.oribi.io — Cisco Umbrella Rank: 13956
25 KB
3 mountain.com
dx.mountain.com — Cisco Umbrella Rank: 5530
px.mountain.com — Cisco Umbrella Rank: 5673
gs.mountain.com
8 KB
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 13737
ibc-flow.techtarget.com — Cisco Umbrella Rank: 16112
2 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 47
293 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 9384
573 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 109
234 B
2 cloudfunctions.net
us-central1-adaptive-growth.cloudfunctions.net — Cisco Umbrella Rank: 2861
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3330
7 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 169
91 KB
2 bing.com
bat.bing.com — Cisco Umbrella Rank: 374
13 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 760
6 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
21 KB
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 450
575 B
1 mktoresp.com
306-zej-256.mktoresp.com — Cisco Umbrella Rank: 774340
318 B
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 227
464 B
1 sf14g.com
t.sf14g.com — Cisco Umbrella Rank: 99842
1 adsrvr.org
js.adsrvr.org — Cisco Umbrella Rank: 1489
insight.adsrvr.org Failed
3 KB
1 pdst.fm
cdn.pdst.fm — Cisco Umbrella Rank: 2782
6 KB
1 cloudfront.net
d2i34c80a0ftze.cloudfront.net
11 KB
1 bizible.com
cdn.bizible.com — Cisco Umbrella Rank: 6623
25 KB
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 386
15 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 600
310 B
118 31
Domain Requested by
25 www.zscaler.com 1 redirects www.zscaler.com
8 cdn.cookielaw.org www.zscaler.com
cdn.cookielaw.org
7 info.zscaler.com www.zscaler.com
info.zscaler.com
6 b.6sc.co
6 s.adroll.com 2 redirects www.googletagmanager.com
s.adroll.com
5 www.google.de www.zscaler.com
4 st.fullcircleinsights.com cdn.bizible.com
4 px.ads.linkedin.com 3 redirects cdn.linkedin.oribi.io
4 www.google.com www.zscaler.com
3 googleads.g.doubleclick.net www.googletagmanager.com
3 www.googletagmanager.com www.zscaler.com
www.googletagmanager.com
2 epsilon.6sense.com cdn.bizible.com
2 www.facebook.com
2 us-central1-adaptive-growth.cloudfunctions.net cdn.pdst.fm
2 cdn.linkedin.oribi.io snap.licdn.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 munchkin.marketo.net www.zscaler.com
munchkin.marketo.net
2 connect.facebook.net www.zscaler.com
connect.facebook.net
2 bat.bing.com www.googletagmanager.com
bat.bing.com
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 j.6sc.co www.googletagmanager.com
j.6sc.co
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 region1.analytics.google.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 gs.mountain.com www.zscaler.com
1 px.mountain.com dx.mountain.com
www.zscaler.com
1 ipv6.6sc.co cdn.bizible.com
1 c.6sc.co cdn.bizible.com
1 secure.adnxs.com cdn.bizible.com
1 gw.linkedin.oribi.io cdn.linkedin.oribi.io
1 306-zej-256.mktoresp.com munchkin.marketo.net
1 d.adroll.com s.adroll.com
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 bam.nr-data.net js-agent.newrelic.com
1 t.sf14g.com www.zscaler.com
1 js.adsrvr.org www.googletagmanager.com
1 cdn.pdst.fm www.zscaler.com
1 d2i34c80a0ftze.cloudfront.net www.googletagmanager.com
1 dx.mountain.com www.zscaler.com
1 trk.techtarget.com www.zscaler.com
1 cdn.bizible.com www.googletagmanager.com
1 js-agent.newrelic.com www.zscaler.com
1 geolocation.onetrust.com cdn.cookielaw.org
0 insight.adsrvr.org Failed js.adsrvr.org
118 45
Subject Issuer Validity Valid
www.zscaler.com
DigiCert SHA2 Extended Validation Server CA
2023-02-07 -
2024-03-09
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2023-04-01 -
2024-03-31
a year crt.sh
info.zscaler.com
Cloudflare Inc ECC CA-3
2022-11-08 -
2023-11-07
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2022-12-13 -
2023-12-13
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
www.google.de
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
www.google.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2
2023-04-13 -
2024-05-14
a year crt.sh
6sc.co
R3
2023-08-19 -
2023-11-17
3 months crt.sh
s.adroll.com
Amazon RSA 2048 M01
2023-06-03 -
2024-07-01
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-02-01 -
2024-01-31
a year crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 05
2023-07-26 -
2024-01-22
6 months crt.sh
io.bizible.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-06-01 -
2024-07-01
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-06-10 -
2023-09-08
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-06-25 -
2024-06-24
a year crt.sh
*.mountain.com
Go Daddy Secure Certificate Authority - G2
2023-06-12 -
2024-06-23
a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2022-12-08 -
2023-12-07
a year crt.sh
cdn.pdst.fm
GTS CA 1D4
2023-07-25 -
2023-10-23
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh
t.sf14g.com
Amazon RSA 2048 M01
2023-07-10 -
2024-08-07
a year crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2023-02-06 -
2024-02-05
a year crt.sh
*.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1
2022-11-18 -
2023-12-19
a year crt.sh
ibc-flow.techtarget.com
GTS CA 1D4
2023-07-26 -
2023-10-24
3 months crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01
2023-06-08 -
2024-07-07
a year crt.sh
misc.google.com
GTS CA 1C3
2023-07-31 -
2023-10-23
3 months crt.sh
d.adroll.com
Amazon RSA 2048 M01
2022-11-08 -
2023-12-07
a year crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1
2022-10-05 -
2023-11-05
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2023-06-02 -
2023-12-02
6 months crt.sh
aws-st.fullcircleinsights.com
Amazon RSA 2048 M01
2023-05-30 -
2024-06-26
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2023-02-13 -
2024-03-15
a year crt.sh
*.6sense.com
Amazon RSA 2048 M01
2023-05-01 -
2024-05-29
a year crt.sh

This page contains 4 frames:

Primary Page: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Frame ID: 5533A78B24118169A1A7EE56EAAD9603
Requests: 111 HTTP requests in this frame

Frame: https://info.zscaler.com/index.php/form/XDFrame
Frame ID: FD071F01F161B0073783590163577FA0
Requests: 2 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&upid=27hmsyx&upv=1.1.0
Frame ID: 3F7D6DA260A7A866E807AB69DA0C18F8
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 73284811B306D54706A6B3B82596CA52
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

JanelaRAT | ThreatLabz Zscaler Blog

Page URL History Show full URLs

  1. http://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-... HTTP 301
    https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:a|s)\.adroll\.com

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

118
Requests

94 %
HTTPS

55 %
IPv6

31
Domains

45
Subdomains

42
IPs

6
Countries

3017 kB
Transfer

7148 kB
Size

36
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech HTTP 301
    https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 73
  • https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 74
  • https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js HTTP 302
  • https://s.adroll.com/j/pre/index.js
Request Chain 82
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1693556254069%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cookiesTest=true&liSync=true&e_ipv6=AQKz8UoEZXpi4QAAAYpP0agQRKcXyRFl4n7nk9aWivZU-aiqfqZXLzQQOj_m4M8bfAnNJ9mf

118 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
www.zscaler.com/blogs/security-research/
Redirect Chain
  • http://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
  • https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
2 MB
1 MB
Document
General
Full URL
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4d63d81d4084fb516f0b833b9d1ddec8869a92b26812f752ff431d9d7f29746
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.zscaler.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.zscaler.com *.google.com *.google-analytics.com analytics.google.com *.analytics.google.com www.googletagmanager.com cdn.cookielaw.org *.cloudfront.net *.newrelic.com fast.wistia.com fast.wistia.net www.youtube.com bugcrowd.com *.bugcrowdusercontent.com bam.nr-data.net cdn.bizible.com *.mountain.com trk.techtarget.com connect.facebook.net js.driftt.com visitor.reactful.com j.6sc.co snap.licdn.com *.crazyegg.com *.adroll.com bat.bing.com *.doubleclick.net *.clarity.ms *.cloudflare.com *.googleadservices.com *.marketo.net www.gartner.com *.ads-twitter.com *.google.co.in d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net cdn.pdst.fm t.sf14g.com cdn.jsdelivr.net unpkg.com assets.adobedtm.com acsbapp.com *.linkedin.oribi.io js.adsrvr.org https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; object-src 'self' *.zscaler.com; style-src 'self' 'unsafe-inline' *.zscaler.com www.gartner.com *.googleapis.com *.fontawesome.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com app-abm.marketo.com; img-src 'self' https: data: blob: d2iiunr5ws5ch1.cloudfront.net fast.wistia.net; media-src 'self' blob: *.zscaler.com js.driftt.com fast.wistia.com embedwistia-a.akamaihd.net embed-cloudfront.wistia.com *.wistia.com; frame-src 'self' www.youtube.com bugcrowd.com *.zscaler.com js.driftt.com www.facebook.com *.doubleclick.net *.cloudfront.net www.gartner.com zscaler-support.force.com accounts.skilljar.com zscalerext.okta.com insight.adsrvr.org match.adsrvr.org https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com; child-src 'self' blob: *.zscaler.com *.doubleclick.net; font-src 'self' data: www.gartner.com *.gstatic.com *.fontawesome.com fast.wistia.com fast.wistia.net; connect-src 'self' blob: *.zscaler.com www.googletagmanager.com *.google-analytics.com cdn.cookielaw.org analytics.google.com *.analytics.google.com stats.g.doubleclick.net optanon.blob.core.windows.net geolocation.onetrust.com *.wistia.com st.fullcircleinsights.com bam.nr-data.net *.litix.io embedwistia-a.akamaihd.net *.reactful.com www.facebook.com secure.adnxs.com *.6sc.co *.6sense.com *.crazyegg.com *.clarity.ms *.mktoresp.com *.cloudfunctions.net www.facebook.com cookies-data.onetrust.io api.zippopotam.us bat.bing.com cdn.linkedin.oribi.io cdn.acsbapp.com ibc-flow.techtarget.com google.com adservice.google.com *.linkedin.oribi.io *.hushly.com https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 fast.wistia.net
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM testmydefenses.com
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
82
cache-control
public,max-age=300
cf-cache-status
DYNAMIC
cf-ray
7ffc13d03c11725e-HAM
content-encoding
br
content-language
en
content-security-policy
default-src 'self' *.zscaler.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.zscaler.com *.google.com *.google-analytics.com analytics.google.com *.analytics.google.com www.googletagmanager.com cdn.cookielaw.org *.cloudfront.net *.newrelic.com fast.wistia.com fast.wistia.net www.youtube.com bugcrowd.com *.bugcrowdusercontent.com bam.nr-data.net cdn.bizible.com *.mountain.com trk.techtarget.com connect.facebook.net js.driftt.com visitor.reactful.com j.6sc.co snap.licdn.com *.crazyegg.com *.adroll.com bat.bing.com *.doubleclick.net *.clarity.ms *.cloudflare.com *.googleadservices.com *.marketo.net www.gartner.com *.ads-twitter.com *.google.co.in d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net cdn.pdst.fm t.sf14g.com cdn.jsdelivr.net unpkg.com assets.adobedtm.com acsbapp.com *.linkedin.oribi.io js.adsrvr.org https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; object-src 'self' *.zscaler.com; style-src 'self' 'unsafe-inline' *.zscaler.com www.gartner.com *.googleapis.com *.fontawesome.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com app-abm.marketo.com; img-src 'self' https: data: blob: d2iiunr5ws5ch1.cloudfront.net fast.wistia.net; media-src 'self' blob: *.zscaler.com js.driftt.com fast.wistia.com embedwistia-a.akamaihd.net embed-cloudfront.wistia.com *.wistia.com; frame-src 'self' www.youtube.com bugcrowd.com *.zscaler.com js.driftt.com www.facebook.com *.doubleclick.net *.cloudfront.net www.gartner.com zscaler-support.force.com accounts.skilljar.com zscalerext.okta.com insight.adsrvr.org match.adsrvr.org https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com; child-src 'self' blob: *.zscaler.com *.doubleclick.net; font-src 'self' data: www.gartner.com *.gstatic.com *.fontawesome.com fast.wistia.com fast.wistia.net; connect-src 'self' blob: *.zscaler.com www.googletagmanager.com *.google-analytics.com cdn.cookielaw.org analytics.google.com *.analytics.google.com stats.g.doubleclick.net optanon.blob.core.windows.net geolocation.onetrust.com *.wistia.com st.fullcircleinsights.com bam.nr-data.net *.litix.io embedwistia-a.akamaihd.net *.reactful.com www.facebook.com secure.adnxs.com *.6sc.co *.6sense.com *.crazyegg.com *.clarity.ms *.mktoresp.com *.cloudfunctions.net www.facebook.com cookies-data.onetrust.io api.zippopotam.us bat.bing.com cdn.linkedin.oribi.io cdn.acsbapp.com ibc-flow.techtarget.com google.com adservice.google.com *.linkedin.oribi.io *.hushly.com https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 fast.wistia.net
content-type
text/html; charset=UTF-8
date
Fri, 01 Sep 2023 08:17:32 GMT
expires
Fri, 01 Sep 2023 08:21:17 GMT
last-modified
Fri, 01 Sep 2023 08:15:35 GMT
server
cloudflare
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
x-ah-environment
prod
x-cache
MISS
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM testmydefenses.com
x-geo-country
MM
x-middleware-next
1
x-nf-request-id
01H97X37JD6JQGZ89TDPMPJMDX
x-request-id
v-ba142548-489f-11ee-8aee-277645ca4b80
x-ua-compatible
IE=edge
x-xss-protection
1

Redirect headers

CF-RAY
7ffc13cf8cc74168-HAM
Cache-Control
max-age=3600
Connection
keep-alive
Date
Fri, 01 Sep 2023 08:17:32 GMT
Expires
Fri, 01 Sep 2023 09:17:32 GMT
Location
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
OtAutoBlock.js
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/
45 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/OtAutoBlock.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef401955627aaaedffd337dc3a7c4f9ad56f5dcd31f13833772760cda1aaa437
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 01 Sep 2023 08:17:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
4001
content-md5
1BoBNuQl7UMMaO7E490CGQ==
content-length
6406
x-ms-lease-status
unlocked
last-modified
Tue, 27 Dec 2022 13:11:15 GMT
server
cloudflare
etag
0x8DAE80BD5AAEF51
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
78b21313-c01e-00c3-79e1-5a51a5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7ffc13d14bb74534-TXL
expires
Sat, 02 Sep 2023 08:17:32 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e181730c1a666b38b299b81ead525f7fec078ff980360b4c032e75b9802ebf0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 01 Sep 2023 08:17:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
7EncTFplbWDUpOxlbB9/Qg==
age
48493
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6836
x-ms-lease-status
unlocked
last-modified
Wed, 30 Aug 2023 18:00:09 GMT
server
cloudflare
etag
0x8DBA982F364D498
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
ba4acf24-c01e-000f-607a-db4fef000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7ffc13d14bba4534-TXL
google_tag.script.js
www.zscaler.com/sites/default/files/google_tag/zscaler_marketing/
347 B
420 B
Script
General
Full URL
https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing/google_tag.script.js?s07497
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-nf-request-id
01H97X37RYAFYRSMPXSWBH3DHH
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-geo-country
FR
age
87
x-cache
MISS
x-ah-environment
prod
x-request-id
v-63d19768-4711-11ee-93b4-b746d6b1eb87
last-modified
Wed, 30 Aug 2023 08:44:03 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=300
x-middleware-next
1
cf-ray
7ffc13d1bf1d725e-HAM
expires
Fri, 01 Sep 2023 08:21:05 GMT
css_bgXcuoCuBgmTPgyTwNfOBgg92gN4Xeqm5AoQmhNKzbI.css
www.zscaler.com/sites/default/files/css/
373 KB
32 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css_bgXcuoCuBgmTPgyTwNfOBgg92gN4Xeqm5AoQmhNKzbI.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e05dcba80ae0609933e0c93c0d7ce06083dda03785deaa6e40a109a134acdb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
2
x-nf-request-id
01H97X37NP0PJV3DS093WEH4EA
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
age
216
x-cache
HIT
x-ah-environment
prod
x-request-id
v-58ebfe9a-4880-11ee-b75f-4be8b2f02995
last-modified
Tue, 15 Aug 2023 19:56:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
cache-control
public,max-age=300
x-middleware-next
1
cf-ray
7ffc13d11e05725e-HAM
expires
Fri, 01 Sep 2023 08:20:54 GMT
css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
www.zscaler.com/sites/default/files/css/
498 KB
77 KB
Stylesheet
General
Full URL
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76d3b5bd5334a5bcff1975c0d9515aa3634a03b4769413c6301a3cd752452ef7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
2
x-nf-request-id
01H97X37PG7YB255GBAVRDKN0Q
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
age
98
x-cache
HIT
x-ah-environment
prod
x-request-id
v-c6c3db3c-46fe-11ee-933d-57417f47fc55
last-modified
Tue, 29 Aug 2023 13:16:35 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
cache-control
public,max-age=300
x-middleware-next
1
cf-ray
7ffc13d11e07725e-HAM
expires
Fri, 01 Sep 2023 08:20:54 GMT
3e894970-e3e9-4783-85e9-7c38eedbfbbf.json
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/3e894970-e3e9-4783-85e9-7c38eedbfbbf.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7cfd5dc386d092ab9afb5af683856ed88121e55e6bf1024333c3151ccc46e36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 01 Sep 2023 08:17:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
4000
content-md5
StpE19/mctRp4PJx19Cb7Q==
content-length
1739
x-ms-lease-status
unlocked
last-modified
Tue, 27 Dec 2022 13:11:16 GMT
server
cloudflare
etag
0x8DAE80BD639ADC0
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b2a92248-f01e-00cb-47e1-5a4ad6000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7ffc13d1fbdfac9e-TXL
expires
Sat, 02 Sep 2023 08:17:32 GMT
email-decode.min.js
www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
801 B
Script
General
Full URL
https://www.zscaler.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
last-modified
Fri, 25 Aug 2023 15:15:50 GMT
server
cloudflare
content-encoding
gzip
etag
W/"64e8c5a6-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
7ffc13d25851725e-HAM
expires
Sun, 03 Sep 2023 08:17:32 GMT
js_WLKoEJqcMSQu18vmQlmc827AkyFvLNknh8XcOVZUaa4.js
www.zscaler.com/sites/default/files/js/
510 KB
159 KB
Script
General
Full URL
https://www.zscaler.com/sites/default/files/js/js_WLKoEJqcMSQu18vmQlmc827AkyFvLNknh8XcOVZUaa4.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58b2a8109a9c31242ed7cbe642599cf36ec093216f2cd92787c5dc39565469ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
2
x-nf-request-id
01H97X37X21Q6WX9ZYR0NFBCXY
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
age
98
x-cache
HIT
x-ah-environment
prod
x-request-id
v-7436bd18-4829-11ee-a05f-d7eb8970c88a
last-modified
Tue, 29 Aug 2023 13:16:36 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
cache-control
public,max-age=300
x-middleware-next
1
cf-ray
7ffc13d2685f725e-HAM
expires
Fri, 01 Sep 2023 08:20:54 GMT
forms2.min.js
info.zscaler.com/js/forms2/js/
208 KB
70 KB
Script
General
Full URL
https://info.zscaler.com/js/forms2/js/forms2.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 13 Jul 2023 18:50:22 GMT
server
cloudflare
age
6835
etag
"3a089f-34099-60062cdee3780"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
7ffc13d3cb797276-HAM
expires
Fri, 01 Sep 2023 12:17:32 GMT
js_RSyG1wH8d5iarwmvfWZ4hbyq6qiUPONW63fYPWOvzuY.js
www.zscaler.com/sites/default/files/js/
813 B
698 B
Script
General
Full URL
https://www.zscaler.com/sites/default/files/js/js_RSyG1wH8d5iarwmvfWZ4hbyq6qiUPONW63fYPWOvzuY.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
452c86d701fc77989aaf09af7d667885bcaaeaa8943ce356eb77d83d63afcee6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
2
x-nf-request-id
01H97X37W9DEB8FYBNWD9937PZ
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
age
190
x-cache
HIT
x-ah-environment
prod
x-request-id
v-14f81ef2-4840-11ee-b4d6-07fcd33b70a2
last-modified
Tue, 15 Aug 2023 19:56:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
cache-control
public,max-age=300
x-middleware-next
1
cf-ray
7ffc13d26862725e-HAM
expires
Fri, 01 Sep 2023 08:19:22 GMT
search.svg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/
796 B
518 B
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/search.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd888ef4dda066839f9cb6d29aaf789463cccb55f245fd45d10983a618c77f72
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
via
varnish
cf-cache-status
HIT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cf-resized
internal=ok/d q=0 n=536+0 c=0+0 v=2023.7.3 l=796
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
cf-bgj
imgq:0,h2pri
server
cloudflare
etag
W/"cfy7moBMyALipuzaOAMY2HLyJJ1gWqs-rDoNB_ezzVDw"
vary
Accept, Accept-Encoding
warning
cf-images 299 "cache-control is too restrictive"
content-type
image/svg+xml
cache-control
public, max-age=300
cf-ray
7ffc13d26866725e-HAM
support.svg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/
409 B
594 B
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/support.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3cafb353ffa959edb33bbc7b79625416ef1e7393f7784c6debef4c2f35a65e3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
via
varnish
cf-cache-status
HIT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cf-resized
internal=ok/d q=0 n=487+0 c=0+0 v=2023.7.3 l=409
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
cf-bgj
imgq:0,h2pri
server
cloudflare
etag
W/"cfP-dZjJk4NDGZQDqR0iQMhCUa1gWqs-rDoNB_ezzVDw"
vary
Accept, Accept-Encoding
warning
cf-images 299 "cache-control is too restrictive"
content-type
image/svg+xml
cache-control
public, max-age=300
cf-ray
7ffc13d2686b725e-HAM
chevron-down.svg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/
258 B
324 B
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/header/chevron-down.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52272481e0caa74b259f2d54324a5b00e547cc8d35fea3174cc3702f9cc8d516
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
via
varnish
cf-cache-status
HIT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cf-resized
internal=ok/d q=0 n=42+0 c=0+0 v=2023.7.3 l=258
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
cf-bgj
imgq:0,h2pri
server
cloudflare
etag
W/"cffNue2_WleoWt3sgAiUKLsXFi1gWqs-rDoNB_ezzVDw"
vary
Accept, Accept-Encoding
warning
cf-images 299 "cache-control is too restrictive"
content-type
image/svg+xml
cache-control
public, max-age=300
cf-ray
7ffc13d2686d725e-HAM
gt-haptik-zs-regular-webfont.woff2
www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/
18 KB
19 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/gt-haptik-zs-regular-webfont.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
736666a53a4a4805e200de224be9255704ff848fd84d60333b087d50d02490ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
3
x-nf-request-id
01H97X37XHGDACVGB4XJ3MBFWE
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
205
x-cache
HIT
x-ah-environment
prod
x-request-id
v-ca8fcb50-47b6-11ee-8945-e359856ba658
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
server
cloudflare
vary
Accept-Encoding
content-type
font/woff2
cache-control
public,max-age=300
x-middleware-next
1
accept-ranges
bytes
cf-ray
7ffc13d2789f725e-HAM
expires
Fri, 01 Sep 2023 08:19:07 GMT
gt-haptik-zs-medium-webfont.woff2
www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/
19 KB
19 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/gt-haptik-zs-medium-webfont.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd9535c4b369928aa5fe4ddebbe42a9f96bb590ba9a70176297599192b9cbab4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
1
x-nf-request-id
01H97X37WT1TVZ2592DKG38YBF
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
205
x-cache
HIT
x-ah-environment
prod
x-request-id
v-43861bb2-47ae-11ee-998b-2b10ff9d5baf
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
server
cloudflare
vary
Accept-Encoding
content-type
font/woff2
cache-control
public,max-age=300
x-middleware-next
1
accept-ranges
bytes
cf-ray
7ffc13d278a1725e-HAM
expires
Fri, 01 Sep 2023 08:19:07 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
72 B
310 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bd5068ee3f41ad2ed4f003c13c4e939021c77f7a69ac82d25211c72868b520e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
7ffc13d3c9cc2685-TXL
access-control-allow-headers
Content-Type
blog-subscription-form-background%401x.jpeg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/page/blog/
14 KB
14 KB
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/page/blog/blog-subscription-form-background%401x.jpeg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c311211146b7d1e26f7807e2131bd1c0787e54cc6dd90b9dd111fd2b4a1c7d77
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
content-length
14066
cf-resized
internal=ok/d q=0 n=298+79 c=0+0 v=2023.8.1 l=14066
last-modified
Fri, 09 Dec 2022 14:12:58 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cftz37uaFigiYaqZiowwIKFZQi1gWqs-rDoNB_ezzVDw"
vary
Accept, Accept-Encoding
warning
cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
content-type
image/webp
cache-control
public, max-age=300
accept-ranges
bytes
cf-ray
7ffc13d36a4d725e-HAM
gt-haptik-zs-bold-webfont.woff2
www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/
19 KB
19 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/fonts/gthaptic/gt-haptik-zs-bold-webfont.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f641642f73b0d4a76b30723c0dec94325eafbc39620de7e3fc6283e1550829e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
1
x-nf-request-id
01H97X381YQBRY7ERT7G7RDXCJ
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
205
x-cache
HIT
x-ah-environment
prod
x-request-id
v-67fbd136-4708-11ee-bae7-8723b6f56330
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
server
cloudflare
vary
Accept-Encoding
content-type
font/woff2
cache-control
public,max-age=300
x-middleware-next
1
accept-ranges
bytes
cf-ray
7ffc13d37a83725e-HAM
expires
Fri, 01 Sep 2023 08:19:07 GMT
fa-light-300.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/
181 KB
182 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-light-300.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2dc0e215dc2374fc5cdacf24707fabeabc2e4193e12ec9c0203ac9a52a5daf3e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
2
x-nf-request-id
01H97X382YBSND61VMJXM10D1T
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
205
x-cache
HIT
x-ah-environment
prod
x-request-id
v-9ce63620-462c-11ee-a6df-7719c320dc2f
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
server
cloudflare
vary
Accept-Encoding
content-type
font/woff2
cache-control
public,max-age=300
x-middleware-next
1
accept-ranges
bytes
cf-ray
7ffc13d38a88725e-HAM
expires
Fri, 01 Sep 2023 08:19:07 GMT
fa-brands-400.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/
74 KB
74 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-brands-400.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec2e22fd918a8ffef0f54f466fb7edd2c586f39dad794cd25a0a97ce36c404d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
1
x-nf-request-id
01H97X3823R46QYMB5KJA4RSK2
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
205
x-cache
HIT
x-ah-environment
prod
x-request-id
v-1b3758ec-4709-11ee-b813-df1ac442646d
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
server
cloudflare
vary
Accept-Encoding
content-type
font/woff2
cache-control
public,max-age=300
x-middleware-next
1
accept-ranges
bytes
cf-ray
7ffc13d38a8d725e-HAM
expires
Fri, 01 Sep 2023 08:19:07 GMT
fa-solid-900.woff2
www.zscaler.com/themes/custom/zscaler/build/webfonts/
134 KB
135 KB
Font
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/build/webfonts/fa-solid-900.woff2
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68eb827a2fa6f035eab41392f863522ae5dc0d4c0c31d5245362a7f1a5aed46a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Origin
https://www.zscaler.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
2
x-nf-request-id
01H97X381V9187B82A59QWWDXH
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
205
x-cache
HIT
x-ah-environment
prod
x-request-id
v-472fb6a4-446d-11ee-9015-03329734a945
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
server
cloudflare
vary
Accept-Encoding
content-type
font/woff2
cache-control
public,max-age=300
x-middleware-next
1
accept-ranges
bytes
cf-ray
7ffc13d38a90725e-HAM
expires
Fri, 01 Sep 2023 08:19:07 GMT
fail-over.js
www.zscaler.com/
0
2 KB
XHR
General
Full URL
https://www.zscaler.com/fail-over.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_WLKoEJqcMSQu18vmQlmc827AkyFvLNknh8XcOVZUaa4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com;
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-nf-request-id
01H97X382YSF9S0X34E95W36MR
date
Fri, 01 Sep 2023 08:17:32 GMT
content-security-policy
default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload
cf-cache-status
DYNAMIC
age
59678
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
etag
"98191ec5ed3cad8ebe75819e87777e81-ssl"
vary
X-Bb-Conditions
x-frame-options
SAMEORIGIN https://cms.zscaler.com
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
7ffc13d3baf2725e-HAM
fail-over.js
www.zscaler.com/
0
2 KB
Script
General
Full URL
https://www.zscaler.com/fail-over.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/js/js_WLKoEJqcMSQu18vmQlmc827AkyFvLNknh8XcOVZUaa4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com;
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN https://cms.zscaler.com
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-nf-request-id
01H97X385HZAEHZA9K8HAHP0FG
date
Fri, 01 Sep 2023 08:17:32 GMT
content-security-policy
default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload
cf-cache-status
DYNAMIC
age
59678
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
etag
"98191ec5ed3cad8ebe75819e87777e81-ssl"
vary
X-Bb-Conditions
x-frame-options
SAMEORIGIN https://cms.zscaler.com
content-type
application/javascript; charset=UTF-8
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
7ffc13d43bf5725e-HAM
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.39.0/
372 KB
89 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 01 Sep 2023 08:17:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Zp/CcrZmK7hQ2S6c/t9Tpw==
age
13610
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
90454
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:31:04 GMT
server
cloudflare
etag
0x8DA87805EB35DE2
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
526a626c-301e-007c-66e1-5a45d3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7ffc13d479a84534-TXL
zscaler-logo.svg
www.zscaler.com/sites/default/files/images/page/m7header/
2 KB
2 KB
Image
General
Full URL
https://www.zscaler.com/sites/default/files/images/page/m7header/zscaler-logo.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb71a91ef4937bdac04520d7e7b1852bb28635ae850934d440360ccc8142c1a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
1
x-nf-request-id
01H97X387RNXA8N2SFNECWP7Y0
date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
age
128
x-cache
HIT
x-ah-environment
prod
x-request-id
v-cf50b1ce-455c-11ee-b092-934366ae11d7
last-modified
Wed, 29 Mar 2023 13:53:42 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public,max-age=300
x-middleware-next
1
cf-ray
7ffc13d4acde725e-HAM
expires
Fri, 01 Sep 2023 08:20:24 GMT
zscaler-blog-cyber-security-3%402x_0.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blogs/----category-images/cyber-security/
133 KB
133 KB
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/images/blogs/----category-images/cyber-security/zscaler-blog-cyber-security-3%402x_0.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be81d93c26c398f9aa158beba681a1082ab8e0fb6f918e1ab2aa154fe4677c48
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:32 GMT
strict-transport-security
max-age=31536000; preload
via
varnish
cf-cache-status
HIT
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
content-length
135960
cf-resized
internal=ok/d q=0 n=538+137 c=0+0 v=2023.7.3 l=135960
last-modified
Fri, 04 Sep 2020 22:29:42 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfENm_QiveiNfsK8xQzzlyQCvZ1gWqs-rDoNB_ezzVDw"
vary
Accept, Accept-Encoding
warning
cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF"
content-type
image/webp
cache-control
public, max-age=300
accept-ranges
bytes
cf-ray
7ffc13d4acdf725e-HAM
gtm.js
www.googletagmanager.com/
452 KB
120 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/google_tag/zscaler_marketing/google_tag.script.js?s07497
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fff8ff05cbab81d3325182887ba0753769bb2bc90d71bc57f3e370ac1683a696
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
122432
x-xss-protection
0
last-modified
Fri, 01 Sep 2023 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 01 Sep 2023 08:17:33 GMT
getForm
info.zscaler.com/index.php/form/
6 KB
2 KB
Script
General
Full URL
https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=1944&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&callback=jQuery112407020717233907794_1693556252925&_=1693556252926
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83a98717e30c702bfc722b6dc56ac3ad8914f8521353f8fd8a101da5e5399d30

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
server
cloudflare
cf-ray
7ffc13d57f197276-HAM
cached
true
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
getForm
info.zscaler.com/index.php/form/
6 KB
2 KB
Script
General
Full URL
https://info.zscaler.com/index.php/form/getForm?munchkinId=306-ZEJ-256&form=7140&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&callback=jQuery112407020717233907794_1693556252927&_=1693556252928
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07a8e36e79e7c0ebc6a115201a059d383471ada3fe95de37223e02bf316f9000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-form-service-request-id
164aa#18a4fd1a1d1
x-marketo-source
Form Service
cf-ray
7ffc13d57f1f7276-HAM
cached
false
zscaler-blog-category-hero-background-gradient-blue-2x.jpg
www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/blog-hero/
126 KB
126 KB
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format%3Dauto/sites/default/files/blog-hero/zscaler-blog-category-hero-background-gradient-blue-2x.jpg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2b66668bbb8fae36b12842672cbeeedc9e7c16562d3c592a6613b6f44aed1b1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
content-length
128708
cf-resized
internal=ok/d q=0 n=92+109 c=0+0 v=2023.8.1 l=128708
last-modified
Tue, 09 May 2023 14:59:58 GMT
cf-bgj
imgq:0,h2pri
server
cloudflare
etag
"cfhbxO8X4tnrT2okRVhjqRLd_o1gWqs-rDoNB_ezzVDw"
vary
Accept, Accept-Encoding
warning
cf-images 299 "cache-control is too restrictive", cf-images 299 "image too large for AVIF", cf-images 299 "original is 45589B smaller"
content-type
image/jpeg
cache-control
public, max-age=300
accept-ranges
bytes
cf-ray
7ffc13d57e74725e-HAM
priority
u=1;i=?0,cf-chb=(257;u=4;i=?0 28205;u=5;i=?0 63104;u=6;i=?0)
en.json
cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/57d0b2fd-5e95-4e1b-923d-cff7f0c71c9e/
76 KB
15 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/3e894970-e3e9-4783-85e9-7c38eedbfbbf/57d0b2fd-5e95-4e1b-923d-cff7f0c71c9e/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69fe3a3cb8e52c9522e1317a41bfda30f19e6c199fb84c66f083cd9e35e46442
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
4001
content-md5
a+O//X2h08gSfqxZ78vXYQ==
content-length
15164
x-ms-lease-status
unlocked
last-modified
Tue, 27 Dec 2022 13:11:17 GMT
server
cloudflare
etag
0x8DAE80BD6BFBADE
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f4346904-101e-0023-180b-cca340000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7ffc13d5aaf1ac9e-TXL
expires
Sat, 02 Sep 2023 08:17:33 GMT
truncated
/
44 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c1b2320bfa46f10b1db699e2fbb7d2b0ec06141e294451dfcb2c928649bd2d50

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
forms2.css
info.zscaler.com/js/forms2/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://info.zscaler.com/js/forms2/css/forms2.css
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 13 Jul 2023 18:50:22 GMT
server
cloudflare
age
6836
etag
"460919-3437-60062cdee3780"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
7ffc13d5f8817276-HAM
content-length
2623
expires
Fri, 01 Sep 2023 12:17:33 GMT
forms2-theme-round.css
info.zscaler.com/js/forms2/css/
4 KB
1 KB
Stylesheet
General
Full URL
https://info.zscaler.com/js/forms2/css/forms2-theme-round.css
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 13 Jul 2023 18:50:22 GMT
server
cloudflare
age
6835
etag
"3a0896-e46-60062cdee3780"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
7ffc13d6089d7276-HAM
content-length
968
expires
Fri, 01 Sep 2023 12:17:33 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/6.39.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Xx897lTVYGjMQiwuGCrzDA==
age
4000
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3007
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:30:55 GMT
server
cloudflare
etag
0x8DA87805972EF22
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
787e6ad9-401e-0138-04e1-5adfea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7ffc13d66cb8ac9e-TXL
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/6.39.0/assets/
5 KB
2 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ssl6Phwu9+sah2W05EtyUQ==
age
4000
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1767
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:30:57 GMT
server
cloudflare
etag
0x8DA87805A8DD1F0
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
9e470cff-401e-004c-50a5-cda9b3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7ffc13d66cc1ac9e-TXL
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.39.0/assets/
22 KB
5 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 01 Sep 2023 08:17:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
B55i3ZY9miZIaUrwjufy0w==
age
4000
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:31:09 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
7e19b9f3-801e-0003-59e1-5adbe1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7ffc13d66ccaac9e-TXL
form-button-arrow.svg
www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/footer/
704 B
510 B
Image
General
Full URL
https://www.zscaler.com/cdn-cgi/image/format=auto/themes/custom/zscaler/images/footer/form-button-arrow.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d25984848cb59b62095fd6cb563ef08f012a501258c06fd7e64d263a785e1c88
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
strict-transport-security
max-age=31536000; preload
via
varnish
cf-cache-status
HIT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cf-resized
internal=ok/d q=0 n=264+0 c=0+0 v=2023.7.3 l=704
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
cf-bgj
imgq:0,h2pri
server
cloudflare
etag
W/"cfDDzwzbiwy4uUZkpDyQAkTPSc1gWqs-rDoNB_ezzVDw"
vary
Accept, Accept-Encoding
warning
cf-images 299 "cache-control is too restrictive"
content-type
image/svg+xml
cache-control
public, max-age=300
cf-ray
7ffc13d6c980725e-HAM
XDFrame
info.zscaler.com/index.php/form/ Frame FD07
2 KB
865 B
Document
General
Full URL
https://info.zscaler.com/index.php/form/XDFrame
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
7ffc13d6eabf7276-HAM
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 01 Sep 2023 08:17:33 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
truncated
/
817 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973777747/?random=1693556253394&cv=11&fst=1693556253394&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&hn=www.googleadservices.com&frm=0&tiba=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&auid=963867885.1693556253&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8ed9481eaeedce607e66dcf13971f34deff7fbcde181fc55299dc21071938da8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1369
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 01 Sep 2023 07:44:23 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
1990
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 01 Sep 2023 09:44:23 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1693556253402&cv=11&fst=1693556253402&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&hn=www.googleadservices.com&frm=0&tiba=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&auid=963867885.1693556253&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e47227f7af2b6a9ac27fa83cc84dacfaf6843b98fc0e427291c845d2358bd686
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1368
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
310 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ced49642c146f0fc73d4df1dcba391bc14ccb4571b8eb5539421f3173c6b944d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
95846
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 01 Sep 2023 08:17:33 GMT
forms2.min.js
info.zscaler.com/js/forms2/js/ Frame FD07
208 KB
69 KB
Script
General
Full URL
https://info.zscaler.com/js/forms2/js/forms2.min.js
Requested by
Host: info.zscaler.com
URL: https://info.zscaler.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.zscaler.com/index.php/form/XDFrame
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 13 Jul 2023 18:50:22 GMT
server
cloudflare
age
6836
etag
"3a089f-34099-60062cdee3780"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
7ffc13d80ded7276-HAM
expires
Fri, 01 Sep 2023 12:17:33 GMT
icon-enlarge-btn.svg
www.zscaler.com/themes/custom/zscaler/images/icons/
3 KB
1 KB
Image
General
Full URL
https://www.zscaler.com/themes/custom/zscaler/images/icons/icon-enlarge-btn.svg
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1c4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/sites/default/files/css/css_dtO1vVM0pbz_GXXA2VFao2NKA7R2lBPGMBo811JFLvc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits
2
x-nf-request-id
01H97X38SXQJPRJF151J8489Q7
date
Fri, 01 Sep 2023 08:17:33 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
age
229
x-cache
MISS
x-ah-environment
prod
x-request-id
v-67c96c7e-4892-11ee-ba41-2be92b99ab75
last-modified
Wed, 19 Jul 2023 08:22:20 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public,max-age=300
x-middleware-next
1
cf-ray
7ffc13d84c3e725e-HAM
expires
Fri, 01 Sep 2023 08:18:44 GMT
collect
region1.analytics.google.com/g/
0
245 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je38u0&_p=204363502&_gaz=1&cid=275938342.1693556254&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1693556253&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1&ep.allowLinker=true&ep.cookieDomain=auto&ep.content_group=Blogs&ep.blog_parent_category=Security%20Research&ep.blog_child_category=Threatlabz%20Research
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
254 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-10SPJ4YJL9&cid=275938342.1693556254&gtm=45je38u0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-10SPJ4YJL9&cid=275938342.1693556254&gtm=45je38u0&aip=1&z=1191764662
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/973777747/
42 B
455 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/973777747/?random=1693556253394&cv=11&fst=1693555200000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&frm=0&tiba=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&fmt=3&is_vtc=1&random=1317325273&rmt_tld=0&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/973777747/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/973777747/?random=1693556253394&cv=11&fst=1693555200000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&frm=0&tiba=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&fmt=3&is_vtc=1&random=1317325273&rmt_tld=1&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/812494211/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/812494211/?random=1693556253402&cv=11&fst=1693555200000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&frm=0&tiba=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&fmt=3&is_vtc=1&random=1310333028&rmt_tld=0&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/812494211/
42 B
455 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/812494211/?random=1693556253402&cv=11&fst=1693555200000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&frm=0&tiba=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&fmt=3&is_vtc=1&random=1310333028&rmt_tld=1&ipr=y
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
3 B
208 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=204363502&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&ul=en-us&de=UTF-8&dt=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAACAAI~&jid=196836461&gjid=2129032844&cid=275938342.1693556254&tid=UA-6177009-1&_gid=291976873.1693556254&_slc=1&gtm=45He38u0n715SLZFK&z=1641505892
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
151 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-6177009-1&cid=275938342.1693556254&jid=196836461&gjid=2129032844&_gid=291976873.1693556254&_u=YCDAiEABBAAAAGAAI~&z=1467864132
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 01 Sep 2023 08:17:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
107 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-6177009-1&cid=275938342.1693556254&jid=196836461&_u=YCDAiEABBAAAAGAAI~&z=199839301
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-6177009-1&cid=275938342.1693556254&jid=196836461&_u=YCDAiEABBAAAAGAAI~&z=199839301
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:33 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
nr-rum.3709cb75-1.238.0.min.js
js-agent.newrelic.com/
43 KB
15 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-rum.3709cb75-1.238.0.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
626b55eec0c819bcc0e797faccf7393babe486645f1860673218e9aaa0697f4b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id
6NYP7CC916llrFhVilA2_41lRSPLl92y
content-encoding
br
via
1.1 varnish
date
Fri, 01 Sep 2023 08:17:33 GMT
strict-transport-security
max-age=300
x-amz-request-id
TPCRECRJAFCMJ7JE
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
15279
x-amz-id-2
0QPeM0AxW+Sxs+wyMcXqg3rsMVzEZyWDdqQgivBOFuzNgb7PxMOg9AoFHabipfQlKfxZSJ0o9JM=
x-served-by
cache-fra-eddf8230092-FRA
last-modified
Wed, 16 Aug 2023 21:40:47 GMT
server
AmazonS3
x-timer
S1693556254.955078,VS0,VE0
etag
"f59a391a3f3bdc521e37f4984b33bf21"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
1423
6934ae2b-4c76-4229-97d0-8f637b004b88.js
j.6sc.co/j/
4 KB
4 KB
Script
General
Full URL
https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id
uLuCr1hhLpJjZt0sFSB89FSJa4YqIrE7
date
Fri, 01 Sep 2023 08:17:34 GMT
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
x-amz-meta-content-type
application/json
content-length
3771
pragma
no-cache
last-modified
Tue, 02 May 2023 17:36:47 GMT
server
AmazonS3
etag
"afb8c61166e7f50fe6d7ab7b6377733c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
x-amz-cf-id
JON-KeB9uxEqNsVPsFA7kG0DomcHMLE3z41GFOROj9-LqXOWoE_q5w==
expires
Fri, 01 Sep 2023 08:17:34 GMT
roundtrip.js
s.adroll.com/j/
75 KB
24 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:ae00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e7ad47a4bc6ddbb17cb8cbe6167dae4717d0b5962a1d63de2e93e6dc201b9e8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

X-Amz-Version-Id
2W0nFhLgp3U9gUvvEzXT9GuNEpd6A6yg
Content-Encoding
gzip
Via
1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
Date
Fri, 01 Sep 2023 08:11:09 GMT
Age
384
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Thu, 03 Aug 2023 19:17:31 GMT
Server
AmazonS3
Etag
W/"67e54a60303cfbf4c3b977aa390ad408"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Max-Age
600
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
MhZbIvvhD514e0ijAcvOwAu3J4Z-kXBQcH1-95PLb5rZhrFNEcoadQ==
insight.min.js
snap.licdn.com/li.lms-analytics/
1 KB
1 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:2a3b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
292f853f9ef0e448c5536987fe87197f401bafcde3e0857e17de1f0676f5b2eb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
x-content-type-options
nosniff
last-modified
Wed, 30 Aug 2023 18:41:20 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
content-type
application/javascript;charset=utf-8
cache-control
max-age=28728
accept-ranges
bytes
content-length
1046
bat.js
bat.bing.com/
42 KB
13 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Fri, 01 Sep 2023 08:17:33 GMT
last-modified
Fri, 28 Jul 2023 18:19:39 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 35A5117AEB6447AE94C49DBE2B12625A Ref B: FRAEDGE1212 Ref C: 2023-09-01T08:17:33Z
etag
"806f3b1280c1d91:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
12469
bizible.js
cdn.bizible.com/scripts/
67 KB
25 KB
Script
General
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D4) /
Resource Hash
3562dd5ebaf7d001cd283fe325fc4b574e26b053807efb3331dd8fcb5964f559

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
last-modified
Thu, 31 Aug 2023 19:08:03 GMT
server
ECS (frb/67D4)
age
14825
etag
"8a25a8773edcd91:0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
25470
fbevents.js
connect.facebook.net/en_US/
193 KB
52 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 01 Sep 2023 08:17:33 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
52127
x-xss-protection
0
pragma
public
x-fb-debug
lwr/Wt0yxBrMNQuoK6kj48mipQ+J/Osa9z5hKroKwwEUbywcG4mkSELRktV1X3CfvH9Jb4ZGhumrQVFbTK3qAg==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
tracking.js
trk.techtarget.com/
3 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:24c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
server
cloudflare
age
57011
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
7ffc13db0a334510-TXL
expires
Fri, 01 Sep 2023 08:37:33 GMT
spx
dx.mountain.com/
20 KB
6 KB
Script
General
Full URL
https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=46888586931447000term=value
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.7.151.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-7-151-245.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
4cbc6e48130564de2f621f30acc0857ff27d79471bda19882f91fe9622bef8e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
gzip
server
istio-envoy
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding
chunked
content-type
application/javascript;charset=utf-8
x-envoy-upstream-service-time
1
be
spx-burnin
expires
Thu, 01 Jan 1970 00:00:00 GMT
fullcircle.js
d2i34c80a0ftze.cloudfront.net/
32 KB
11 KB
Script
General
Full URL
https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=731c316a-c46e-4a94-81a9-7cfc0ea0d53e&domain=zscaler.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:2e00:9:14eb:6280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
aa2b8282a1438a0e53971aa29a5c54f2911a3cb79b44cc20f8521ead150c458f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 02:24:01 GMT
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront), 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
FRA56-C1, FRA2-C1
age
21211
x-amzn-requestid
55267df7-828b-429b-9422-b01c00d65cd2
x-amzn-trace-id
Root=1-64f14b41-3fc48f512c0b3d132a072b68;Sampled=0;lineage=be50798f:0
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
KjiyVHlKvHcFcyQ=
x-amz-cf-id
gSa_omB-Uml8yqG--jl2bj_yfIoIwiwx6TLdrtB-rdGOL853vl9OXw==
ping.min.js
cdn.pdst.fm/
26 KB
6 KB
Script
General
Full URL
https://cdn.pdst.fm/ping.min.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
80.142.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 07:59:11 GMT
content-encoding
gzip
age
1103
x-guploader-uploadid
ADPycdt4LV6AErEq_THqr_CLxh3C5S5-FENWHR1KvI3TsinnzeG6ASnD7VpEr3SncU-DLma957I62GcoqnGrQQM7ackoLw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5774
last-modified
Fri, 28 May 2021 20:34:03 GMT
server
UploadServer
etag
"d001d1c9f5a942fa5524eeacb047e819"
vary
Accept-Encoding
x-goog-generation
1622234043862937
x-goog-hash
crc32c=oKoi/w==, md5=0AHRyfWpQvpVJO6ssEfoGQ==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
5774
accept-ranges
bytes
content-type
application/javascript;
expires
Fri, 01 Sep 2023 08:59:11 GMT
js
www.googletagmanager.com/gtag/
237 KB
80 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-812494211
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3adc63a522df878e3435545904e07997a00964ec360e2bbb6386b354b4a66edc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81498
x-xss-protection
0
last-modified
Fri, 01 Sep 2023 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 01 Sep 2023 08:17:33 GMT
up_loader.1.1.0.js
js.adsrvr.org/
5 KB
3 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SLZFK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-15-119.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Thu, 31 Aug 2023 20:57:32 GMT
Content-Encoding
gzip
Via
1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
Last-Modified
Tue, 01 Aug 2023 20:10:44 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P7
Age
40803
x-amz-server-side-encryption
AES256
ETag
W/"b7474eac210849250426a8f6a39d00f3"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
VOe80Smxxqh-CHwHVksJu80Wx53DBWX_hp8x0lxym3NZr6-e2gmRQw==
sf14g.js
t.sf14g.com/
0
0
Script
General
Full URL
https://t.sf14g.com/sf14g.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.53.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-53-159.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

munchkin.js
munchkin.marketo.net/
1 KB
2 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.64.124.188 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-124-188.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
ef2ca5ac3d9cf4d005d7294562694e44b40efd2c194722721a52743c2f43f1a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Fri, 01 Sep 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Mar 2023 02:09:07 GMT
Server
AkamaiNetStorage
ETag
"fefdb331ffca929fc0e661337b64ed4f:1678241347.158405"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
741
NRJS-686f86ac307898cabed
bam.nr-data.net/1/
40 B
464 B
XHR
General
Full URL
https://bam.nr-data.net/1/NRJS-686f86ac307898cabed?a=1353557264&v=1.238.0&to=YlxUMEJRWEFTVBALDlsWdwdEWVlcHXMWFxFUVWoKX1RTbnFYChYTWlVaAUJseF1WUjILBEJ6WQpEQlleXlIWT19DUFMT&rst=1957&ck=0&s=2ea96dc67730080e&ref=https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech&qt=3&ap=908&be=246&fe=1589&dc=746&at=ThtXRgpLS08%3D&perf=%7B%22timing%22:%7B%22of%22:1693556252031,%22n%22:0,%22f%22:89,%22dn%22:90,%22dne%22:90,%22c%22:90,%22s%22:118,%22ce%22:155,%22rq%22:155,%22rp%22:246,%22rpe%22:404,%22di%22:925,%22ds%22:926,%22de%22:992,%22dc%22:1832,%22l%22:1832,%22le%22:1834%7D,%22navigation%22:%7B%7D%7D&fp=583&fcp=583
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum.3709cb75-1.238.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d

Request headers

Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
content-type
text/plain

Response headers

Date
Fri, 01 Sep 2023 08:17:34 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.zscaler.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
Connection
keep-alive
CF-Ray
7ffc13dc1e5a4528-TXL
Content-Length
40
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/ULSJHTPGTZGY3EPPZSKHKS/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
785 B
Script
General
Full URL
https://s.adroll.com/j/exp/index.js
Protocol
HTTP/1.1
Server
2600:9000:225e:ae00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

X-Amz-Version-Id
e6mCeG7.PAM9gYrIJBIXJohubS3UVCEK
Date
Thu, 31 Aug 2023 19:40:35 GMT
Via
1.1 544049d1dc4d534822b40b9f9c7529da.cloudfront.net (CloudFront)
Age
56283
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
28
Last-Modified
Thu, 03 Aug 2023 18:30:18 GMT
Server
AmazonS3
Etag
"5816cced8568d223aa09d889f300692b"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
67kx6SxH695d25WJLY35XxLVo3vwGveZcd017hd3StPk8MhFw8B3zQ==

Redirect headers

Date
Thu, 31 Aug 2023 15:19:11 GMT
Via
1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
Age
61103
X-Amz-Cf-Pop
FRA60-P4
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
SJbjwbLSyRhb2aBzf63tF0lD6GadD--8CoAvPMBgY2CMqE5X48NbTQ==
index.js
s.adroll.com/j/pre/
Redirect Chain
  • https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/fpconsent.js
  • https://s.adroll.com/j/pre/index.js
0
756 B
Script
General
Full URL
https://s.adroll.com/j/pre/index.js
Protocol
HTTP/1.1
Server
2600:9000:225e:ae00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

X-Amz-Version-Id
nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date
Thu, 31 Aug 2023 16:16:07 GMT
Via
1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
Age
58928
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Wed, 15 Jan 2020 23:54:18 GMT
Server
AmazonS3
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
GTUp1VOP1Q1ExjuxHocegb-UzzrE3Y-T_acqHhjTy6nH2tWbk0lzIg==

Redirect headers

Date
Thu, 31 Aug 2023 15:38:56 GMT
Via
1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
Age
59917
X-Amz-Cf-Pop
FRA60-P4
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Location
https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
0o-7hNLwO5PEhg8-DeoAWqjKaL7LwEA6BqAIOBOVxbltGmhnkEY1RA==
index.js
s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/
0
808 B
Script
General
Full URL
https://s.adroll.com/j/pre/ULSJHTPGTZGY3EPPZSKHKS/22OEOVE2YNFA3EKSRERISY/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:ae00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

X-Amz-Version-Id
4I4MRafBhpIIgJlLZFO7Jq0e0cvxhmT_
Date
Fri, 01 Sep 2023 08:03:51 GMT
Via
1.1 70d755f7200c02162c7545e4ce74649a.cloudfront.net (CloudFront)
Age
871
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Wed, 30 Aug 2023 11:31:57 GMT
Server
AmazonS3
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Max-Age
600
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
mFXlZCFkiofdKuP7hCX-UZzrlroLyJ-y9NotvCwCfQmZXThQU5-O3g==
26354555.js
bat.bing.com/p/action/
0
116 B
Script
General
Full URL
https://bat.bing.com/p/action/26354555.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Fri, 01 Sep 2023 08:17:33 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 20ECB03F49B74FF38CCE41860AB400AC Ref B: FRAEDGE1212 Ref C: 2023-09-01T08:17:34Z
x-cache
CONFIG_NOCACHE
insight.old.min.js
snap.licdn.com/li.lms-analytics/
13 KB
5 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:2a3b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 28 Aug 2023 12:14:15 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=66448
accept-ranges
bytes
content-length
4862
gif.gif
ibc-flow.techtarget.com/a/ Frame
0
0
Preflight
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1693556254032&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Fri, 01 Sep 2023 08:17:34 GMT
expires
Fri, 01 Sep 2023 08:17:34 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
ADPycduKlEDGPEG85Bp4gyHhRmc9pdpAo-lSvqjdrt9QhfLm5HpSZL9dOtR6K3nlVYqxpmOyuCGLtOOyWfE3lWuCnqciQA
gif.gif
ibc-flow.techtarget.com/a/
43 B
464 B
XHR
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2334982&r=1693556254032&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
2334982
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
via
1.1 google
x-guploader-uploadid
ADPycdsbyLR8gHsuajDOAu92ahMT6b-gYNUDs2C6i91UzsBOIRnBWtz4-cUC38Cs9RJYkrsCezevereRs_Bp7dVh0E6HSQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Fri, 01 Sep 2023 09:17:34 GMT
1778897272132032
connect.facebook.net/signals/config/
151 KB
39 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1778897272132032?v=2.9.125&r=stable&domain=www.zscaler.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ef9eceb8f66c504a9d9fa11e625321a137ed71026f884b78528b40b4396ed5bd
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 01 Sep 2023 08:17:34 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
39394
x-xss-protection
0
pragma
public
x-fb-debug
x8pmqxoo5JGs9dLsplPI89QvoUlajWg0p+VYSILy0rSJkl+Kx5neU6zAwdyqtGvu9D2qiSbagLHXM/OKR9297w==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
token
cdn.linkedin.oribi.io/partner/33962/domain/zscaler.com/
38 B
376 B
XHR
General
Full URL
https://cdn.linkedin.oribi.io/partner/33962/domain/zscaler.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:d400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
9581d252706f6236028acf67e89cd0c2f8ec64ff46a416bf384b2fd3876080d4

Request headers

Accept
*
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:03:47 GMT
content-encoding
gzip
via
1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
827
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=3600
x-amz-cf-id
2ltESnAggBn1sZLuttSE1weeYFTNsxJKw5auqCgR6JgXf4b6I26DXg==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-finte...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D33962%26time%3D1693556254069%26url%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblog...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-finte...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fint...
0
265 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cookiesTest=true&liSync=true&e_ipv6=AQKz8UoEZXpi4QAAAYpP0agQRKcXyRFl4n7nk9aWivZU-aiqfqZXLzQQOj_m4M8bfAnNJ9mf
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: E1C11728E98D49D989ED9E2413AF751B Ref B: FRAEDGE1117 Ref C: 2023-09-01T08:17:34Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYER8r7fKhc3xzWVBGB3Q==

Redirect headers

date
Fri, 01 Sep 2023 08:17:34 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 0A9B0F4B888C4655AA5358FE5ACB92F1 Ref B: FRAEDGE1708 Ref C: 2023-09-01T08:17:34Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=33962&time=1693556254069&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cookiesTest=true&liSync=true&e_ipv6=AQKz8UoEZXpi4QAAAYpP0agQRKcXyRFl4n7nk9aWivZU-aiqfqZXLzQQOj_m4M8bfAnNJ9mf
x-li-proto
http/2
content-length
0
x-li-uuid
AAYER8r4ZpZvDp5gS73ZCw==
pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/
0
0
Fetch
General
Full URL
https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by
Host: cdn.pdst.fm
URL: https://cdn.pdst.fm/ping.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash

Request headers

Accept
application/json
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
server
Google Frontend
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by
Express
access-control-allow-methods
GET, POST
content-type
text/html
access-control-allow-origin
*
x-cloud-trace-context
ca92ad892b7685ec4367ec6ce5a18862
function-execution-id
fx7amiipauee
access-control-allow-headers
Content-Type, Accept
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame
0
0
Preflight
General
Full URL
https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers
Content-Type, Accept
access-control-allow-methods
GET, POST
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
gzip
content-length
22
content-type
text/html; charset=utf-8
date
Fri, 01 Sep 2023 08:17:34 GMT
etag
W/"2-ROqGvmcGDXooyAXFZHZ+i4au1yQ"
function-execution-id
cfnpca8y0swu
server
Google Frontend
x-cloud-trace-context
ce1b9317be0842bb2672179af4b977bb
x-powered-by
Express
/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1778897272132032&ev=PageView&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&rl=&if=false&ts=1693556254120&sw=1600&sh=1200&v=2.9.125&r=stable&ec=0&o=30&fbp=fb.1.1693556254117.1489220669&cs_est=true&it=1693556254063&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 01 Sep 2023 08:17:34 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
ULSJHTPGTZGY3EPPZSKHKS
d.adroll.com/consent/check/
492 B
585 B
Script
General
Full URL
https://d.adroll.com/consent/check/ULSJHTPGTZGY3EPPZSKHKS?pv=44330027324.252&arrfrr=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&_s=b0e0dee1b7a75b2ef1bb7b5c6719dfea&_b=2
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:cc3:fe05:2223:c169:58a7:2c8c Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
fddc9f25cac9e37353d0367621a55540b9d78b08eb099188fe124abdf4d124f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
server
nginx/1.22.1
content-length
492
content-type
application/javascript
oribili.js
cdn.linkedin.oribi.io/33962/
74 KB
24 KB
Script
General
Full URL
https://cdn.linkedin.oribi.io/33962/oribili.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:d400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c70906f4f530165e348ba8f8caa338809a8311edaeb12c469e244df2f0b5c3be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:24 GMT
content-encoding
gzip
via
1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
10
vary
accept-encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=300
x-amz-cf-id
JvrA280SjRaI2ALcH2sYAJNlIK61TaCUxQwQZYfkKe97pTskIklz3Q==
munchkin.js
munchkin.marketo.net/162/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/162/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.64.124.188 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-124-188.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Fri, 01 Sep 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 01 Jul 2022 00:59:12 GMT
Server
AkamaiNetStorage
ETag
"75daf56f6191efe42577301908659c29:1656637152.894482"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4677
Expires
Sun, 10 Dec 2023 08:17:34 GMT
visitWebPage
306-zej-256.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://306-zej-256.mktoresp.com/webevents/visitWebPage?_mchNc=1693556254251&_mchCn=&_mchId=306-ZEJ-256&_mchTk=_mch-zscaler.com-1693556254250-87430&_mchHo=www.zscaler.com&_mchPo=&_mchRu=%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Fri, 01 Sep 2023 08:17:34 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
c65b02b9-9137-4a3b-8a77-0fa754c92d3b
event
gw.linkedin.oribi.io/
0
186 B
XHR
General
Full URL
https://gw.linkedin.oribi.io/event
Requested by
Host: cdn.linkedin.oribi.io
URL: https://cdn.linkedin.oribi.io/33962/oribili.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.232.97.199 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-232-97-199.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.zscaler.com
date
Fri, 01 Sep 2023 08:17:34 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain
ws
px.ads.linkedin.com/
0
0

/
px.ads.linkedin.com/ws_collect/
0
566 B
Image
General
Full URL
https://px.ads.linkedin.com/ws_collect/?pid=33962&timestamp=1693556254272&raw_event_id=33962-0d779b25-6a95-d8be-ded9-027ce1cf48d2-1693556254270
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 46D036135342442D89161E3619979AF0 Ref B: FRAEDGE1708 Ref C: 2023-09-01T08:17:34Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYER8ryZX23LycnRPjcOg==
b5931eb2-3cde-46fb-96df-7acdc3094860
https://www.zscaler.com/
43 B
0
Image
General
Full URL
blob:https://www.zscaler.com/b5931eb2-3cde-46fb-96df-7acdc3094860
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Length
43
Content-Type
image/gif
6si.min.js
j.6sc.co/
51 KB
15 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/j/6934ae2b-4c76-4229-97d0-8f637b004b88.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 24 Aug 2023 22:29:49 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"64e7d9dd-cc38"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
14993
expires
Fri, 01 Sep 2023 08:17:34 GMT
create
st.fullcircleinsights.com/v1/visitors/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visitors/create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-129.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
js-version,origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.zscaler.com
content-length
1
content-type
application/json
date
Fri, 01 Sep 2023 08:17:34 GMT
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-amz-apigw-id
KkWk3FluPHcFT6w=
x-amz-cf-id
TeJlTFJ_BCKy160dinnZhiYBt8UVHZANUtGflvfM5kQpc7gDWWOY-g==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
4f26d95c-b2c9-4164-aaa0-227313c29b43
x-cache
Miss from cloudfront
create
st.fullcircleinsights.com/v1/visitors/
1 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visitors/create
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-129.fra2.r.cloudfront.net
Software
/
Resource Hash
079abab6af8a32fe492c96a9914b14e1ccb716e248ca88967a3c461558ae511d

Request headers

origin-fci
https://www.zscaler.com
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
js-version
1.0.59
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
x-api-key
qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 01 Sep 2023 08:17:35 GMT
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-trace-id
Root=1-64f19e1f-07a6e1ad0a329912532019ca;Sampled=0;lineage=7c392b7c:0
x-amzn-requestid
f1b69c0f-f3b4-4b41-9306-9435d341f399
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
x-amz-apigw-id
KkWk5EcIPHcF-0g=
content-length
1408
x-amz-cf-id
UxF-QMGycusFTjvRrNo4zDnNQ8C5E7UsbIQbPZ7ptgIxOKVwMuzlfA==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812494211/?random=1693556254470&cv=11&fst=1693556254470&bg=ffffff&guid=ON&async=1&gtm=45be38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&hn=www.googleadservices.com&frm=0&tiba=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&auid=963867885.1693556253&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-812494211
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6363df105457a06aca861633dba0c17b8570006c1a0a9b34cf116462fc57bcde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:34 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1385
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
up
insight.adsrvr.org/track/ Frame 3F7D
0
0

getuidj
secure.adnxs.com/
11 B
575 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:34 GMT
an-x-request-uuid
70d70a86-7098-42a4-ae48-6db0050c80d6
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.zscaler.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
193.32.248.248; 193.32.248.248; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
11
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/
7 B
193 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
20 B
311 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:2baa Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
46bf25777096ef50be3de3b3793ee7cf44f9912016c5553cb448844ad5d4003c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:34 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.zscaler.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a03:1b20:b:f011::4e
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1693556254559_389360550_322971964_25_1158_31_69_219";dur=1
content-length
20
expires
Fri, 01 Sep 2023 08:17:34 GMT
/
www.google.com/pagead/1p-user-list/812494211/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/812494211/?random=1693556254470&cv=11&fst=1693555200000&bg=ffffff&guid=ON&async=1&gtm=45be38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&frm=0&tiba=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=381029564&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:34 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/812494211/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/812494211/?random=1693556254470&cv=11&fst=1693555200000&bg=ffffff&guid=ON&async=1&gtm=45be38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&frm=0&tiba=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=381029564&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:34 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c3ff6c45-e3e5-40b3-8782-8af7fe5e62a9&session=723075c1-70a7-424e-8137-10c95a4fe7ae&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2001%20Sep%202023%2008%3A17%3A34%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22ab9750bca4342498694e239e304dd3a9%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Sep%202023%2008%3A17%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%221dc729230d6b8d19bab5e6236d81f60c4dca0823%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Sep%202023%2008%3A17%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Sep%202023%2008%3A17%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Sep%202023%2008%3A17%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%226934ae2b-4c76-4229-97d0-8f637b004b88%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Sep%202023%2008%3A17%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Sep%202023%2008%3A17%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Sep%202023%2008%3A17%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=b115eae4-b070-4e2c-8e48-55456ec1cf68&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
/
www.facebook.com/tr/ Frame 7328
0
49 B
Document
General
Full URL
https://www.facebook.com/tr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.zscaler.com
Referer
https://www.zscaler.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.zscaler.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Fri, 01 Sep 2023 08:17:34 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c3ff6c45-e3e5-40b3-8782-8af7fe5e62a9&session=723075c1-70a7-424e-8137-10c95a4fe7ae&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3Ab%3Af011%3A%3A4e%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=b115eae4-b070-4e2c-8e48-55456ec1cf68&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
details
epsilon.6sense.com/v3/company/
722 B
573 B
XHR
General
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.23.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-23-65.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
fe26156dcbc0058c9fc1cdfb4ecbec01c82711a31548024e2f9950d817406cb2

Request headers

Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
Authorization
Token 1dc729230d6b8d19bab5e6236d81f60c4dca0823
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
X-6s-CustomID
WebTag 6934ae2b-4c76-4229-97d0-8f637b004b88

Response headers

date
Fri, 01 Sep 2023 08:17:34 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
access-control-allow-credentials
true
content-length
388
details
epsilon.6sense.com/v3/company/ Frame
0
0
Preflight
General
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.23.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-23-65.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.zscaler.com
access-control-max-age
1800
date
Fri, 01 Sep 2023 08:17:34 GMT
server
nginx
queue
st.fullcircleinsights.com/v1/visits/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-129.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
js-version,origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.zscaler.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.zscaler.com
content-length
1
content-type
application/json
date
Fri, 01 Sep 2023 08:17:35 GMT
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-amz-apigw-id
KkWk-G-yPHcF_dA=
x-amz-cf-id
lSUIsz_o85iy51PQGV5av5gyRzZ98eEXV5IGgyCennHmCb7wU4LccA==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
dbb39a24-97ad-465a-9d33-bdbf2f03512a
x-cache
Miss from cloudfront
queue
st.fullcircleinsights.com/v1/visits/
2 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-129.fra2.r.cloudfront.net
Software
/
Resource Hash
09465380f9a2dc1fea4f0730d29d8add31947d92f8a0b7d3bb85dd975b658f52

Request headers

origin-fci
https://www.zscaler.com
Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
js-version
1.0.59
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
x-api-key
qJ5ZUG1BW44UIJbuBg8oP93ofs3xOFTZ7XFCqaSv
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 01 Sep 2023 08:17:35 GMT
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-trace-id
Root=1-64f19e1f-200c061a0d3b11467c8e10ee;Sampled=0;lineage=adebd93c:0
x-amzn-requestid
550f8f52-5a71-4358-b88c-4d528c0b8c5d
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.zscaler.com
x-amz-apigw-id
KkWlAGI6vHcFp2A=
content-length
2084
x-amz-cf-id
EpMhH-DEJtWTNZCsYN-QGhyEs5OB67rwkz4nkcAKPXYro4ZjvPBwzw==
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c3ff6c45-e3e5-40b3-8782-8af7fe5e62a9&session=723075c1-70a7-424e-8137-10c95a4fe7ae&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Sep%202023%2008%3A17%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Sep%202023%2008%3A17%3A34%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=b115eae4-b070-4e2c-8e48-55456ec1cf68&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:35 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c3ff6c45-e3e5-40b3-8782-8af7fe5e62a9&session=723075c1-70a7-424e-8137-10c95a4fe7ae&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Sep%202023%2008%3A17%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Sep%202023%2008%3A17%3A35%20GMT%22%2C%22timeSpent%22%3A%221012%22%2C%22totalTimeSpent%22%3A%222014%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=b115eae4-b070-4e2c-8e48-55456ec1cf68&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:36 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
st
px.mountain.com/
2 KB
2 KB
Script
General
Full URL
https://px.mountain.com/st?ga_tracking_id=UA-6177009-1%3BG-10SPJ4YJL9&ga_client_id=275938342.1693556254&shpt=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&ga_info=%7B%22status%22%3A%22One%20or%20more%20failures%22%2C%22ga_tracking_id%22%3A%22UA-6177009-1%3BG-10SPJ4YJL9%22%2C%22ga_client_id%22%3A%22275938342.1693556254%22%2C%22shpt%22%3A%22JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog%22%2C%22dcm_cid%22%3A%221693556253.1%22%2C%22dcm_gid%22%3A%22291976873.1693556254%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A29%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1693556253.1&dcm_gid=291976873.1693556254&available_ga=%5B%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221693556253%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=46888586931447000term%3Dvalue&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Clanguage%3Den&shoid=%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=46888586931447000term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.81.173.170 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-81-173-170.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
1988aed2ad778a651dc01aa57c0af0b8ddd7c2425afd2eb4be0a9bd90a116f14

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:38 GMT
content-encoding
gzip
server
istio-envoy
transfer-encoding
chunked
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time
0
connection
close
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c3ff6c45-e3e5-40b3-8782-8af7fe5e62a9&session=723075c1-70a7-424e-8137-10c95a4fe7ae&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Sep%202023%2008%3A17%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Sep%202023%2008%3A17%3A36%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223015%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=b115eae4-b070-4e2c-8e48-55456ec1cf68&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:37 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
gs
gs.mountain.com/
144 B
733 B
Script
General
Full URL
https://gs.mountain.com/gs
Requested by
Host: www.zscaler.com
URL: https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.212.4.35 -, , ASN (),
Reverse DNS
Software
istio-envoy /
Resource Hash
9c0f22eedf0c5680c7a6bee780edfc338bac379db0bf2c888c5136420a6dc5b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:39 GMT
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
cache-control
public, max-age=31536000
x-envoy-upstream-service-time
2
connection
close
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
content-length
144
x-application-context
application:prod:8080
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=ab9750bca4342498694e239e304dd3a9&svisitor=null&visitor=c3ff6c45-e3e5-40b3-8782-8af7fe5e62a9&session=723075c1-70a7-424e-8137-10c95a4fe7ae&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Sep%202023%2008%3A17%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Sep%202023%2008%3A17%3A37%20GMT%22%2C%22timeSpent%22%3A%221042%22%2C%22totalTimeSpent%22%3A%224057%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20JanelaRat%2C%20a%20new%20malware%20variant%20of%20BX%20Rat%2C%20in%20a%20campaign%20targeting%20LATAM%20countries%20that%20occurred%20in%20June%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&pageViewId=b115eae4-b070-4e2c-8e48-55456ec1cf68&an_uid=0&webTagId=6934ae2b-4c76-4229-97d0-8f637b004b88&v=1.1.6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.zscaler.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 08:17:38 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
collect
region1.analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-10SPJ4YJL9&gtm=45je38u0&_p=204363502&cid=275938342.1693556254&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1693556253&sct=1&seg=0&dl=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&dt=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&_s=2
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-10SPJ4YJL9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zscaler.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 01 Sep 2023 08:17:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zscaler.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
st
px.mountain.com/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
px.ads.linkedin.com
URL
https://px.ads.linkedin.com/ws
Domain
insight.adsrvr.org
URL
https://insight.adsrvr.org/track/up?adv=5gm3a7p&ref=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&upid=27hmsyx&upv=1.1.0
Domain
px.mountain.com
URL
https://px.mountain.com/st?ga_tracking_id=UA-6177009-1%3BG-10SPJ4YJL9&ga_client_id=275938342.1693556254&shpt=JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog&ga_info=%7B%22status%22%3A%22One%20or%20more%20failures%22%2C%22ga_tracking_id%22%3A%22UA-6177009-1%3BG-10SPJ4YJL9%22%2C%22ga_client_id%22%3A%22275938342.1693556254%22%2C%22shpt%22%3A%22JanelaRAT%20%7C%20ThreatLabz%20Zscaler%20Blog%22%2C%22dcm_cid%22%3A%221693556253.1%22%2C%22dcm_gid%22%3A%22291976873.1693556254%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A29%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1693556253.1&dcm_gid=291976873.1693556254&available_ga=%5B%7B%22id%22%3A%22UA-6177009-1%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22G-10SPJ4YJL9%22%2C%22sess_id%22%3A%221693556253%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32329&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Clanguage%3Den&shoid=%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=1693556258085153&shguid=ea834d4a-7ee1-3052-8752-bc56af38dddc&shgts=1693556259153

Verdicts & Comments Add Verdict or Comment

127 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture object| NREUM object| webpackChunk:NRBA-1.238.0.PROD object| newrelic object| OneTrustStub function| OptanonWrapper function| once function| _typeof function| ownKeys function| _objectSpread function| _defineProperty function| _toPropertyKey function| _toPrimitive function| $ function| attachFailoverAssets function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray function| exposedFiltersUi function| jQuery function| ES6Promise object| drupalSettings object| Drupal function| dBlazy function| Bio function| BioMedia object| tabbable function| Popper object| Cookies object| APP object| UTIL object| IPv6 object| punycode object| SecondLevelDomains function| URI function| URITemplate object| lazySizes function| Sifter object| MicroPlugin function| Selectize function| loadjs object| bootstrap string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| MktoForms2 object| _wq object| zsForms object| Optanon object| OneTrust function| addCaptchaScript object| jQuery112407020717233907794 object| _utm_data object| utm_data object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| authorArray object| GooglebQhCsO string| GoogleAnalyticsObject function| ga function| doMarketoGASetup function| onYouTubeIframeAPIReady object| gaGlobal object| gaplugins object| gaData function| process6senseData string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| _linkedin_data_partner_id function| fbq function| _fbq object| techtargetic function| pdst number| sf14gv function| UET function| UET_init function| UET_push string| adroll_sid object| adroll object| __adroll boolean| adroll_optout object| adroll_loaded object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback object| ueto_3ce13bcf10 object| uetq function| lintrk boolean| _already_called_lintrk object| adroll_exp_list object| __adroll_consent_data function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| MunchkinTracker object| ORIBILI boolean| __adroll_consent boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country string| dcm_cid undefined| dcm_tid undefined| dcm_gid object| _6si object| Bizible object| BizTrackingA object| BizA object| _vis_opt_queue object| LC_API object| $jscomp object| fcdsc function| fcdscLoad function| gtag function| ttd_dom_ready function| TTDUniversalPixelApi object| gaUA boolean| _storagePopulated object| irongate

36 Cookies

Domain/Path Name / Value
.info.zscaler.com/ Name: __cf_bm
Value: _1RMGa.IVzoUfvExrf8Q5q5HIvzkZTyh4sMtqbR_Vn8-1693556252-0-AWrTHMOKBQ7+IrHv1G3Gow0PdXWfeGLTXvLmX4AKF+Ejt3zg/IOL7M5s0W1F72b1l0lpP234vcB7SVoydupF45k=
.www.zscaler.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+Sep+01+2023+10%3A17%3A33+GMT%2B0200+(Central+European+Summer+Time)&version=6.39.0&isIABGlobal=false&landingPath=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0&hosts=H36%3A1%2CH59%3A1%2CH109%3A1%2CH45%3A1%2CH46%3A1%2CH100%3A1%2CH82%3A0%2CH106%3A0%2CH116%3A0%2CH4%3A0%2CH102%3A0%2CH76%3A0%2CH103%3A0%2CH60%3A0%2CH96%3A0%2CH20%3A0%2CH22%3A0%2CH97%3A0%2CH98%3A0%2CH108%3A0%2CH65%3A0%2CH83%3A0%2CH110%3A0%2CH111%3A0%2CH112%3A0%2CH114%3A0%2CH101%3A0%2CH52%3A0%2CH104%3A0%2CH105%3A0%2CH14%3A0%2CH15%3A0%2CH17%3A0%2CH113%3A0%2CH115%3A0&genVendors=
.zscaler.com/ Name: _gcl_au
Value: 1.1.963867885.1693556253
.zscaler.com/ Name: _ga_10SPJ4YJL9
Value: GS1.1.1693556253.1.0.1693556253.60.0.0
.zscaler.com/ Name: _ga
Value: GA1.2.275938342.1693556254
.zscaler.com/ Name: _gid
Value: GA1.2.291976873.1693556254
.zscaler.com/ Name: _dc_gtm_UA-6177009-1
Value: 1
info.zscaler.com/ Name: BIGipServerabmweb-nginx-app_https
Value: !2Y6CNPQA6s16VlakCIQPm+cqSAXSEWVO4Blz3YNIMybQOlymwMs/I6MtAHZasrCWyxnV0jn+x63PLA==
.techtarget.com/ Name: __cf_bm
Value: SalU7v1s2ISF4sQ0vQ_VFfAzEnLK09k55VNurodocdM-1693556253-0-AbsXnpKmdKS+7BJJ+NQEeAvesb4ghgkswzTcrc+MK6SbIdCEsuFuDx51q/ObjVF2e8lBTxXKoilqHPBNqJXAk84=
.zscaler.com/ Name: _uetsid
Value: 00c8e53048a011ee90756d3cade8c4bc
.zscaler.com/ Name: _uetvid
Value: 00c9100048a011ee93c9937b6cdda983
www.zscaler.com/ Name: __pdst
Value: dc0dbfb95d7a42b0ba8a900d2f878648
.zscaler.com/ Name: _fbp
Value: fb.1.1693556254117.1489220669
www.zscaler.com/ Name: ln_or
Value: eyIzMzk2MiI6IjMzOTYyIn0%3D
.zscaler.com/ Name: _mkto_trk
Value: id:306-ZEJ-256&token:_mch-zscaler.com-1693556254250-87430
.zscaler.com/ Name: oribili_user_guid
Value: 07be3f45-aada-f515-6ddc-660ba39ee412
.linkedin.com/ Name: li_sugr
Value: 218e6efe-d62a-431b-8967-b46540130448
.linkedin.com/ Name: lidc
Value: "b=VGST09:s=V:r=V:a=V:p=V:g=2646:u=1:x=1:i=1693556254:t=1693642654:v=2:sig=AQHVsNLdXr9ZeqftjFBeQCbeNrWCyfN8"
.zscaler.com/ Name: _biz_uid
Value: d450ce8e4ae74ea4a1f2b87f492d0daf
.zscaler.com/ Name: _biz_sid
Value: 7b38fe
.zscaler.com/ Name: _biz_nA
Value: 2
.zscaler.com/ Name: _biz_pendingA
Value: %5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3Dd450ce8e4ae74ea4a1f2b87f492d0daf%26_biz_s%3D7b38fe%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech%26_biz_t%3D1693556254435%26_biz_i%3DJanelaRAT%2520%257C%2520ThreatLabz%2520Zscaler%2520Blog%26_biz_n%3D0%26rnd%3D285799%22%2C%22m%2Fu%3FmapType%3Dmkto%26mapValue%3Did%253A306-ZEJ-256%2526token%253A_mch-zscaler.com-1693556254250-87430%26_biz_u%3Dd450ce8e4ae74ea4a1f2b87f492d0daf%26_biz_s%3D7b38fe%26_biz_l%3Dhttps%253A%252F%252Fwww.zscaler.com%252Fblogs%252Fsecurity-research%252Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech%26_biz_t%3D1693556254441%26_biz_i%3DJanelaRAT%2520%257C%2520ThreatLabz%2520Zscaler%2520Blog%26_biz_n%3D1%26rnd%3D830433%22%5D
.zscaler.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%7D
.zscaler.com/ Name: _fcdscst
Value: MTY5MzU1NjI1NDQ0NA==
.linkedin.com/ Name: UserMatchHistory
Value: AQKYosZRcqskxAAAAYpP0abWUoXP6imwBcPHXby5gII67IWrfMniYNO_xqs7A5G0D7ACIGkNxSU_TQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLAfq2XsXheJQAAAYpP0abWucxGu45yyKa4yCYTGKxaSL4EPFs2hWRt6LBdkghgU7kSSCwiEwiWnyirnGhcvQ
.linkedin.com/ Name: bcookie
Value: "v=2&20e0e731-c739-4fe1-8c87-04bc968b1026"
.doubleclick.net/ Name: IDE
Value: AHWqTUk4LzBwWMDJuxQBAwtVs-VXEew93t8NWQAlWsizPM9eOToehhgsEkkWjSrs
www.zscaler.com/ Name: _an_uid
Value: 0
www.zscaler.com/ Name: _gd_visitor
Value: c3ff6c45-e3e5-40b3-8782-8af7fe5e62a9
www.zscaler.com/ Name: _gd_session
Value: 723075c1-70a7-424e-8137-10c95a4fe7ae
.www.linkedin.com/ Name: bscookie
Value: "v=1&2023090108173423eff9ed-28cb-4925-80fe-59157ddfd2bcAQEJP-fLzSYZvFKMdV0LF-E-Nc7CEQ4f"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTM1NTYyNTQ7MjswMjHvkJbP6pT75dl6HFZvufFBI/dFTyq6y+mc+EJj8JH8Bw==
.6sc.co/ Name: 6suuid
Value: b8d01702e64401001e9ef16461030000c4e60300
.zscaler.com/ Name: _fcdscv
Value: eyJDdXN0b21lcklkIjoiNzMxYzMxNmEtYzQ2ZS00YTk0LTgxYTktN2NmYzBlYTBkNTNlIiwiVmlzaXRvciI6eyJFbWFpbCI6bnVsbCwiRXh0ZXJuYWxWaXNpdG9ySWQiOiI5YThhMDAyOC02ODg2LTQzNjAtYTc0ZC03NGM4N2M4MzM0NzgifSwiVmlzaXRzIjpbXSwiQWN0aXZpdGllcyI6W10sIkRpYWdub3N0aWNNZXNzYWdlIjpudWxsfQ==
.mountain.com/ Name: guid
Value: 0335355d-48a0-11ee-a25c-771ee58b9dd3

4 Console Messages

Source Level URL
Text
security error URL: https://cdn.linkedin.oribi.io/33962/oribili.js
Message:
Refused to connect to 'https://px.ads.linkedin.com/ws' because it violates the following Content Security Policy directive: "connect-src 'self' blob: *.zscaler.com www.googletagmanager.com *.google-analytics.com cdn.cookielaw.org analytics.google.com *.analytics.google.com stats.g.doubleclick.net optanon.blob.core.windows.net geolocation.onetrust.com *.wistia.com st.fullcircleinsights.com bam.nr-data.net *.litix.io embedwistia-a.akamaihd.net *.reactful.com www.facebook.com secure.adnxs.com *.6sc.co *.6sense.com *.crazyegg.com *.clarity.ms *.mktoresp.com *.cloudfunctions.net www.facebook.com cookies-data.onetrust.io api.zippopotam.us bat.bing.com cdn.linkedin.oribi.io cdn.acsbapp.com ibc-flow.techtarget.com google.com adservice.google.com *.linkedin.oribi.io *.hushly.com https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 fast.wistia.net".
network error URL: https://t.sf14g.com/sf14g.js
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=46888586931447000term=value(Line 10)
Message:
Refused to connect to 'https://52.22.50.55/is' because it violates the following Content Security Policy directive: "connect-src 'self' blob: *.zscaler.com www.googletagmanager.com *.google-analytics.com cdn.cookielaw.org analytics.google.com *.analytics.google.com stats.g.doubleclick.net optanon.blob.core.windows.net geolocation.onetrust.com *.wistia.com st.fullcircleinsights.com bam.nr-data.net *.litix.io embedwistia-a.akamaihd.net *.reactful.com www.facebook.com secure.adnxs.com *.6sc.co *.6sense.com *.crazyegg.com *.clarity.ms *.mktoresp.com *.cloudfunctions.net www.facebook.com cookies-data.onetrust.io api.zippopotam.us bat.bing.com cdn.linkedin.oribi.io cdn.acsbapp.com ibc-flow.techtarget.com google.com adservice.google.com *.linkedin.oribi.io *.hushly.com https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 fast.wistia.net".
javascript error URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32329&tdr=&plh=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fjanelarat-repurposed-bx-rat-variant-targeting-latam-fintech&cb=46888586931447000term=value(Line 10)
Message:
Refused to connect to 'https://52.22.50.55/is' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.zscaler.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.zscaler.com *.google.com *.google-analytics.com analytics.google.com *.analytics.google.com www.googletagmanager.com cdn.cookielaw.org *.cloudfront.net *.newrelic.com fast.wistia.com fast.wistia.net www.youtube.com bugcrowd.com *.bugcrowdusercontent.com bam.nr-data.net cdn.bizible.com *.mountain.com trk.techtarget.com connect.facebook.net js.driftt.com visitor.reactful.com j.6sc.co snap.licdn.com *.crazyegg.com *.adroll.com bat.bing.com *.doubleclick.net *.clarity.ms *.cloudflare.com *.googleadservices.com *.marketo.net www.gartner.com *.ads-twitter.com *.google.co.in d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net cdn.pdst.fm t.sf14g.com cdn.jsdelivr.net unpkg.com assets.adobedtm.com acsbapp.com *.linkedin.oribi.io js.adsrvr.org https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; object-src 'self' *.zscaler.com; style-src 'self' 'unsafe-inline' *.zscaler.com www.gartner.com *.googleapis.com *.fontawesome.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com app-abm.marketo.com; img-src 'self' https: data: blob: d2iiunr5ws5ch1.cloudfront.net fast.wistia.net; media-src 'self' blob: *.zscaler.com js.driftt.com fast.wistia.com embedwistia-a.akamaihd.net embed-cloudfront.wistia.com *.wistia.com; frame-src 'self' www.youtube.com bugcrowd.com *.zscaler.com js.driftt.com www.facebook.com *.doubleclick.net *.cloudfront.net www.gartner.com zscaler-support.force.com accounts.skilljar.com zscalerext.okta.com insight.adsrvr.org match.adsrvr.org https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx zscalermarketing67.netlify.app dev-zscalermarketing67.netlify.app app-abm.marketo.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com; child-src 'self' blob: *.zscaler.com *.doubleclick.net; font-src 'self' data: www.gartner.com *.gstatic.com *.fontawesome.com fast.wistia.com fast.wistia.net; connect-src 'self' blob: *.zscaler.com www.googletagmanager.com *.google-analytics.com cdn.cookielaw.org analytics.google.com *.analytics.google.com stats.g.doubleclick.net optanon.blob.core.windows.net geolocation.onetrust.com *.wistia.com st.fullcircleinsights.com bam.nr-data.net *.litix.io embedwistia-a.akamaihd.net *.reactful.com www.facebook.com secure.adnxs.com *.6sc.co *.6sense.com *.crazyegg.com *.clarity.ms *.mktoresp.com *.cloudfunctions.net www.facebook.com cookies-data.onetrust.io api.zippopotam.us bat.bing.com cdn.linkedin.oribi.io cdn.acsbapp.com ibc-flow.techtarget.com google.com adservice.google.com *.linkedin.oribi.io *.hushly.com https://*.zscaler.com https://*.zscaler.fr https://*.zscaler.de https://*.zscaler.jp https://*.zscaler.es https://*.zscaler.it https://*.zscaler.com.mx 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 fast.wistia.net
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM testmydefenses.com
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

306-zej-256.mktoresp.com
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
cdn.bizible.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
cdn.pdst.fm
connect.facebook.net
d.adroll.com
d2i34c80a0ftze.cloudfront.net
dx.mountain.com
epsilon.6sense.com
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
gw.linkedin.oribi.io
ibc-flow.techtarget.com
info.zscaler.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
js.adsrvr.org
munchkin.marketo.net
px.ads.linkedin.com
px.mountain.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
secure.adnxs.com
snap.licdn.com
st.fullcircleinsights.com
stats.g.doubleclick.net
t.sf14g.com
trk.techtarget.com
us-central1-adaptive-growth.cloudfunctions.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.zscaler.com
insight.adsrvr.org
px.ads.linkedin.com
px.mountain.com
104.17.73.206
104.64.124.188
108.138.15.119
13.107.42.14
13.224.189.129
151.101.2.137
152.195.15.58
162.247.241.14
192.28.144.124
2001:4860:4802:34::36
2001:4860:4802:36::36
2600:9000:20eb:2e00:9:14eb:6280:93a1
2600:9000:20eb:d400:2:53b2:240:93a1
2600:9000:225e:ae00:6:9280:1080:93a1
2606:4700:4400::6812:2089
2606:4700:4400::6812:24c4
2606:4700::6812:1c4a
2606:4700::6812:1d4a
2606:4700::6812:83ec
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:812::2008
2a00:1450:4001:812::200e
2a00:1450:4001:828::2004
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2003
2a00:1450:400c:c0b::9d
2a02:26f0:3100::1735:2a3b
2a02:26f0:3100::1735:2baa
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a05:d018:cc3:fe05:2223:c169:58a7:2c8c
34.111.208.231
34.200.53.159
34.212.4.35
35.158.23.65
35.244.142.80
35.81.173.170
37.252.171.53
44.232.97.199
52.7.151.245
95.101.111.184
02ef3d4346add95520307127e5cbfbd7b9da8697720a7c9046d44188bd19d1b1
079abab6af8a32fe492c96a9914b14e1ccb716e248ca88967a3c461558ae511d
07a8e36e79e7c0ebc6a115201a059d383471ada3fe95de37223e02bf316f9000
07ccf8d6d38b3753c3420a0d4a9311372de4ad8301dffe9cca751a67f884d923
09465380f9a2dc1fea4f0730d29d8add31947d92f8a0b7d3bb85dd975b658f52
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0e7ad47a4bc6ddbb17cb8cbe6167dae4717d0b5962a1d63de2e93e6dc201b9e8
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
1988aed2ad778a651dc01aa57c0af0b8ddd7c2425afd2eb4be0a9bd90a116f14
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
292f853f9ef0e448c5536987fe87197f401bafcde3e0857e17de1f0676f5b2eb
2dc0e215dc2374fc5cdacf24707fabeabc2e4193e12ec9c0203ac9a52a5daf3e
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3562dd5ebaf7d001cd283fe325fc4b574e26b053807efb3331dd8fcb5964f559
3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4
3adc63a522df878e3435545904e07997a00964ec360e2bbb6386b354b4a66edc
452c86d701fc77989aaf09af7d667885bcaaeaa8943ce356eb77d83d63afcee6
46bf25777096ef50be3de3b3793ee7cf44f9912016c5553cb448844ad5d4003c
4cbc6e48130564de2f621f30acc0857ff27d79471bda19882f91fe9622bef8e7
52272481e0caa74b259f2d54324a5b00e547cc8d35fea3174cc3702f9cc8d516
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58b2a8109a9c31242ed7cbe642599cf36ec093216f2cd92787c5dc39565469ae
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
626b55eec0c819bcc0e797faccf7393babe486645f1860673218e9aaa0697f4b
6363df105457a06aca861633dba0c17b8570006c1a0a9b34cf116462fc57bcde
68eb827a2fa6f035eab41392f863522ae5dc0d4c0c31d5245362a7f1a5aed46a
69fe3a3cb8e52c9522e1317a41bfda30f19e6c199fb84c66f083cd9e35e46442
6bd5068ee3f41ad2ed4f003c13c4e939021c77f7a69ac82d25211c72868b520e
6e05dcba80ae0609933e0c93c0d7ce06083dda03785deaa6e40a109a134acdb2
736666a53a4a4805e200de224be9255704ff848fd84d60333b087d50d02490ef
76d3b5bd5334a5bcff1975c0d9515aa3634a03b4769413c6301a3cd752452ef7
83a98717e30c702bfc722b6dc56ac3ad8914f8521353f8fd8a101da5e5399d30
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
8ed9481eaeedce607e66dcf13971f34deff7fbcde181fc55299dc21071938da8
9581d252706f6236028acf67e89cd0c2f8ec64ff46a416bf384b2fd3876080d4
99b5a6256a9ee7c2640c2669ed517975bfb713b36dc3dde5c55b3c2c85885f4c
9c0f22eedf0c5680c7a6bee780edfc338bac379db0bf2c888c5136420a6dc5b4
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a4d63d81d4084fb516f0b833b9d1ddec8869a92b26812f752ff431d9d7f29746
aa2b8282a1438a0e53971aa29a5c54f2911a3cb79b44cc20f8521ead150c458f
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
be81d93c26c398f9aa158beba681a1082ab8e0fb6f918e1ab2aa154fe4677c48
c1b2320bfa46f10b1db699e2fbb7d2b0ec06141e294451dfcb2c928649bd2d50
c2b66668bbb8fae36b12842672cbeeedc9e7c16562d3c592a6613b6f44aed1b1
c311211146b7d1e26f7807e2131bd1c0787e54cc6dd90b9dd111fd2b4a1c7d77
c3cafb353ffa959edb33bbc7b79625416ef1e7393f7784c6debef4c2f35a65e3
c70906f4f530165e348ba8f8caa338809a8311edaeb12c469e244df2f0b5c3be
c7cfd5dc386d092ab9afb5af683856ed88121e55e6bf1024333c3151ccc46e36
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342
ced49642c146f0fc73d4df1dcba391bc14ccb4571b8eb5539421f3173c6b944d
d25984848cb59b62095fd6cb563ef08f012a501258c06fd7e64d263a785e1c88
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd888ef4dda066839f9cb6d29aaf789463cccb55f245fd45d10983a618c77f72
dd9535c4b369928aa5fe4ddebbe42a9f96bb590ba9a70176297599192b9cbab4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
e181730c1a666b38b299b81ead525f7fec078ff980360b4c032e75b9802ebf0d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47227f7af2b6a9ac27fa83cc84dacfaf6843b98fc0e427291c845d2358bd686
ec2e22fd918a8ffef0f54f466fb7edd2c586f39dad794cd25a0a97ce36c404d2
ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2ca5ac3d9cf4d005d7294562694e44b40efd2c194722721a52743c2f43f1a6
ef401955627aaaedffd337dc3a7c4f9ad56f5dcd31f13833772760cda1aaa437
ef9eceb8f66c504a9d9fa11e625321a137ed71026f884b78528b40b4396ed5bd
f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f641642f73b0d4a76b30723c0dec94325eafbc39620de7e3fc6283e1550829e5
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
fb71a91ef4937bdac04520d7e7b1852bb28635ae850934d440360ccc8142c1a4
fcd0d01f674bf8bc63ee2236eb16f008bdfaa10ff622806b05b762a88ac3498c
fddc9f25cac9e37353d0367621a55540b9d78b08eb099188fe124abdf4d124f1
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe26156dcbc0058c9fc1cdfb4ecbec01c82711a31548024e2f9950d817406cb2
fff8ff05cbab81d3325182887ba0753769bb2bc90d71bc57f3e370ac1683a696