www.mcafee.com Open in urlscan Pro
92.123.10.20 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Effective URL:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Submission: On September 25 via api (September 25th 2022, 2:21:07 pm UTC) from DE — Scanned from DE

Summary HTTP 217 Redirects Links 50 Behaviour Indicators

Summary

This website contacted 42 IPs in 8 countries across 37 domains to perform 217 HTTP transactions. The main IP is 92.123.10.20, located in Vienna, Austria and belongs to AKAMAI-AS, US. The main domain is www.mcafee.com.
TLS certificate: Issued by McAfee OV SSL CA 2 on April 20th 2022. Valid for: a year.

This is the only time www.mcafee.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	161.69.25.99 161.69.25.99	7754 (MCAFEE) (MCAFEE)
68	92.123.10.20 92.123.10.20	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a02:26f0:10e... 2a02:26f0:10e:2b7::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:400a:800::200a	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:dc:... 2a02:26f0:dc:185::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a00:1450:400... 2a00:1450:400d:80d::2003	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a02:26f0:11a... 2a02:26f0:11a::6867:4843	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.16.157 199.232.16.157	54113 (FASTLY) (FASTLY)
2	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	34.248.26.113 34.248.26.113	16509 (AMAZON-02) (AMAZON-02)
2	18.211.8.187 18.211.8.187	14618 (AMAZON-AES) (AMAZON-AES)
1	18.66.122.58 18.66.122.58	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
16	2a00:1450:400... 2a00:1450:400d:80a::2004	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:400d:804::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:dc:... 2a02:26f0:dc:29d::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:91d9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	92.123.36.220 92.123.36.220	16625 (AKAMAI-AS) (AKAMAI-AS)
9	2a03:2880:f10... 2a03:2880:f10a:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
2	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
2	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
2 2	172.217.19.102 172.217.19.102	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:807::200e	15169 (GOOGLE) (GOOGLE)
2	104.208.16.0 104.208.16.0	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	52.21.81.76 52.21.81.76	14618 (AMAZON-AES) (AMAZON-AES)
1	34.242.77.172 34.242.77.172	16509 (AMAZON-02) (AMAZON-02)
1	216.239.32.21 216.239.32.21	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206e:4000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	34.242.155.96 34.242.155.96	16509 (AMAZON-02) (AMAZON-02)
3	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
1 1	52.215.56.149 52.215.56.149	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223d:8800:11:615:7240:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.222.206.40 52.222.206.40	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 2	2.18.79.141 2.18.79.141	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2a02:26f0:11a... 2a02:26f0:11a::6867:4839	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:11a... 2a02:26f0:11a::6867:4853	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
217	42

1 161.69.25.99 (Plano, United States) 1 redirects

ASN7754 (MCAFEE, US)

securingtomorrow.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

68 92.123.10.20 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-10-20.deploy.static.akamaitechnologies.com

www.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:10e:2b7::1e80 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400a:800::200a (Zurich, Switzerland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:dc:185::11a6 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
02179918.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400d:80d::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a::6867:4843 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.16.157 (Vienna, Austria)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.130 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.248.26.113 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-26-113.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.211.8.187 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-8-187.compute-1.amazonaws.com

api2932.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-58.fra60.r.cloudfront.net

cdn-0.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:400d:80a::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:400d:804::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:dc:29d::11a6 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:91d9 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 92.123.36.220 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-36-220.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:2880:f10a:83:face:b00c:0:25de (Kista, Sweden)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.19.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: muc03s07-in-f102.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:807::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.208.16.0 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cu1pehnsweb01.servicebus.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.21.81.76 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-81-76.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.242.77.172 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-77-172.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.21 (United States)

ASN15169 (GOOGLE, US)
PTR: any-in-2015.1e100.net

jelly.mdhv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206e:4000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.242.155.96 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-155-96.eu-west-1.compute.amazonaws.com

mcafeeinc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

smetrics.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.56.149 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-56-149.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223d:8800:11:615:7240:93a1 (United States)

ASN16509 (AMAZON-02, US)

pxl.qccerttest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.206.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-40.fra56.r.cloudfront.net

d6tizftlrpuof.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.79.141 (Vienna, Austria) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-18-79-141.deploy.static.akamaitechnologies.com

trial-eum-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rldsnbaccjhy2yzqmpha-psi0zc-7c4d2ad6b-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a::6867:4839 (Vienna, Austria) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

trial-eum-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a::6867:4853 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

fibg5ighdmaaakqce3yacgqaabrtay6o-psi0zc-7827f79d0-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
72	mcafee.com 1 redirects securingtomorrow.mcafee.com www.mcafee.com smetrics.mcafee.com	3 MB
18	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 ad.doubleclick.net — Cisco Umbrella Rank: 178 stats.g.doubleclick.net — Cisco Umbrella Rank: 79	19 KB
17	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 75	2 KB
16	google.de www.google.de — Cisco Umbrella Rank: 6352	1 KB
14	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1002	109 KB
9	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	327 B
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	343 KB
7	gstatic.com fonts.gstatic.com	56 KB
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	363 KB
5	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 495	118 KB
4	akamaihd.net 2 redirects trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 1861 rldsnbaccjhy2yzqmpha-psi0zc-7c4d2ad6b-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 1857 fibg5ighdmaaakqce3yacgqaabrtay6o-psi0zc-7827f79d0-clienttons-s.akamaihd.net	1 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3329	7 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 394 www.linkedin.com — Cisco Umbrella Rank: 623 px4.ads.linkedin.com — Cisco Umbrella Rank: 6198	3 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 392	61 KB
4	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3939	61 KB
3	d41.co api2932.d41.co — Cisco Umbrella Rank: 829135 cdn-0.d41.co — Cisco Umbrella Rank: 16429	77 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 208 mcafeeinc.demdex.net — Cisco Umbrella Rank: 282690	5 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 209	110 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 905 pixel.quantserve.com — Cisco Umbrella Rank: 423	11 KB
2	windows.net cu1pehnsweb01.servicebus.windows.net — Cisco Umbrella Rank: 223131	309 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	20 KB
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 538	610 B
2	t.co t.co — Cisco Umbrella Rank: 489	579 B
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14360 apt.techtarget.com — Cisco Umbrella Rank: 19138	2 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 128	33 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1280 c.go-mpulse.net — Cisco Umbrella Rank: 599	52 KB
1	akstat.io 02179918.akstat.io — Cisco Umbrella Rank: 18453	201 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 331	98 B
1	cloudfront.net d6tizftlrpuof.cloudfront.net	3 KB
1	qccerttest.com pxl.qccerttest.com — Cisco Umbrella Rank: 983	550 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1036	517 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 846	2 KB
1	mdhv.io jelly.mdhv.io — Cisco Umbrella Rank: 8631	235 B
1	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 3414	26 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 613	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 769	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 40	1 KB
217	37

	Domain	Requested by
68	www.mcafee.com	www.mcafee.com cdnjs.cloudflare.com
16	www.google.de	www.mcafee.com
16	www.google.com	www.mcafee.com
15	googleads.g.doubleclick.net	www.googleadservices.com
14	tags.tiqcdn.com	www.mcafee.com tags.tiqcdn.com
9	www.facebook.com	www.mcafee.com
7	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com tags.tiqcdn.com
7	fonts.gstatic.com	fonts.googleapis.com
5	connect.facebook.net	www.mcafee.com connect.facebook.net
5	assets.adobedtm.com	www.mcafee.com assets.adobedtm.com
4	tags.srv.stackadapt.com	tags.tiqcdn.com tags.srv.stackadapt.com s.go-mpulse.net
4	cdn.jsdelivr.net	www.mcafee.com
4	static.addtoany.com	www.mcafee.com static.addtoany.com
3	smetrics.mcafee.com	s.go-mpulse.net assets.adobedtm.com
3	cdnjs.cloudflare.com	www.mcafee.com cdnjs.cloudflare.com
2	cu1pehnsweb01.servicebus.windows.net	s.go-mpulse.net
2	www.google-analytics.com	www.googletagmanager.com s.go-mpulse.net
2	ad.doubleclick.net	2 redirects
2	analytics.twitter.com	www.mcafee.com
2	t.co	www.mcafee.com
2	px.ads.linkedin.com	2 redirects
2	api2932.d41.co	assets.adobedtm.com cdn-0.d41.co
2	dpm.demdex.net	assets.adobedtm.com www.mcafee.com
2	www.googleadservices.com	www.mcafee.com www.googletagmanager.com
1	fibg5ighdmaaakqce3yacgqaabrtay6o-psi0zc-7827f79d0-clienttons-s.akamaihd.net
1	trial-eum-clienttons-s.akamaihd.net	1 redirects
1	rldsnbaccjhy2yzqmpha-psi0zc-7c4d2ad6b-clientnsv4-s.akamaihd.net
1	trial-eum-clientnsv4-s.akamaihd.net	1 redirects
1	02179918.akstat.io	s.go-mpulse.net
1	idsync.rlcdn.com
1	d6tizftlrpuof.cloudfront.net	www.mcafee.com
1	pxl.qccerttest.com	www.mcafee.com
1	cm.everesttech.net	1 redirects
1	mcafeeinc.demdex.net	assets.adobedtm.com
1	pixel.quantserve.com	www.mcafee.com
1	rules.quantcount.com	secure.quantserve.com
1	stats.g.doubleclick.net	s.go-mpulse.net
1	secure.quantserve.com	tags.tiqcdn.com
1	jelly.mdhv.io	www.mcafee.com
1	w.usabilla.com	www.mcafee.com
1	adservice.google.com	www.mcafee.com
1	apt.techtarget.com	www.mcafee.com
1	trk.techtarget.com	www.mcafee.com
1	c.go-mpulse.net	s.go-mpulse.net
1	px4.ads.linkedin.com	www.mcafee.com
1	www.linkedin.com	1 redirects
1	cdn-0.d41.co	assets.adobedtm.com
1	static.ads-twitter.com	www.mcafee.com
1	snap.licdn.com	www.mcafee.com
1	s.go-mpulse.net	www.mcafee.com
1	fonts.googleapis.com	www.mcafee.com
1	securingtomorrow.mcafee.com	1 redirects
217	52

This site contains links to these domains. Also see Links.

Domain
careers.mcafee.com
ir.mcafee.com
service.mcafee.com
forums.mcafee.com
home.mcafee.com
techmaster.mcafee.com
securingtomorrow.mcafee.com
www.symantec.com
docs.microsoft.com
www.fireeye.com
www.facebook.com
twitter.com
www.instagram.com
www.linkedin.com
www.youtube.com
www.addtoany.com

Subject Issuer	Validity	Valid
www.mcafee.com McAfee OV SSL CA 2	`2022-04-20` - `2023-04-20`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-04` - `2023-06-03`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
akstat.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-15` - `2023-04-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-07-04` - `2022-10-02`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.d41.co DigiCert TLS RSA SHA256 2020 CA1	`2022-02-01` - `2023-03-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-13` - `2022-11-12`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
servicebus.windows.net Microsoft Azure TLS Issuing CA 05	`2022-07-11` - `2023-07-06`	a year	crt.sh
*.srv.stackadapt.com Amazon	`2021-11-09` - `2022-12-07`	a year	crt.sh
w.usabilla.com Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
jelly.mdhv.io GTS CA 1D4	`2022-08-04` - `2022-11-02`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
smetrics.mcafee.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-16` - `2023-01-16`	a year	crt.sh
qccerttest.com Amazon	`2022-04-04` - `2023-05-03`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Frame ID: 59A3B5F4C2D9D51894ADE65F43128C1E
Requests: 207 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: E0465BF1208E55CD76805B8F4122E8E2
Requests: 1 HTTP requests in this frame

Frame: https://w.usabilla.com/1eb8bd09b246.js?lv=1
Frame ID: 69B8A9C000FF4FD1A39AD5E875C83EED
Requests: 1 HTTP requests in this frame

Frame: https://mcafeeinc.demdex.net/dest5.html?d_nsid=0
Frame ID: D27E7EB9B76E60FBFD9CD57831F3F9E8
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 6E9C342D3ACF0242C8DB6570C37A6507
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 8B45D30D445A05ED8E19AB627D2C9080
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 707E54F2260BE388B79BA6182CC2F225
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 5EA838B5B16CBDF30806421626F8EC08
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
Frame ID: 59B174876B46B98CB9DE4C22705281CD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems | McAfee Blog

Page URL History Show full URLs

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infect... HTTP 301
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

217
Requests

98 %
HTTPS

51 %
IPv6

37
Domains

52
Subdomains

42
IPs

8
Countries

4383 kB
Transfer

7922 kB
Size

48
Cookies

50 Outgoing links

These are links going to different origins than the main page.

URL: https://careers.mcafee.com/
Title: Search Job Openings

Search URL Search Domain Scan URL

URL: https://careers.mcafee.com/life-at-mcafee
Title: Life at McAfee

Search URL Search Domain Scan URL

URL: https://careers.mcafee.com/our-teams
Title: Our Teams

Search URL Search Domain Scan URL

URL: https://careers.mcafee.com/our-locations
Title: Our Locations

Search URL Search Domain Scan URL

URL: https://ir.mcafee.com/
Title: Investors

Search URL Search Domain Scan URL

URL: https://service.mcafee.com/
Title: Consumer Support

Search URL Search Domain Scan URL

URL: https://forums.mcafee.com/
Title: Support Community

Search URL Search Domain Scan URL

URL: https://home.mcafee.com/Secure/MyAccount/DashBoard.aspx?culture=en-us
Title: Login

Search URL Search Domain Scan URL

URL: https://techmaster.mcafee.com/Subscription
Title: TechMaster Concierge

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/
Title: analysis

Search URL Search Domain Scan URL

URL: https://www.symantec.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail
Title: Symantec

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-1.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-2.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-3-1.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-4.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-5.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-6.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-7.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-8.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-9.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-10.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-11.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-12.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-13.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-14.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-15.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-16.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-17.png

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/desktop/secauthz/privilege-constants
Title: the following privileges

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-18.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-19.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-20.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-21.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-22.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-23.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-24.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-25.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/12/20181219-Shamoon-26.png

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html
Title: report

Search URL Search Domain Scan URL

URL: https://www.facebook.com/mcafee

Search URL Search Domain Scan URL

URL: https://twitter.com/mcafee

Search URL Search Domain Scan URL

URL: https://www.instagram.com/mcafee

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mcafee

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/mcafee

Search URL Search Domain Scan URL

URL: https://twitter.com/mcafee_home

Search URL Search Domain Scan URL

URL: https://www.facebook.com/McAfee/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mcafee/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/mcafee4consumers

Search URL Search Domain Scan URL

URL: https://techmaster.mcafee.com/subscription
Title: McAfee® Techmaster Concierge

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/ HTTP 301
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 83

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1664115660352&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1664115660352%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs%252Fother-blogs%252Fmcafee-labs%252Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1664115660352&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1664115660352&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&liSync=true&e_ipv6=AQIrqTi1Lz6VQQAAAYN1BdiXnSEv-YRK9CSIG6QnNBwrtXc9VmBgA7k8mWRa1C9KDAeW37R683xKXEBb-tM4c7DOgmHJew

Request Chain 132

https://ad.doubleclick.net/activity;src=5471927;type=;cat=;gtm=2od9l0;auiddc=1168220563.1664115661;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CLCt1_aRsPoCFYBHHgIdFSENAQ;src=5471927;type=;cat=;gtm=2od9l0;auiddc=1168220563.1664115661;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CLCt1_aRsPoCFYBHHgIdFSENAQ;src=5471927;type=;cat=;gtm=2od9l0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F

Request Chain 169

https://cm.everesttech.net/cm/dd?d_uuid=52372713631993862422035361507226445747 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YzBjzQAAAE_wcAN-

Request Chain 214

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=psi0zcpx3 HTTP 302
https://rldsnbaccjhy2yzqmpha-psi0zc-7c4d2ad6b-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 215

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=psi0zcpx3 HTTP 302
https://fibg5ighdmaaakqce3yacgqaabrtay6o-psi0zc-7827f79d0-clienttons-s.akamaihd.net/eum/results.txt

217 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Redirect Chain

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

176 KB
178 KB

520ms
165ms

Document
text/html

92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

/ PHP/8.1.8

Resource Hash

01f32b4bd5a19adf689aa2d6335f521e4a62f6080822045b4ab1879f1dd8fcbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-type: text/html; charset=UTF-8
date: Sun, 25 Sep 2022 14:20:59 GMT
expires: Sun, 25 Sep 2022 14:20:59 GMT
link: <https://www.mcafee.com/blogs/wp-json/>; rel="https://api.w.org/" <https://www.mcafee.com/blogs/wp-json/wp/v2/posts/93278>; rel="alternate"; type="application/json" <https://www.mcafee.com/blogs/?p=93278>; rel=shortlink
pragma: no-cache
server-timing: cdn-cache; desc=MISS edge; dur=95 origin; dur=30
strict-transport-security: max-age=31536000
x-akamai-transformed: 9 - 0 pmb=mTOE,1mRUM,3
x-amz-cf-id: PseZLJ8YgVB_cSH33tGClhUXv0j7656uR9SthFuPlljbSQaY3NwwDQ==
x-amz-cf-pop: MXP64-P1
x-powered-by: PHP/8.1.8

Redirect headers

Connection: keep-alive
Content-Length: 324
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 25 Sep 2022 14:20:58 GMT
Location: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Server: Apache

GET
H2 200 main.min.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 78 KB
15 KB 100ms
97ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/main.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

b63f011bf81f6548e73fe3c4f2edf35d97ca29054a35969373953a4ba382d782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"13862-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 14857
x-amz-cf-id: pWlcKAOJvKtu_GqSGilUl1rXcWZKy2uumXcAud7t038sH5WMRpm4dQ==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 style.min.css
www.mcafee.com/blogs/wp-includes/css/dist/block-library/ 81 KB
11 KB 152ms
149ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-includes/css/dist/block-library/style.min.css?ver=5.9.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:46 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"145a9-5e4368f3c1680"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 11326
x-amz-cf-id: F5dXw5fXdQ6-4pQRlsKQMPhkkj9IR5aQV6E0FCZhZbWIC8A7hluaTg==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/dist/ 27 KB
4 KB 229ms
226ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"6c70-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 3308
x-amz-cf-id: BVfK9dBpI1HStH0foeguof_ObiebM9Nbt3uU1ELuU2ZoJJ2CDc4Jlg==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 style.min.css
www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/ 2 KB
865 B 248ms
245ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/style.min.css?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

c85b89d6b7d92272f7fb5946e61282a75b946883176c9ff73eac557dde75c724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:46 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"671-5e4368f3c1680"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 525
x-amz-cf-id: 1ZvGqFhJdayuHc2N3j9wD3McGI4E-iIxXQ3GMIIqUnoQ43jkWtfiLQ==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 style.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/ 28 KB
6 KB 345ms
343ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/style.css?ver=5.9.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

2433290762f14878390667a857add6770254f0ce19676e8d790eeddfe16b082f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"71bf-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 5837
x-amz-cf-id: gLIbAsBJJ94jsyhvK28By0U7asb4XKoYUc_ZUGHL1iudKsB24o73yA==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 addtoany.min.css
www.mcafee.com/blogs/wp-content/plugins/add-to-any/ 1 KB
831 B 392ms
390ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Mon, 19 Sep 2022 20:24:41 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"5ef-5e90d80636ccc"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 494
x-amz-cf-id: TE_s323KL5zGxHZ7YdExMuyppld_tcQXircgtPSIoHumea6clufxTw==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/ 87 KB
31 KB 498ms
496ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/jquery-3.6.0.min.js?ver=3.6.0

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"15d9d-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 30933
x-amz-cf-id: AFpkS7anGIUMTJF-qrRxJsKQ1TcfnnaltOCbUvOhiDapwb9e4FVFAQ==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 jquery-migrate-3.3.2.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/ 11 KB
4 KB 505ms
503ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/jquery-migrate-3.3.2.min.js?ver=3.3.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"2bd8-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 4177
x-amz-cf-id: DyI2BhpwmGEUEJHy_R0D8juWYxUa_oiGYQqBwqTpAejCWmyfy7e3aQ==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 57ms
30ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b964f75cb8c613e484743bf4daaac6efc65c74156fca95cd76ca15d742555d1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 54813
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 03 Sep 2022 00:56:47 GMT
server: cloudflare
etag: W/"ba7-5e7bb5238fa5f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 7504675baf17bbef-FRA
cf-bgj: minify

GET
H2 200 addtoany.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/add-to-any/ 129 B
477 B 88ms
79ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Mon, 19 Sep 2022 20:24:41 GMT
x-amz-cf-pop: DFW55-C1
etag: "81-5e90d80636ccc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 126
x-amz-cf-id: V1fPh85C-r2sidVpWhcTXFTziObU099c_0FSFJ7i-1UthZ2q6sBWqg==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 script.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/ 925 B
772 B 515ms
513ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/script.min.js?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

656955dd522a5ad6e4854b1ae8cc510c8eafab407ce64ec7957b5c23a8014bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:46 GMT
x-amz-cf-pop: DFW55-C1
etag: "39d-5e4368f3c1680"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 418
x-amz-cf-id: y2G2KUZTC63W0Spq2rICyiYXu64W32o1SDalo_zqvApZL2evFzVQ9A==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 blog.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 20 KB
5 KB 431ms
429ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/blog.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

85f9a306434e8ed7d91e8ee0ee03ca08c58d61b4d41511b51d6e8ee243a3f2ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"4ffa-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 4861
x-amz-cf-id: yb923tSdHxnpgNxX4EjVZDynvdtZDDqmoMgBRYoFYSrwiXJ-irjFzg==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/ 158 KB
25 KB 37ms
18ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/bootstrap.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 11147395
x-jsd-version: 4.6.1
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19174-FRA, cache-itm18824-ITM
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"278e1-H7g/xZXPKL+TYth2EOrfo7e7vlk"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofwjyLrOTsNpv2D6ft%2FZ05yLgSFmn3a0BMFkTGERM4A90ZnH1jt7YdqxwuIAVKo5ejugUbi6bsf3OjfuEhaoxhnWzlA%2BlvQDRXarp%2BMprZsBpNreAaS18Aq3IUqZTe%2BRyHGb02BT7WR1%2BGC10Ls%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 75046757cac85c62-FRA
access-control-expose-headers: *

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 54ms
35ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1329046
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=anODU8cwfd1rX0nCQfHVHXRVPEHPZe%2FMko5Mbv4TIUeL3v17%2BmN1qmFYM451ycS9OIKf%2B%2FXQs7G5mMlk%2F%2B61yYGloxOcwkogX6nCYV562I9zs4S2qxcNxgH%2BXAT9mDgz%2BR%2Ftz7OEDZxHZibJoAQzllIe"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 75046757db889b70-FRA
expires: Fri, 15 Sep 2023 14:20:59 GMT

GET
H2 200 static_nav.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 53 KB
8 KB 454ms
452ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

218d05d13fe4ec02c43381f56d55867da02dbb5ed32c417c2584a44fbbfc8c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"d5f2-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 8047
x-amz-cf-id: ohGLQaW1W9EkIjlfP1sXagTmqXyEOOisuZ0WB3j4BOD_Y3B7oXOW7w==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 static_footer.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 18 KB
3 KB 468ms
467ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_footer.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

7c48971a72486c60216251e89061d7c2b8b03fa57551e0a6be0b7f0f9ab6254c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"4776-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 2846
x-amz-cf-id: 6tlZHiu6KPidYVBAzpcXTuAA29zf6gbFds1X202Z04xGYT6xWp4iNA==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 2 KB
1 KB 41ms
23ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css?ver=5.6.3

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16261157
x-jsd-version: 1.8.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19175-FRA, cache-hhn4068-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T3oXBcoptNFBJOdDhTXCYEKctMkSY1Sn%2F8eNFHx1hPR1cZzJ2zXR8S6YDVbtyOMeGT7rj1IyJ9xRqtDtq5rlC3Uc4fETS%2B50IhCSvsO6AJTy%2FcoGvOuwXUgFDUyz2m3BV5i2CEuoY326apenBdA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 75046757cca99b8c-FRA

GET
H2 200 newtheme-style.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 80 KB
14 KB 487ms
486ms Stylesheet
text/css 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

678e4443e87259063b8fd75aadfe00332e64993b3829693fd69f6b190321042f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"1405e-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 13897
x-amz-cf-id: 2zpHpv0yUzMJ2pJfwxvVBvSQ2AZpkxljiNlHVudagotvEWYd5F4ZGA==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H2 200 McAfeeHzRed.svg
www.mcafee.com/content/dam/consumer/en/company-logo/ 3 KB
2 KB 88ms
80ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/content/dam/consumer/en/company-logo/McAfeeHzRed.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8474952f856a73d936c67fc73c4b330547430caec755cab2ee773a626ec03988

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1261
etag: "b88-5e89e0159cedf"
last-modified: Wed, 14 Sep 2022 07:23:28 GMT
server: Apache
x-frame-options: DENY
date: Sun, 25 Sep 2022 14:21:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
x-mcafee-cache: 365-days
expires: Tue, 25 Oct 2022 14:21:00 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.mcafee.com/blogs/wp-includes/js/ 18 KB
5 KB 96ms
87ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-includes/js/wp-emoji-release.min.js?ver=5.9.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:46 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"4705-5e4368f3c1680"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 4957
x-amz-cf-id: S0x5ZijZT5FLph6dl5PL-26nCoaqcZoyauSIcaWliz3l4quUt-X9cA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 chevron-up-black.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 265 B
554 B 104ms
96ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/chevron-up-black.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

9dee9f7724ca98ec632aadeee67d695806122f2ceae9b874dbc47f4535345ce9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: "109-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 207
x-amz-cf-id: PrezoeGpdPrqMIMW6GoTg7pC9qTlhr1ds5zO8vnx-8vhg2agLdMs1A==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 search_icon_black.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
1002 B 111ms
103ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/search_icon_black.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

0c5d12f7f623ddaea002928a5e8aa1126cccf4cb80b58a4ed180d675a339efcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"4be-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 659
x-amz-cf-id: p5wDrB8Np0dtF6Ezu_OWllJJj9Z53g7TJT5I2eWzJ_d5Va_o2_bz0g==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 cross-grey-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 447 B
608 B 135ms
127ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

75b43df6930d03341e76a75dcd100473926121ac0e707825a0e73e5666d7ff97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: "1bf-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 260
x-amz-cf-id: dBjMKYR2JjeLshOQJtGmfKs9ClAsxqbLVfM-VunBUKdMO1v5PJnm9w==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 globe-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
893 B 161ms
153ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/globe-icon.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"43f-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 550
x-amz-cf-id: oZ9wTk0t3I24kYSEQ6uGmps0VWVaAsIeSikHU1ZZh36na1l6eQsFRA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 facebook.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 401ms
394ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/facebook.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

c47380f71c3bdb3ebf92f494d7a6b8c1525f1ce8331fdb50398c22f59eea3936

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: MXP64-C3
etag: "4cf-5e4368f2cd440"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=44, origin; dur=181
accept-ranges: bytes
content-length: 1231
x-amz-cf-id: QmsblnzvwZpvkIhsu92OnkA4wDsDqxJy1yZgw3s02IRhYVGExRhpoQ==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 linkedin.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 460ms
452ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/linkedin.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

82c52b937868d2d0afb2abccadf9b697f20c73c3c30ad9204dad4884878a7f0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: MXP64-P1
etag: "575-5e4368f2cd440"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=95, origin; dur=188
accept-ranges: bytes
content-length: 1397
x-amz-cf-id: -KHz6Ks7JbDkuii6rPMdS06SLs0yBBlSh4B4TLpAoZqMdvFKFdycJw==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 twitter.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 406ms
399ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/twitter.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

b08faf373c3f1c8247d01a6ac23353ae7a36a7bbf40d7591814920c11196bedf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: MXP64-P1
etag: "5fd-5e4368f2cd440"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=51, origin; dur=158
accept-ranges: bytes
content-length: 1533
x-amz-cf-id: ODPA2qKjTyoI4ck6ueg5PJVSB1K8ozAqU_LkRBzDVS21hOST86IWCw==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 email.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 424ms
416ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/email.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

2e8af6374a001a941e7eea578da32e139e8c9a659ffab78acd97fa160876efee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: MXP64-C3
etag: "5a3-5e4368f2cd440"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=44, origin; dur=161
accept-ranges: bytes
content-length: 1443
x-amz-cf-id: ennxsV_Dht7DuUeGVa5bT4Jy9LzTl94G6_BdMMgz8KbpYB4aCKLb7g==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 link.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 886 B
1 KB 687ms
680ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/link.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

d051f3c16ae61275a06cdf30938b3492e1bc6d89b9e7d67e2d175cec4e44df8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: MXP64-C3
etag: "376-5e4368f2cd440"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=16, origin; dur=446
accept-ranges: bytes
content-length: 886
x-amz-cf-id: l_PxdBKg4BDBBndtkJWjKVhNXNhJOxTTk3ncAP_aD9i8ZaXHSw7BUA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 rss-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 744 B
749 B 235ms
228ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/rss-white.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

003c5212fe084a97fd7fd753297fe409de81f1be36fa96caced384c844d3d361

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 372
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 22 Sep 2022 03:46:09 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: image/svg+xml
cache-control: max-age=2592000, public
accept-ranges: bytes
expires: Fri, 30 Sep 2022 03:33:30 GMT

GET
H2 200 300x200_Blog_malliciouscookingstuffing-1-300x203.png
www.mcafee.com/blogs/wp-content/uploads/2022/08/ 81 KB
82 KB 244ms
237ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/08/300x200_Blog_malliciouscookingstuffing-1-300x203.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0d66fa6c68f151d974336b6ba4fbc234568f3c3fd9e17f23310f78ff9d983bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Mon, 29 Aug 2022 21:38:10 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "87e5c6ed3b2d97d455f7f4d90558503d"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 83321
x-amz-cf-id: J4YRD4cyTer2GPhzLgn2Mw8bn4tWVOIElnYqQxV9SCKtX-SF9BMPnA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 Cloud-300x162.jpeg
www.mcafee.com/blogs/wp-content/uploads/2021/11/ 13 KB
13 KB 406ms
399ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/11/Cloud-300x162.jpeg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

7e601e5cd42b0c811b65bf97b2a9fecc45bd90886ce4aa1fb15f0cf4de2c9fcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 27 Apr 2022 18:04:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "fd8e38d8247fc8474d606ee43905ccf2"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=86, origin; dur=69
accept-ranges: bytes
content-length: 13190
x-amz-cf-id: 1hwUb6RN7xzK5KSdarNYCXiNzWU69kT_vcZdRSw2ZL3k_nC76WzyEQ==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_googleplay.png
www.mcafee.com/blogs/wp-content/uploads/2022/07/ 67 KB
67 KB 258ms
252ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/07/300x200_Blog_googleplay.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

a982c540f8f384f11cce36732cc23b9f3e9bf9dbee0c854c663f99b27f035969

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Fri, 29 Jul 2022 03:16:10 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "1d806467d4b5264c01768f3ef22ecafa"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 68211
x-amz-cf-id: touKObFgX7UFGW1KW8_KIIT7kREtnWk_xBbdyK-2FYmVKERXC29SEg==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_LNK-Malware.png
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 92 KB
92 KB 266ms
260ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_LNK-Malware.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

c64a0dd00d685de6eb7d2053110e20e2515ec436f262e5d36896a03b390f917a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Tue, 21 Jun 2022 18:47:31 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-C3
etag: "269b6c55466cf51072f191ac2be74169"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 93753
x-amz-cf-id: g6DNMN3ozjRqoX6CEdnxdiQRwcJm1-vVLdHvMVM-mIJe_yogFsBp8Q==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_tiktok-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 78 KB
79 KB 271ms
265ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_tiktok-1.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

874167e9a8246e870b7c7bbc08c771595959ba9e721240c33d19bb383d4e29a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 09 Jun 2022 18:44:53 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "c43c0deb31352d26402c87137f472e14"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 80268
x-amz-cf-id: K4SecBgqGUgvM3Ti5tW-J4zJ93hEtyyQkpD0G8ZUp77TUChP2tkjmw==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_childphones-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 71 KB
72 KB 278ms
272ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_childphones-1.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

6d82164a8b75a7961fd54f46b2b985fd3bf0f16994631f025ef704eaef35f509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 09 Jun 2022 18:55:58 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-C3
etag: "a4dc9fcd6611c8cd1a73df4e5271235a"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 72723
x-amz-cf-id: TEQC1C6zzQ9VswucElvbiJVPv8K5HRivBgUl-DPhxJeBSwwa7UzbGA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_MFE_Blogs_051722_Blog-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/05/ 65 KB
66 KB 281ms
275ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/05/300x200_Blog_MFE_Blogs_051722_Blog-1.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

b69751883be604d7108841f66360e02134764e137438b491d830d2345149219f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 19 May 2022 04:29:02 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "386d66c33c0b8d8d4473988a9914bc58"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 66724
x-amz-cf-id: vC-y7JKClhdZ4hBBCy-7K2u7lN799Bsey5V56IDTmv5Ev9l-mDS68w==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_backupday.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 68 KB
69 KB 335ms
329ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_backupday.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

bbc8f5b6465f291e62990af3187eb69b20b9924a0d5a078a4d5b01201c343702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 05 May 2022 13:35:12 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-C3
etag: "de50fb4e804d4612d015af8b16be168f"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=29, origin; dur=18
accept-ranges: bytes
content-length: 69811
x-amz-cf-id: dt8I7rUi-CC0_1eUsvwt_79qfei4LXBiz-YIPwDlZxGIrBk0dz1LDA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_ukrainescam.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/04/ 69 KB
70 KB 361ms
356ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/04/300x200_Blog_ukrainescam.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

3384758485dbe9ada2cf47807be1f0513945d9d4bacd7f9406ac79abfc49dee1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 05 May 2022 13:12:42 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "b84e990c79334f9935dcb2f204a17029"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=38, origin; dur=25
accept-ranges: bytes
content-length: 70661
x-amz-cf-id: v3v_AxZkEK5vFqqOV86rxU0zg3HlvZtq0qo1fjLgqMzk-OAj_HP3Yg==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_scamparty.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 72 KB
73 KB 304ms
299ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_scamparty.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

457f5c0fdf15b82708a47c22c4928cd465012450d2c262297ab8fec142c34e79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 73608
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 21 Apr 2022 14:08:08 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "5fa16d52a98b0d00e72346e19f98cb8a"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 9jnDL_2ie05fp2mjHHNVkmZZfd2SjR_4Afy7VrO3gQKZ6jdWj8aYzQ==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_phonenotifications.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 71 KB
71 KB 400ms
395ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_Blog_phonenotifications.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

18a0ca8e6cf3c31eb83227d48f89f8165141be974f61a06b5856ef999ff2eb58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 05 May 2022 13:32:35 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "579c3418512929b2c70d1b2fd025039a"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=47, origin; dur=42
accept-ranges: bytes
content-length: 72380
x-amz-cf-id: c1_fhu-R3qUFq8W2dmUrtNkkktiYjsT97AWwDW0dj_35o0J1f-JPdA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_maskingIP.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 81 KB
82 KB 317ms
311ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_maskingIP.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

569c26cc949ef91113628499320d3094b117bf29e3ce614fc3cf6d7d84fe4194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 82895
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 21 Apr 2022 15:09:10 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "c3ad9e30865840d001f863e7b61e81b3"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: wdbv_530S7ug0NiAO2-g453vy-7m5_Waoif8YY-bFB_E7R50mhmhDw==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 logo-red.svg
www.mcafee.com/content/dam/consumer/en/company-logo/ 4 KB
2 KB 326ms
321ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/content/dam/consumer/en/company-logo/logo-red.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d3704d9797dce227e5032123ba2c7744319bf51460b1f5a54e21ec3d9952004e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1414
etag: "e1a-5e8a04c6d6800"
last-modified: Wed, 14 Sep 2022 10:07:38 GMT
server: Apache
x-frame-options: DENY
date: Sun, 25 Sep 2022 14:21:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
x-mcafee-cache: 365-days
expires: Tue, 25 Oct 2022 14:21:00 GMT

GET
H2 200 backtotop.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 794ms
790ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/backtotop.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

44a6addb012e85ee247ae07452582489aaa2a0054e45b0810a95108c68f744a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: MXP64-C3
etag: "544-5e4368f2cd440"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=14, origin; dur=444
accept-ranges: bytes
content-length: 1348
x-amz-cf-id: dJVyWCDQUgeqxPeOC5maCdcJc3Aw6nuDLTkMfKDuE2hOx7OrmpY0Ug==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 navigation.js Show response
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 2 KB
959 B 32ms
31ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/navigation.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff4f1d3b83b386fe368a36112d66e193f81a07d24e2d4f98312fcfb53360d5e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:20:59 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"651-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 609
x-amz-cf-id: MAk55zfVdrbFgTWIMdJ7MK4XptKTrHH7FR_p8VZ7qMe-WupT5-SgPw==
expires: Sun, 25 Sep 2022 14:20:59 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/ 87 KB
28 KB 50ms
20ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5771374
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27964
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-15d95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bzn%2FL48tMHYoTOVjDFkfLsXTuWLOYXhqieQ2w7%2B9ZPLq0rhIuPuVbWUZK2UIELTLMxOZhx1dHWpKYUFNn%2B161oAlG7bmRglH%2BcppQBRKEEbgsKvNCkvHM5B8ZZoIa%2BzIu9PzhT3d4QoHTZtdyot0z7Va"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7504675b2b91bb5f-FRA
expires: Fri, 15 Sep 2023 14:21:00 GMT

GET
H3 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/ 81 KB
23 KB 27ms
18ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/bootstrap.bundle.min.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16261156
x-jsd-version: 4.6.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19155-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"14535-A2PLWLentg73+/gri862MFIyUBo"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmihA9u26%2BPcUGUPqs8YuVcLxT6MgcaUho1ZjlFEOVkTOHOyIcaheawmGvIJE69Ku%2FLlDFNCe2ersW62zZglWfcQjhzDsGljCM0lKoHTunAo%2BL7rQ0iWng1olELdXQhioUN3k9mcd7Q5gt%2BBT%2FI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 7504675b6dc4910a-FRA

GET
H3 200 slick.min.js Show response
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 42 KB
11 KB 28ms
17ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js?ver=10faaf528e636a046163bdb6753031b2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16261162
x-jsd-version: 1.8.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19152-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OHqaJIYM901GOyvYo8AldgB77sl2JPg2SJmS5c4ymz0mIcYX%2BE7kS6%2BCNgf6cqSFypxmWURFhjtNGaPQgXYAgbSdR3nLG%2FDFbFukb4ns4AuBCkJJmdt9fbCntCUConIcoSoHG3JtMnKErDx8DDU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 7504675b9958691b-FRA

GET
H2 200 launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js Show response
assets.adobedtm.com/ 335 KB
94 KB 148ms
19ms Script
application/x-javascript 2a02:26f0:10e:2b7::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10e:2b7::1e80 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6d4d659f4b34d65df2bfac351dda22f2a050352cbebf8f5df3fcb109018f945e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Thu, 31 Mar 2022 21:15:50 GMT
server: AkamaiNetStorage
etag: "f4f97dfb86834a4f03017580725d0f33:1648761350.205862"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 95958
expires: Sun, 25 Sep 2022 15:21:00 GMT

GET
H2 200 mpp-frontend.js Show response
www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/js/ 331 B
550 B 31ms
23ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: "14b-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 195
x-amz-cf-id: mOmr7Li8tLBR_k4fQZFAbSCvXIteWML0iEFOpmxIGmwDGNMxcE-_IQ==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 theme-script.js Show response
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 4 KB
2 KB 40ms
32ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/theme-script.js?ver=5.9.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"e98-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 1233
x-amz-cf-id: vscZZkJ2bOmC1TofzyfqdyIUeOAA5b6ZHKQTn-_sbRgSlTs2ups5OQ==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 skip-link-focus-fix.min.js Show response
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 325 B
596 B 52ms
44ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/skip-link-focus-fix.min.js?ver=20151215

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW53-C1
etag: "145-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 242
x-amz-cf-id: G-e02gaaQnLGUfXwxs8oDZOIONhgZgFQKjSOYGDXeCZlwqvOBWOmeA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 Izb2chH3kB Show response
www.mcafee.com/5qd6sj/IJDiu6/wZxJmf-/UcSxp/uN3GDzQGh3/D04PC20/O3/ 189 KB
71 KB 61ms
53ms Script
application/javascript 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/5qd6sj/IJDiu6/wZxJmf-/UcSxp/uN3GDzQGh3/D04PC20/O3/Izb2chH3kB

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

d2b79939f4e6206056ca35b5ba01c8d1aa9f288489e13b0b8606db7b9549ea70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 03 Aug 2022 13:25:53 GMT
etag: "6815872a375987559069cbc1e0143554a2a380e78077140e931b760673673938"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=21600
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 72262
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 css2
fonts.googleapis.com/ 19 KB
1 KB 81ms
31ms Stylesheet
text/css 2a00:1450:400a:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:800::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2458c6e69ec960015408bcff5b6e3c679da9a9e7cb3149cc810ef75158c0acf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 25 Sep 2022 13:57:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 25 Sep 2022 14:21:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC Show response
s.go-mpulse.net/boomerang/ 204 KB
50 KB 70ms
19ms Script
application/javascript 2a02:26f0:dc:185::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:dc:185::11a6 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4dafc5d60a0cdc3b677a4cd543239bead37d550f86d89ec5210935ba15872ce1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
last-modified: Sat, 13 Aug 2022 00:50:57 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50742

GET
H2 200 gray-arrowdwn.svg
www.mcafee.com/content/dam/en-us/test-assets/header-redesign/ 179 B
535 B 340ms
339ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/content/dam/en-us/test-assets/header-redesign/gray-arrowdwn.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

2170edf920df8db1736b378cacb7cbbb19d9693f32a60348d31e285ab9744591

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 160
etag: "b3-5e89e0c6cfd9c"
last-modified: Thu, 22 Sep 2022 05:13:36 GMT
server: Akamai Resource Optimizer
x-frame-options: DENY
date: Sun, 25 Sep 2022 14:21:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
x-mcafee-cache: 365-days
expires: Tue, 25 Oct 2022 14:21:00 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 94ms
28ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 07:56:04 GMT
x-content-type-options: nosniff
age: 455096
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Sep 2023 07:56:04 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 114ms
49ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 21:19:52 GMT
x-content-type-options: nosniff
age: 234068
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Sep 2023 21:19:52 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 117ms
57ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 08:32:21 GMT
x-content-type-options: nosniff
age: 452919
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Sep 2023 08:32:21 GMT

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 16ms
15ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 227775
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SA%2FrVixrVxtjES7gxt%2BPW51ZigwqqfULO4Z3AUcF3h6ddm4VAZv0cttPjjZVEAyqVa4b8oGG53oN1yCW0hhD5LP%2FYTF8Z98qRcin7PipUER3dAj2f8xVkgdHypx17WRwNMS2JyzwM3FPIZpDtnE%2BbJPx"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7504675bac7cbb5f-FRA
expires: Fri, 15 Sep 2023 14:21:00 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 103ms
52ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 14:28:56 GMT
x-content-type-options: nosniff
age: 431524
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Sep 2023 14:28:56 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 91ms
46ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 06:16:07 GMT
x-content-type-options: nosniff
age: 29093
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Sep 2023 06:16:07 GMT

GET
H2 200 blue-right-arrow.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
1 KB 323ms
322ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/blue-right-arrow.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

5d4ac009da7f99e32023b5d21c87939275d1561bf80e4737aa5d61beba675f29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"534-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 698
x-amz-cf-id: i1BHemjoZfzhof5AvWgofxzDSVRiw48D_9uhcRdtwR8PG8LX3gF0Vg==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 2-1-300x296.png
www.mcafee.com/blogs/wp-content/uploads/2021/08/ 88 KB
89 KB 472ms
472ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/08/2-1-300x296.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0eeff867253c5fc6553b6e74e5c43f39e99a59a6c7b06ff9c6579e3e1efbf6d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 27 Apr 2022 17:58:16 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-C3
etag: "6f170a810cc97002e9fcb96192b5377f"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=114, origin; dur=28
accept-ranges: bytes
content-length: 90032
x-amz-cf-id: fyVMGiP_0q_HE0Ni2GcWuzAm2LSnjP0hgBQwY4XlTs28q8_PO3eYCQ==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 pxiGyp8kv8JHgFVrJJLucHtA.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
9 KB 61ms
31ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiGyp8kv8JHgFVrJJLucHtA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 09:45:12 GMT
x-content-type-options: nosniff
age: 448548
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8668
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:07:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Sep 2023 09:45:12 GMT

GET
H2 200 pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 7 KB
8 KB 54ms
25ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17ea10196a490a8d3b8da162c7d4af9c301c5229f70af90dad6fa33eb951d83f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 07:02:02 GMT
x-content-type-options: nosniff
age: 458338
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7632
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:09:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Sep 2023 07:02:02 GMT

GET
H2 200 opensans-regular-webfont.woff2
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/fonts/ 18 KB
19 KB 393ms
393ms Font
application/octet-stream 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/fonts/opensans-regular-webfont.woff2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/main.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

50c8022116d8105e7c9af1cb08f1e21c26f3f8516875bba1013fe4cbdd166a8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/main.min.css
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: MXP64-C3
etag: "48b4-5e4368f2cd440"
strict-transport-security: max-age=31536000
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=35, origin; dur=2
accept-ranges: bytes
content-length: 18612
x-amz-cf-id: GxWANGuCSClhObrcHTuiesgxlLYHiFuajl7fVaPOwsj7-7gz0uGbSg==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 20181219-Shamoon-1-1024x563.png
www.mcafee.com/blogs/wp-content/uploads/2018/12/ 293 KB
294 KB 1115ms
1114ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/12/20181219-Shamoon-1-1024x563.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0e139f34a106f59b4f2f0645601b926e392a4004530c8bcd490c8cfaea161687

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
last-modified: Thu, 28 Apr 2022 06:41:51 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "d2c37de3ee80fb76a899020321176df8"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=61, origin; dur=697
accept-ranges: bytes
content-length: 300213
x-amz-cf-id: BhYdnZakHj-0HD9ULGSdEx1gcNFENujNFiOK4FIuxzz_Ebqriom9uw==
expires: Sun, 25 Sep 2022 14:21:01 GMT

GET
H2 200 20181219-Shamoon-2-796x1024.png
www.mcafee.com/blogs/wp-content/uploads/2018/12/ 396 KB
398 KB 1105ms
1104ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/12/20181219-Shamoon-2-796x1024.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

b37e66937e62351924fc79d08a60dbee1d9b332660881739e50a0d6704c19a51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
last-modified: Thu, 28 Apr 2022 06:41:58 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-C3
etag: "88f2ba41606645127c625d9ba4fdada6"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=66, origin; dur=671
accept-ranges: bytes
content-length: 405560
x-amz-cf-id: kTd-34wPUGO2Jip0zCEUl0209Jo5uUkFu68kXGWffddT0B5nHIgDcg==
expires: Sun, 25 Sep 2022 14:21:01 GMT

GET
H2 200 20181219-Shamoon-3-1.png
www.mcafee.com/blogs/wp-content/uploads/2018/12/ 26 KB
27 KB 1041ms
1040ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/12/20181219-Shamoon-3-1.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

f6bcd8be3587ea8d217b5be4b93a853220f34e949b9ceebb28c1d6c295f8810a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
last-modified: Thu, 28 Apr 2022 06:42:00 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "ab3c68b3d4223477f895d10c6e89eb30"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=18, origin; dur=641
accept-ranges: bytes
content-length: 26926
x-amz-cf-id: Vx-gJfu-Tl8ceYwJMdbUZBnBYXAstXPOVq5NXE72CYCTYIQqQraKIg==
expires: Sun, 25 Sep 2022 14:21:01 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 101 KB
27 KB 38ms
8ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26840
x-xss-protection: 0
pragma: public
x-fb-debug: 9cxeT/Pu1S/GuUj0l4Vo2GOakVxDlGc0w7Njr8fylviRiZDaJJBcLApZQDOmvCfy/thOGyvLUMSzNi6mMPy50A==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 25 Sep 2022 14:21:00 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 122ms
29ms Script
application/x-javascript 2a02:26f0:11a::6867:4843
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4843 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=61722
accept-ranges: bytes
content-length: 3063

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 452ms
27ms Script
application/javascript 199.232.16.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Tue, 30 Aug 2022 15:04:19 GMT
etag: "d4de8398858246712016031c834bb061+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15317
x-served-by: cache-iad-kiad7000137-IAD, cache-vie6331-VIE

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
18 KB 68ms
23ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

d7abb302c9c1e55633395bf3b82b4bed7d63804223437d9879fff049895ec72d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17403
x-xss-protection: 0
server: cafe
etag: 17680024240845530123
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H3 200 core.e18d3993.js Show response
static.addtoany.com/menu/modules/ 70 KB
25 KB 48ms
38ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.e18d3993.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36925e7859abeeb8681d694d702e00b1fbba6f37ac49b11e8f863ed24507ca6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 917389
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 03 Sep 2022 00:56:46 GMT
server: cloudflare
etag: W/"11891-5e7bb52267bff"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 7504675c491f90c4-FRA
cf-bgj: minify

GET
H3 200 448732493334171 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 156ms
145ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/448732493334171?v=2.9.84&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7f220e2dc4fd32bcb6097a7d0990c19966d769f3c2483a513ad3b6f9d3742d9b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: eSE/vguVokXGhJ2ahWavEfpYePSmN/opwUJVP7Nlxz6FMxicZVQg2g38xjXjFZBH36SlKtjv33bCoS30A+gt6Q==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 25 Sep 2022 14:21:00 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/ 2 KB
2 KB 43ms
21ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/?random=1664115660295&cv=9&fst=1664115660295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8d8c7d1ceaddd4c91558da63f932442ccdf00e449f36eb36ee601c35a1fd03f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1100
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 526 B
1 KB 785ms
206ms XHR
application/json 34.248.26.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=A729776A5245B1590A490D44%40AdobeOrg&d_nsid=0&ts=1664115660313

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.248.26.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-26-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

575da010de064c15955854c1a8d3b915f1fe4d6e6963364c4f3475c804c9be94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v042-0aa3370c8.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: NxDNamVuQnE=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.mcafee.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 360
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 33 KB
12 KB 19ms
19ms Script
application/x-javascript 2a02:26f0:10e:2b7::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10e:2b7::1e80 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "41f1b46329a6056c0f2c993498eda989:1591133412.019903"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12161
expires: Sun, 25 Sep 2022 15:21:00 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 3 KB
2 KB 20ms
19ms Script
application/x-javascript 2a02:26f0:10e:2b7::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10e:2b7::1e80 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "e9aa55ef8b40a205f86b54789b37de5c:1591133412.323749"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1607
expires: Sun, 25 Sep 2022 15:21:00 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 25 KB
9 KB 21ms
21ms Script
application/x-javascript 2a02:26f0:10e:2b7::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10e:2b7::1e80 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "7324535d27629ca693bad7fd0da315ea:1591133412.560246"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8764
expires: Sun, 25 Sep 2022 15:21:00 GMT

GET
H/1.1 204
No Content / Show response
api2932.d41.co/sync/ 0
506 B 502ms
100ms Script
text/plain 18.211.8.187
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api2932.d41.co/sync/

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.211.8.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-211-8-187.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 25 Sep 2022 14:21:00 GMT
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
access-control-allow-origin: https://www.mcafee.com
Cache-control: no-store
access-control-allow-credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK dnb_coretag_v4.min.js Show response
cdn-0.d41.co/tags/ 74 KB
75 KB 58ms
8ms Script
application/javascript 18.66.122.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-58.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Sun, 25 Sep 2022 14:19:32 GMT
Via: 1.1 90bb130ecccb71953b38a1c0e3b5721a.cloudfront.net (CloudFront)
Last-Modified: Thu, 18 Nov 2021 14:57:32 GMT
Server: AmazonS3
Age: 94
ETag: "c5b0d60b7c887bcae6d8897835a15d14"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA60-P2
Accept-Ranges: bytes
Content-Length: 76079
X-Amz-Cf-Id: r6bgGXXE1kXBAbVyoXDcn3PcbIyWmR_zvpjjiEK_ycnOdV1kVhgIVA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1664115660352&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infe...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1664115660352%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1664115660352&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infe...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1664115660352&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-inf...

0
267 B

229ms
182ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1664115660352&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&liSync=true&e_ipv6=AQIrqTi1Lz6VQQAAAYN1BdiXnSEv-YRK9CSIG6QnNBwrtXc9VmBgA7k8mWRa1C9KDAeW37R683xKXEBb-tM4c7DOgmHJew
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:01 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 2FDA88A5C52F4E3084DA7E3DB08B484B Ref B: DUS30EDGE0306 Ref C: 2022-09-25T14:21:01Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXpgR7ZxsnFT0lK4vOgIA==
x-li-fabric: prod-lor1

Redirect headers

date: Sun, 25 Sep 2022 14:21:00 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: ADFC1D04D2094134BBCA9021A1D92B79 Ref B: DUS30EDGE0706 Ref C: 2022-09-25T14:21:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1664115660352&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&liSync=true&e_ipv6=AQIrqTi1Lz6VQQAAAYN1BdiXnSEv-YRK9CSIG6QnNBwrtXc9VmBgA7k8mWRa1C9KDAeW37R683xKXEBb-tM4c7DOgmHJew
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXpgR7V5twSxe1dv3kPDQ==

GET
H2 200 /
www.google.com/pagead/1p-user-list/975085349/ 42 B
548 B 132ms
56ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975085349/?random=1664115660295&cv=9&fst=1664114400000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&fmt=3&is_vtc=1&random=3797873399&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975085349/ 42 B
548 B 133ms
51ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975085349/?random=1664115660295&cv=9&fst=1664114400000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&fmt=3&is_vtc=1&random=3797873399&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 10 KB
3 KB 111ms
44ms XHR
application/json 2a02:26f0:dc:29d::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC&d=www.mcafee.com&t=5547052&v=1.737.0&sl=0&si=a91c317c-882e-4e29-b426-a46c565da415-rirruy&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=250743
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:dc:29d::11a6 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fbd88a10b5258b98d5a54fe5a5547cd11512ad9bec9b71d840f0f22c90740e70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Sun, 25 Sep 2022 14:21:00 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 2353

GET
H/1.1 200
OK api Show response
api2932.d41.co/ 1 KB
2 KB 425ms
108ms Fetch
application/json 18.211.8.187
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api2932.d41.co/api?req=api2932&form=json

Requested by

Host: cdn-0.d41.co
URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.211.8.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-211-8-187.compute-1.amazonaws.com

Software

Resource Hash

0fc74d863fdb60539c032979ac785759d8f8d0da3d3abda2717e0e9ab82ba473

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 25 Sep 2022 14:21:00 GMT
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: application/json
access-control-allow-origin: https://www.mcafee.com
Cache-control: no-store
access-control-allow-credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 1105
X-XSS-Protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 171 KB
63 KB 44ms
21ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e0bf5507d9aa03c086b0300be7cbd9af7b251a11ede01909893ff22050587e71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63730
x-xss-protection: 0
last-modified: Sun, 25 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 2 KB
1 KB 73ms
57ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1664115660436&cv=9&fst=1664115660295&num=2&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f187787bd5913b75bd26b850345428b67d4ad99e3521c7601fb3364b6a4e63a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1099
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 2 KB
1 KB 105ms
21ms Script
text/javascript 2606:4700:4400::ac40:91d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
server: cloudflare
age: 248
vary: Accept-Encoding
content-type: text/javascript
expires: Sun, 25 Sep 2022 14:26:52 GMT
cache-control: max-age=1200
cf-ray: 7504675e4fd89124-FRA
cf-bgj: minify

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 245 KB
50 KB 96ms
37ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 87cf48c0f253995678115f592d32ae687f6263e3d617bf7ad930fadd66d33ffe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 12:52:04 GMT
server: AkamaiNetStorage
etag: "3bcf6f4fc6c7798ef823cde0aca74ae5:1663851124.06445"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
expires: Sun, 25 Sep 2022 14:26:00 GMT

POST
H2 201 Izb2chH3kB Show response
www.mcafee.com/5qd6sj/IJDiu6/wZxJmf-/UcSxp/uN3GDzQGh3/D04PC20/O3/ 18 B
756 B 485ms
476ms XHR
application/json 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/5qd6sj/IJDiu6/wZxJmf-/UcSxp/uN3GDzQGh3/D04PC20/O3/Izb2chH3kB

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/5qd6sj/IJDiu6/wZxJmf-/UcSxp/uN3GDzQGh3/D04PC20/O3/Izb2chH3kB

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
vary: Origin
strict-transport-security: max-age=31536000
content-type: application/json
access-control-allow-origin: https://www.mcafee.com
access-control-allow-credentials: true
x_req_id: 1b935d2f-c38a-43fe-903e-c4fd97937c53
server-timing: edge; dur=5, origin; dur=432, cdn-cache; desc=MISS
access-control-allow-headers: Content-Type
content-length: 18

GET
H3 200 icons.30.svg.js Show response
static.addtoany.com/menu/svg/ 77 KB
33 KB 45ms
33ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.30.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.e18d3993.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 918818
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
server: cloudflare
etag: W/"132a9-5d0656e4a26b3"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 7504675e59af8fdc-FRA
cf-bgj: minify

GET
H3 200 sm.23.html Show response
static.addtoany.com/menu/ Frame E046 741 B
691 B 31ms
21ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.23.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 918818
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 7504675e59b18fdc-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 25 Sep 2022 14:21:00 GMT
etag: W/"2e5-5cc9e128a4c38"
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e1s
x-content-type-options: nosniff

GET
H2 200 300x200_maskingIP.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 81 KB
82 KB 33ms
26ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_maskingIP.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

569c26cc949ef91113628499320d3094b117bf29e3ce614fc3cf6d7d84fe4194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 82895
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 21 Apr 2022 15:09:10 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "c3ad9e30865840d001f863e7b61e81b3"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: wdbv_530S7ug0NiAO2-g453vy-7m5_Waoif8YY-bFB_E7R50mhmhDw==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_phonenotifications.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 71 KB
71 KB 108ms
103ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_Blog_phonenotifications.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

18a0ca8e6cf3c31eb83227d48f89f8165141be974f61a06b5856ef999ff2eb58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 05 May 2022 13:32:35 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "579c3418512929b2c70d1b2fd025039a"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=44, origin; dur=16
accept-ranges: bytes
content-length: 72380
x-amz-cf-id: c1_fhu-R3qUFq8W2dmUrtNkkktiYjsT97AWwDW0dj_35o0J1f-JPdA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_scamparty.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 72 KB
73 KB 66ms
61ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_scamparty.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

457f5c0fdf15b82708a47c22c4928cd465012450d2c262297ab8fec142c34e79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 73608
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 21 Apr 2022 14:08:08 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "5fa16d52a98b0d00e72346e19f98cb8a"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 9jnDL_2ie05fp2mjHHNVkmZZfd2SjR_4Afy7VrO3gQKZ6jdWj8aYzQ==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_ukrainescam.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/04/ 69 KB
70 KB 158ms
152ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/04/300x200_Blog_ukrainescam.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

3384758485dbe9ada2cf47807be1f0513945d9d4bacd7f9406ac79abfc49dee1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 05 May 2022 13:12:42 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "b84e990c79334f9935dcb2f204a17029"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=67, origin; dur=15
accept-ranges: bytes
content-length: 70661
x-amz-cf-id: v3v_AxZkEK5vFqqOV86rxU0zg3HlvZtq0qo1fjLgqMzk-OAj_HP3Yg==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_malliciouscookingstuffing-1-300x203.png
www.mcafee.com/blogs/wp-content/uploads/2022/08/ 81 KB
82 KB 85ms
80ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/08/300x200_Blog_malliciouscookingstuffing-1-300x203.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0d66fa6c68f151d974336b6ba4fbc234568f3c3fd9e17f23310f78ff9d983bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Mon, 29 Aug 2022 21:38:10 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "87e5c6ed3b2d97d455f7f4d90558503d"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 83321
x-amz-cf-id: J4YRD4cyTer2GPhzLgn2Mw8bn4tWVOIElnYqQxV9SCKtX-SF9BMPnA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 Cloud-300x162.jpeg
www.mcafee.com/blogs/wp-content/uploads/2021/11/ 13 KB
13 KB 138ms
133ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/11/Cloud-300x162.jpeg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

7e601e5cd42b0c811b65bf97b2a9fecc45bd90886ce4aa1fb15f0cf4de2c9fcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 27 Apr 2022 18:04:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "fd8e38d8247fc8474d606ee43905ccf2"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=26, origin; dur=15
accept-ranges: bytes
content-length: 13190
x-amz-cf-id: 1hwUb6RN7xzK5KSdarNYCXiNzWU69kT_vcZdRSw2ZL3k_nC76WzyEQ==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_googleplay.png
www.mcafee.com/blogs/wp-content/uploads/2022/07/ 67 KB
67 KB 105ms
101ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/07/300x200_Blog_googleplay.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

a982c540f8f384f11cce36732cc23b9f3e9bf9dbee0c854c663f99b27f035969

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Fri, 29 Jul 2022 03:16:10 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "1d806467d4b5264c01768f3ef22ecafa"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 68211
x-amz-cf-id: touKObFgX7UFGW1KW8_KIIT7kREtnWk_xBbdyK-2FYmVKERXC29SEg==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_LNK-Malware.png
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 92 KB
92 KB 116ms
112ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_LNK-Malware.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

c64a0dd00d685de6eb7d2053110e20e2515ec436f262e5d36896a03b390f917a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Tue, 21 Jun 2022 18:47:31 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-C3
etag: "269b6c55466cf51072f191ac2be74169"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 93753
x-amz-cf-id: g6DNMN3ozjRqoX6CEdnxdiQRwcJm1-vVLdHvMVM-mIJe_yogFsBp8Q==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_tiktok-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 78 KB
79 KB 123ms
119ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_tiktok-1.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

874167e9a8246e870b7c7bbc08c771595959ba9e721240c33d19bb383d4e29a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 09 Jun 2022 18:44:53 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "c43c0deb31352d26402c87137f472e14"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 80268
x-amz-cf-id: K4SecBgqGUgvM3Ti5tW-J4zJ93hEtyyQkpD0G8ZUp77TUChP2tkjmw==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_childphones-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 71 KB
72 KB 131ms
127ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_childphones-1.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

6d82164a8b75a7961fd54f46b2b985fd3bf0f16994631f025ef704eaef35f509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 09 Jun 2022 18:55:58 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-C3
etag: "a4dc9fcd6611c8cd1a73df4e5271235a"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 72723
x-amz-cf-id: TEQC1C6zzQ9VswucElvbiJVPv8K5HRivBgUl-DPhxJeBSwwa7UzbGA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_MFE_Blogs_051722_Blog-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/05/ 65 KB
66 KB 149ms
145ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/05/300x200_Blog_MFE_Blogs_051722_Blog-1.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

b69751883be604d7108841f66360e02134764e137438b491d830d2345149219f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 19 May 2022 04:29:02 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-P1
etag: "386d66c33c0b8d8d4473988a9914bc58"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 66724
x-amz-cf-id: vC-y7JKClhdZ4hBBCy-7K2u7lN799Bsey5V56IDTmv5Ev9l-mDS68w==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 300x200_Blog_backupday.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 68 KB
69 KB 187ms
184ms Image
image/jpeg 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_backupday.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

bbc8f5b6465f291e62990af3187eb69b20b9924a0d5a078a4d5b01201c343702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 05 May 2022 13:35:12 GMT
server: AmazonS3
x-amz-cf-pop: MXP64-C3
etag: "de50fb4e804d4612d015af8b16be168f"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=16, origin; dur=16
accept-ranges: bytes
content-length: 69811
x-amz-cf-id: dt8I7rUi-CC0_1eUsvwt_79qfei4LXBiz-YIPwDlZxGIrBk0dz1LDA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 slider-right-arrow.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 186ms
185ms Image
image/png 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/slider-right-arrow.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

fa251403ac153674157ed78351b757b362f9e0be8f6c5d595962b9033e488d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: MXP64-P1
etag: "569-5e4368f2cd440"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=43, origin; dur=4
accept-ranges: bytes
content-length: 1385
x-amz-cf-id: wilL_OO5tk89-Orf-BH2z_CJed-QgJJyrr9FA_SUdeY39oycnRwN-Q==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 globe-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
893 B 138ms
137ms Image
image/svg+xml 92.123.10.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/globe-icon.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.10.20 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-10-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"43f-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 550
x-amz-cf-id: oZ9wTk0t3I24kYSEQ6uGmps0VWVaAsIeSikHU1ZZh36na1l6eQsFRA==
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H3 200 187610925152304 Show response
connect.facebook.net/signals/config/ 292 KB
84 KB 143ms
142ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/187610925152304?v=2.9.84&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d585297c70c75e9cc83fa3f363b5e833b645c3fc25f858765aeec296d4d4dac1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 244B3n73q5vQp2IJ+rml3S4WUpIv3KdRCsroMcs5461S+ZOXbSWy6n8HJGEZOIefp8u7FvMqJMrY1T7Ig27wZg==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 25 Sep 2022 14:21:00 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
204 B 78ms
25ms Image
text/plain 2a03:2880:f10a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=448732493334171&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&rl=&if=false&ts=1664115660620&sw=1600&sh=1200&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664115660619.162905138&it=1664115660282&coo=false&exp=a1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f10a:83:face:b00c:0:25de Kista, Sweden, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Sun, 25 Sep 2022 14:21:00 GMT
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 104ms
50ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1664115660436&cv=9&fst=1664114400000&num=2&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&fmt=3&is_vtc=1&random=1061341125&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 106ms
53ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1664115660436&cv=9&fst=1664114400000&num=2&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&fmt=3&is_vtc=1&random=1061341125&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
324 B 477ms
103ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1259816&version=2.1.1&ref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&r=1664115660661
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Sun, 25 Sep 2022 14:21:01 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
Server: Apache/2.4.6 (CentOS)
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 43

GET
H2 200 utag.currency.js Show response
tags.tiqcdn.com/utag/tiqapp/ 3 KB
2 KB 33ms
32ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.currency.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d19422115ab0e94c5ed6d134ce592555166932e530f1d3a506013b84930070d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Mon, 19 Sep 2022 01:00:07 GMT
server: AkamaiNetStorage
etag: "0749cff1e45555ae8b062c0c678b37c9:1663549207.138474"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1780
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
41 KB 38ms
22ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

84bcb07e0a5fd55bbcd0d36c5fdd90486977baf2741841c0efcf7cee77de1584

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42259
x-xss-protection: 0
last-modified: Sun, 25 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
41 KB 36ms
20ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-5471927&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dc1ae582aa9fce07a50f4e2a19b23c4914f390b57d1a517890c605249caf7808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42437
x-xss-protection: 0
last-modified: Sun, 25 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 115 KB
46 KB 43ms
28ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-597407903&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

02437c9427a2d6ab1ce1eeae2ad9756c264233a651684918b4200d1c2dbfaf22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46564
x-xss-protection: 0
last-modified: Sun, 25 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 41 KB
15 KB 66ms
25ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

7bcbe327243628310e84027b85bca98a20d208f66f64685d979c6ccfa587d2d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15697
x-xss-protection: 0
server: cafe
etag: 1764007376392519731
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 utag.276.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 34 KB
5 KB 65ms
62ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.276.js?utv=ut4.39.202207280846
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 03cb83fe07a916614f3ce8b33a1727c9b0ae141e1fefbcdc33cd322703e21c84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:59 GMT
server: AkamaiNetStorage
etag: "af10e0d0150e68ed8f36117e4d6337d0:1658297879.286928"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 5275
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.331.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 6 KB
2 KB 59ms
56ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.331.js?utv=ut4.39.202206151424
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ea2fcfa550c8e004fc94f03166e8d8da9a87e9770b21a30146af7f7297735407

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Tue, 21 Dec 2021 08:45:24 GMT
server: AkamaiNetStorage
etag: "59b591af9c74eed7eeee7eb9933434aa:1640076324.779275"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2298
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.356.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 106 KB
27 KB 79ms
77ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.356.js?utv=ut4.39.202209221251
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c589952098842e06f3b169d1c5439e1908b241b55644f81cb5a8d9e0e4f0b49e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Fri, 09 Sep 2022 09:36:29 GMT
server: AkamaiNetStorage
etag: "ebcf6f3304a0738c4c256e8ec6b98245:1662716189.608877"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 27143
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.444.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 19 KB
6 KB 86ms
83ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.444.js?utv=ut4.39.202204270556
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cc2a9ed4988e65c35ca3723e7b6941441eb3cdffb9c054fd02827e794470675f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 09:32:59 GMT
server: AkamaiNetStorage
etag: "b2cb1df33dd6b8a4f10369db69c7e7dd:1632130379.813891"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 6343
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.476.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 87ms
85ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.476.js?utv=ut4.39.202006041316
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Thu, 31 Oct 2019 10:34:56 GMT
server: AkamaiNetStorage
etag: "6b2903b10789da4d6134a59bb1fc8a49:1572518096.337345"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2366
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.515.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 2 KB
1 KB 88ms
86ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Thu, 23 Jul 2020 12:04:49 GMT
server: AkamaiNetStorage
etag: "7365d951d30f1fa9668d0437fedeb4e3:1595505889.289423"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1048
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.518.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 4 KB
2 KB 88ms
87ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.518.js?utv=ut4.39.202209131210
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2c89216f71c61ef90798e0ca2055716b1ca1b22cbb30b2e8984050ae06acc778

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 12:45:08 GMT
server: AkamaiNetStorage
etag: "7cc04aa651cce060d80e6babeafad2bf:1654778708.036164"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2120
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.521.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 93ms
92ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 15 Jul 2020 10:59:20 GMT
server: AkamaiNetStorage
etag: "c09f093e0e4ce83103416febd13a6294:1594810760.535353"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3237
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.523.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 2 KB
1 KB 95ms
94ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.523.js?utv=ut4.39.202201051242
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 27dc4635c254b8aa1eacc62b7819be57d827b663d41793078443ae7531d17f32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Thu, 27 Aug 2020 12:46:09 GMT
server: AkamaiNetStorage
etag: "fb30f56886da031845524ee15f427821:1598532369.53687"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1163
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.531.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 96ms
95ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.531.js?utv=ut4.39.202202081111
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Tue, 01 Dec 2020 04:25:45 GMT
server: AkamaiNetStorage
etag: "3a9ced3787ddb191062f19331c8d30bd:1606796745.86938"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3239
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 utag.537.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 3 KB
2 KB 97ms
96ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.537.js?utv=ut4.39.202012161058
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
last-modified: Wed, 14 Oct 2020 13:17:10 GMT
server: AkamaiNetStorage
etag: "8b5d313be7f848419f47125d0c6664fd:1602681430.396878"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1538
expires: Mon, 10 Oct 2022 14:21:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
376 B 144ms
114ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=87836c79-b391-48a0-9591-31687885bf1d&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=73be31a5-da65-4e79-882c-4fe37d989bda&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlgc&type=javascript&version=2.3.27

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-response-time: 106
date: Sun, 25 Sep 2022 14:21:00 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
x-transaction-id: 0b8594870bd3abaf
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 67968f02b0cb9c0b37f2a4417b5669a5bc3613baad2162331b1740e61d90b05d
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 301ms
111ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=87836c79-b391-48a0-9591-31687885bf1d&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=73be31a5-da65-4e79-882c-4fe37d989bda&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlgc&type=javascript&version=2.3.27

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-response-time: 104
date: Sun, 25 Sep 2022 14:21:00 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
x-transaction-id: 19b74ec531efb5e9
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: be026409663e1bd8a066c1849bf47336b2b9dc0e4d089a39aea1968d3a2c943b
content-length: 43

GET
H2

200

dc_pre=CLCt1_aRsPoCFYBHHgIdFSENAQ;src=5471927;type=;cat=;gtm=2od9l0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-i...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=5471927;type=;cat=;gtm=2od9l0;auiddc=1168220563.1664115661;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-...
https://ad.doubleclick.net/activity;dc_pre=CLCt1_aRsPoCFYBHHgIdFSENAQ;src=5471927;type=;cat=;gtm=2od9l0;auiddc=1168220563.1664115661;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafe...
https://adservice.google.com/ddm/fls/z/dc_pre=CLCt1_aRsPoCFYBHHgIdFSENAQ;src=5471927;type=;cat=;gtm=2od9l0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-...

42 B
494 B

72ms
46ms

Image
image/gif

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLCt1_aRsPoCFYBHHgIdFSENAQ;src=5471927;type=;cat=;gtm=2od9l0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/dc_pre=CLCt1_aRsPoCFYBHHgIdFSENAQ;src=5471927;type=;cat=;gtm=2od9l0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 101ms
25ms Script
text/javascript 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
server: Golfe2
age: 6808
date: Sun, 25 Sep 2022 12:27:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19826
expires: Sun, 25 Sep 2022 14:27:32 GMT

GET
H3 200 766537420057144 Show response
connect.facebook.net/signals/config/ 292 KB
84 KB 218ms
217ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/766537420057144?v=2.9.84&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cc698829ada2c532110e2d8ceebb401c2938a1559500b5e7660e784d04dc9f10

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 8K+hIYhu5Q4GBhQ/aymup3v1YwQsnyXVjRD/GZG/PCAdat7uonzBeNM5NQ26zaiLJzhF+YX8O2udWZtve1fbMg==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 25 Sep 2022 14:21:01 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 53ms
25ms Image
text/plain 2a03:2880:f10a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=187610925152304&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&rl=&if=false&ts=1664115660853&sw=1600&sh=1200&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664115660619.162905138&it=1664115660282&coo=false&exp=a1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10a:83:face:b00c:0:25de Kista, Sweden, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Sun, 25 Sep 2022 14:21:00 GMT
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/ 3 KB
1 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/?random=1664115660859&cv=9&fst=1664115660859&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%3Bcontent_group5%3D%3Bauthor%3DThomas%20Roccia%3BpubDate%3DDec%2019%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39f3ae837fe70d3524de0184090b7983660de038051758810772082fab727244

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 3 KB
1 KB 150ms
149ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1664115660863&cv=9&fst=1664115660863&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%3Bcontent_group5%3D%3Bauthor%3DThomas%20Roccia%3BpubDate%3DDec%2019%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37b0a03086d2cf747992fbd585df4c9de2fd008e4e21f6c3988fae8c852dac47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 201
Created messages Show response
cu1pehnsweb01.servicebus.windows.net/webp32h01/ 0
309 B 512ms
134ms XHR
application/xml 104.208.16.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
type: entry
Authorization: SharedAccessSignature sr=http%3a%2f%2fcu1pehnsweb01.servicebus.windows.net%2fwebp32h01&sig=egeBP80h1RMGKxIU3lvC2c7N8fqicJTBSJTk9weZQwA%3d&se=2188580224&skn=webp32h01send
Content-Type: application/json; charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.mcafee.com
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Credentials: true
Server: Microsoft-HTTPAPI/2.0
Date: Sun, 25 Sep 2022 14:21:01 GMT
Transfer-Encoding: chunked
Content-Type: application/xml; charset=utf-8

OPTIONS
H/1.1 200
OK messages
cu1pehnsweb01.servicebus.windows.net/webp32h01/ Frame 0
0 588ms
125ms Preflight 104.208.16.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,type
Access-Control-Request-Method: POST
Origin: https://www.mcafee.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,content-type,type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: https://www.mcafee.com
Access-Control-Max-Age: 3600
Content-Length: 0
Date: Sun, 25 Sep 2022 14:21:01 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

GET
H2 200 adsct
t.co/i/ 43 B
203 B 113ms
112ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=72295b71-ecdb-4da1-9e75-26c2e81447e1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=73be31a5-da65-4e79-882c-4fe37d989bda&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlgc&type=javascript&version=2.3.27

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-response-time: 105
date: Sun, 25 Sep 2022 14:21:00 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
x-transaction-id: 01ff725105dfbfb6
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 67968f02b0cb9c0b37f2a4417b5669a5bc3613baad2162331b1740e61d90b05d
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
215 B 197ms
113ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=72295b71-ecdb-4da1-9e75-26c2e81447e1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=73be31a5-da65-4e79-882c-4fe37d989bda&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlgc&type=javascript&version=2.3.27

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-response-time: 105
date: Sun, 25 Sep 2022 14:21:00 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
x-transaction-id: b0f8a299d95c8a7e
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: be026409663e1bd8a066c1849bf47336b2b9dc0e4d089a39aea1968d3a2c943b
content-length: 43

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 17 KB
6 KB 422ms
96ms Script
text/javascript 52.21.81.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.81.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-81-76.compute-1.amazonaws.com
Software: /
Resource Hash: bf4daed5acf1ce25b9b55760c7ad3173e7a3bb3089c68188ffb65679054f88cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 25 Sep 2022 14:21:01 GMT
Content-Encoding: gzip
Cache-Control: max-age=5
Content-Length: 5401
Connection: keep-alive
Content-Type: text/javascript

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 115 KB
45 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-614089511&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

df43754f3964cfc1d545201b85a31dfbb7ea1efc638479fc78ad848be2e63d2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46471
x-xss-protection: 0
last-modified: Sun, 25 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 115 KB
45 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-614089511

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5bfe21572eee04df8b3ba7dca96e171a2d072ddc6be9216232307c8ddfa07b69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46462
x-xss-protection: 0
last-modified: Sun, 25 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 1eb8bd09b246.js Show response
w.usabilla.com/ Frame 69B8 242 KB
26 KB 125ms
31ms Script
text/javascript 34.242.77.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://w.usabilla.com/1eb8bd09b246.js?lv=1
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.242.77.172 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-242-77-172.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d4e49c209a8cbc026aa48e9435eb83e8ba47c1cf81acba38a5378b95faff0b88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-widget-server: 2.1
etag: "a4aac39623035079bce0869eba2e35ca"
content-type: text/javascript
cache-control: public,max-age=0
content-length: 26572

GET
H2 200 star.gif
jelly.mdhv.io/v1/ 43 B
235 B 192ms
123ms Image
image/gif 216.239.32.21
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jelly.mdhv.io/v1/star.gif?pid=Fm4ZsumnWdLJITEAOIqxG583lBzi&src=mh&evt=hi&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&_rnd=0.07745854970489652
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.21 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: any-in-2015.1e100.net
Software: Google Frontend /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
server: Google Frontend
content-type: image/gif
x-cloud-trace-context: c5793dde38d290e556ff701de2f9bb7e
cache-control: no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0
content-length: 43
expires: -1

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 166 KB
61 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0a1ad51e1c1441233d6a967ad47310eba4c53b240bfc7da3e8df642dadf8e77e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62547
x-xss-protection: 0
last-modified: Sun, 25 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 25 Sep 2022 14:21:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 26 KB
10 KB 93ms
12ms Script
application/javascript 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 34686cba28b7d374710a0b8204ae2cbce77ced594bcac71bef4f5260a8d99745

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
etag: "eN3sxSgaav0x5wHLxGB1gQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Sun, 02 Oct 2022 14:21:01 GMT

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
202 B 24ms
24ms Script
application/x-javascript 92.123.36.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mcafee/consumer-main/202209221251&cb=1664115660916
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.36.220 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-220.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:00 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Sun, 25 Sep 2022 14:31:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/597407903/ 42 B
64 B 54ms
54ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/597407903/?random=1664115660859&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%3Bcontent_group5%3D%3Bauthor%3DThomas%20Roccia%3BpubDate%3DDec%2019%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2961690227&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/597407903/ 42 B
64 B 53ms
53ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/597407903/?random=1664115660859&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%3Bcontent_group5%3D%3Bauthor%3DThomas%20Roccia%3BpubDate%3DDec%2019%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2961690227&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/ 3 KB
1 KB 78ms
77ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/?random=1664115660949&cv=9&fst=1664115660949&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa9ebf2115e657999ee18c8edd27310deb0f290aae75c970023e78ef46c4489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1128
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 93ms
47ms XHR
text/plain 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j97&a=1207954687&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&ul=en-us&de=UTF-8&dt=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GBACUABBAAAAC~&jid=1605157626&gjid=2128215244&cid=1502204610.1664115661&tid=UA-35949610-14&_gid=1639599189.1664115661&_r=1&gtm=2ou9l0&cd1=na&cd2=us&cd3=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&cd9=&cd10=shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems&cd13=&cd16=Thomas%20Roccia&cd17=Dec%2019%2C%202018&cg1=blogs&cg2=other-blogs&cg3=mcafee-labs&cg4=shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems&cg5=&z=686641571

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 3 KB
1 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1664115660997&cv=9&fst=1664115660997&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cd8004457c6e88f965139335606e7d06ab634cc8a3a6fc544deea82494b84c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1130
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 3 KB
1 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1664115660998&cv=9&fst=1664115660998&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1d332c6a5696d63ad1371230245d733827837ff1c1e0a09d5ec506aea2f37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1127
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 94ms
25ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-35949610-14&cid=1502204610.1664115661&jid=1605157626&gjid=2128215244&_gid=1639599189.1664115661&_u=4GBACUAABAAAAC~&z=108391758

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 25 Sep 2022 14:21:01 GMT
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 56ms
53ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1664115660863&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%3Bcontent_group5%3D%3Bauthor%3DThomas%20Roccia%3BpubDate%3DDec%2019%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1423640131&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 60ms
57ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1664115660863&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%3Bcontent_group5%3D%3Bauthor%3DThomas%20Roccia%3BpubDate%3DDec%2019%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1423640131&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/614089511/ 42 B
64 B 58ms
55ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/614089511/?random=1664115660949&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3425359427&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/614089511/ 42 B
64 B 57ms
54ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/614089511/?random=1664115660949&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3425359427&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-hvA1U3-AR_BCf.js Show response
rules.quantcount.com/ 3 KB
2 KB 103ms
29ms Script
application/javascript 2600:9000:206e:4000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-hvA1U3-AR_BCf.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:4000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 399be28131d1a20656566d51786ebbd615d989571a619d09b1c7269d47b662e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 13:48:45 GMT
content-encoding: gzip
age: 1955
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Fri, 26 Aug 2022 15:31:32 GMT
server: AmazonS3
etag: W/"fb62258b2f69b531facfcd8ad28c5147"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 93f2a781416975f99355acc4c81d60d2.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: 0oqClKKgoysPmVTCxHpRM5l0oWdeiHesLrETAbzHIqW9eYfH6hiZxw==

GET
H2 200 pixel;r=1891115738;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F;uht=2;f...
pixel.quantserve.com/ 35 B
371 B 42ms
9ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1891115738;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F;uht=2;fpan=1;fpa=P0-1369340389-1664115661072;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;cm=;gdpr=0;ref=;d=mcafee.com;dst=0;et=1664115661072;tzo=0;ogl=locale.en_US%2Ctype.article%2Ctitle.Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog%2Cdescription.Last%20week%20the%20McAfee%20Advanced%20Threat%20Research%20team%20posted%20an%20analysis%20of%20a%20new%20w%2Curl.https%3A%2F%2Fwww%252Emcafee%252Ecom%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-ne%2Csite_name.McAfee%20Blog%2Cimage.https%3A%2F%2Fwww%252Emcafee%252Ecom%2Fblogs%2Fwp-content%2Fuploads%2F2018%2F12%2Fweb-page-generic-javascr%2Cimage%3Awidth.2048%2Cimage%3Aheight.1365%2Cimage%3Atype.image%2Fjpeg;ses=86781779-faf8-4a91-965f-5145fe576c9a

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 54ms
53ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1664115660998&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1993571342&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 56ms
55ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1664115660998&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1993571342&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 55ms
54ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1664115660997&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2823078689&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 53ms
52ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1664115660997&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2823078689&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dest5.html Show response
mcafeeinc.demdex.net/ Frame D27E 7 KB
3 KB 900ms
181ms Document
text/html 34.242.155.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcafeeinc.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.242.155.96 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-155-96.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v042-047f0d9dd.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: i3VPzLsNRAU=
content-encoding: gzip
date: Sun, 25 Sep 2022 14:21:01 GMT
last-modified: Thu, 22 Sep 2022 11:35:49 GMT
vary: accept-encoding

GET
H2 200 id Show response
smetrics.mcafee.com/ 48 B
457 B 1022ms
178ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.mcafee.com/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&mid=48692942624868663671658095811198696590&ts=1664115661113

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

dfba83bddfdad7e8f72be482bac94302a3735cfb58b513fcd05d23f8eb9d3a64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 25 Sep 2022 14:21:02 GMT
x-content-type-options: nosniff
server: jag
vary: Origin
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YzBjzQAAAE_wcAN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=52372713631993862422035361507226445747
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YzBjzQAAAE_wcAN-

42 B
942 B

186ms
185ms

Image
image/gif

34.248.26.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YzBjzQAAAE_wcAN-

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

HTTP/1.1

Server

34.248.26.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-26-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v042-052137a19.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 1TMh1w7gRJg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YzBjzQAAAE_wcAN-
Date: Sun, 25 Sep 2022 14:21:01 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 63ms
63ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-35949610-14&cid=1502204610.1664115661&jid=1605157626&_u=4GBACUAABAAAAC~&z=1083684976

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 66ms
65ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-35949610-14&cid=1502204610.1664115661&jid=1605157626&_u=4GBACUAABAAAAC~&z=1083684976

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 577185772377767 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 9ms
9ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/577185772377767?v=2.9.84&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b33106caeeae82a71f4d811706788e3611e6d894688d476dfd17ae966debe3c7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86419
x-xss-protection: 0
pragma: public
x-fb-debug: 3pz7HqVSjQqZij3UXAiICa4GWfF6l+3ifeM3GD8PQJ1iRqgqd6IDrR9dEdJnaAi77+iJuZRp2VZmb8Eq5Sl0Uw==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 25 Sep 2022 14:21:01 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 25ms
25ms Image
text/plain 2a03:2880:f10a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=766537420057144&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&rl=&if=false&ts=1664115661176&sw=1600&sh=1200&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664115660619.162905138&it=1664115660282&coo=false&exp=a1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10a:83:face:b00c:0:25de Kista, Sweden, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Sun, 25 Sep 2022 14:21:01 GMT
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i

GET
H2 200 pixel
pxl.qccerttest.com/ 35 B
550 B 66ms
7ms Image
image/gif 2600:9000:223d:8800:11:615:7240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pxl.qccerttest.com/pixel?r=767996953;fpan=0;fpa=P0-1369340389-1664115661072;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;ref=;cm=;gdpr=0;d=mcafee.com;dst=0;et=1664115661180;tzo=0;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F;ogl=locale.en_US%2Ctype.article%2Ctitle.Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog%2Cdescription.Last%20week%20the%20McAfee%20Advanced%20Threat%20Research%20team%20posted%20an%20analysis%20of%20a%20new%20w%2Curl.https%3A%2F%2Fwww%252Emcafee%252Ecom%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-ne%2Csite_name.McAfee%20Blog%2Cimage.https%3A%2F%2Fwww%252Emcafee%252Ecom%2Fblogs%2Fwp-content%2Fuploads%2F2018%2F12%2Fweb-page-generic-javascr%2Cimage%3Awidth.2048%2Cimage%3Aheight.1365%2Cimage%3Atype.image%2Fjpeg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:8800:11:615:7240:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 01:48:50 GMT
via: 1.1 474733f16f494ddb794b4f7dfd7de966.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 45132
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000
content-length: 35
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 04 Aug 2022 16:01:04 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "55d25e9dc950d5db4d53a3b195c046c6"
vary: Accept-Encoding, Origin
content-type: image/gif
x-amz-cf-pop: FRA56-P3
accept-ranges: bytes
x-amz-cf-id: EYkc6GPEoO4RP0naj1g6gs5EbBne5KbhibWqXpHUui8egUaLH68mfw==

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 29ms
25ms Image
text/plain 2a03:2880:f10a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=577185772377767&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&rl=&if=false&ts=1664115661201&sw=1600&sh=1200&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664115660619.162905138&it=1664115660282&coo=false&exp=a1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10a:83:face:b00c:0:25de Kista, Sweden, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Sun, 25 Sep 2022 14:21:01 GMT
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 29ms
25ms Image
text/plain 2a03:2880:f10a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=577185772377767&ev=ViewContent&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&rl=&if=false&ts=1664115661202&cd[content_type]=product&sw=1600&sh=1200&v=2.9.84&r=stable&ec=1&o=30&fbp=fb.1.1664115660619.162905138&it=1664115660282&coo=false&tm=1&exp=a1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10a:83:face:b00c:0:25de Kista, Sweden, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Sun, 25 Sep 2022 14:21:01 GMT
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 3 KB
1 KB 68ms
66ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1664115661227&cv=9&fst=1664115661227&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dc1ce02c029f4830ed68437ff3f841310db2bc92785e862aa9a8e011f659fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1128
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 3 KB
1 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1664115661234&cv=9&fst=1664115661234&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47e99f885403421b39789578697ca2dc00e8174f6f2285f49b0377063080cec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1128
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 6E9C 0
15 B 25ms
25ms Document
text/plain 2a03:2880:f10a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10a:83:face:b00c:0:25de Kista, Sweden, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 14:21:01 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 52ms
52ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1664115661234&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=447095937&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 53ms
53ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1664115661234&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=447095937&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 55ms
54ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1664115661227&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1604942313&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 51ms
50ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1664115661227&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1604942313&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK sa.css
tags.srv.stackadapt.com/ 65 B
292 B 96ms
95ms Stylesheet
text/css 52.21.81.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.81.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-81-76.compute-1.amazonaws.com
Software: /
Resource Hash: 8ef6acc1ca1b081c2b8381d4f876dc7409a7d557593e890bb21f1e35adbe78da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 25 Sep 2022 14:21:01 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 65
Content-Type: text/css

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 0
881 B 381ms
93ms Fetch
image/jpeg 52.21.81.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.81.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-81-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 25 Sep 2022 14:21:01 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 3 KB
1 KB 142ms
142ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1664115661366&cv=9&fst=1664115661366&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e27adeffacac537b04811ab8921b0483b1ec0178c8be5b4af9aa7143e62dd457

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1130
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 3 KB
1 KB 150ms
150ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1664115661370&cv=9&fst=1664115661370&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

874d906971668a8a8641b3a589c6ab720236cf0083d830370301e63780dc2f1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1130
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 8B45 0
15 B 25ms
25ms Document
text/plain 2a03:2880:f10a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10a:83:face:b00c:0:25de Kista, Sweden, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 14:21:01 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 53ms
52ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1664115661366&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3524285899&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 56ms
55ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1664115661366&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3524285899&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 55ms
54ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1664115661370&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3957429044&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 53ms
53ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1664115661370&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3957429044&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 3 KB
1 KB 50ms
48ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1664115661689&cv=9&fst=1664115661689&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89ad79a25fd4337a24961a8dce944e9cfad41bab6e2adb46d309d39dc03d37f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 3 KB
1 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1664115661701&cv=9&fst=1664115661701&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b770c681fccac6efe25a9e862b247a220c041c3d6541a3763456c2d2b5c00c06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 707E 0
15 B 33ms
33ms Document
text/plain 2a03:2880:f10a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10a:83:face:b00c:0:25de Kista, Sweden, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 14:21:01 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 3 KB
1 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1664115661716&cv=9&fst=1664115661716&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b24c0a340232bac073936e9f6105acf2043571ec9056674847ca3365a0a9ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1128
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 3 KB
1 KB 107ms
91ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1664115661722&cv=9&fst=1664115661722&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&auid=1168220563.1664115661&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

037a79360138a9337fc56965cc64efbecbea3988aa360ba00b65f2b13d3acaa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1130
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 5EA8 0
15 B 44ms
26ms Document
text/plain 2a03:2880:f10a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10a:83:face:b00c:0:25de Kista, Sweden, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 14:21:01 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 141 B
444 B 298ms
285ms XHR
text/plain 52.21.81.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=uSyobPfzhDJe2LRnhI_IVA&is_js=true&landing_url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&t=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&tip=eVg1KTd8X21_Yp6bsjJ6sQDv239ssy32k5jYjhXu82g&host=https://www.mcafee.com&sa_conv_data_css_value=%20%220-3b4f8d52-238f-4233-79de-b69cf88c06a8%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9d796cad3f9dd45a77b2ce7d80396abee8ac72684&sa-user-id-v2=s%253A0-3b4f8d52-238f-4233-79de-b69cf88c06a8%2524ip%2524138.199.38.132.iCc5JAEyk7b2W7WFWnXorm64Djv%252Fp26gB6I3fRDOVNQ&sa-user-id=s%253A0-3b4f8d52-238f-4233-79de-b69cf88c06a8.gdBrVCFXxkasDF72%252FpoKBxkoOacAP9TKcxIS32dh2eA
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.81.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-81-76.compute-1.amazonaws.com
Software: /
Resource Hash: 597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Sun, 25 Sep 2022 14:21:01 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.mcafee.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 141

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 59ms
58ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1664115661689&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2267544580&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 54ms
52ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1664115661689&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2267544580&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 70ms
58ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1664115661701&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1727098198&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 71ms
59ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1664115661701&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1727098198&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 59ms
56ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1664115661716&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=876814861&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 60ms
57ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1664115661716&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=876814861&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 53ms
53ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1664115661722&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3952984708&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 52ms
51ms Image
image/gif 2a00:1450:400d:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1664115661722&cv=9&fst=1664114400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9l0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&tiba=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3952984708&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC4fa51485b5894d1cb92974356ae0fc00-source.min.js Show response
assets.adobedtm.com/97913309b792/00f161500c52/07eb4e49d341/ 828 B
708 B 54ms
54ms Script
application/x-javascript 2a02:26f0:10e:2b7::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/97913309b792/00f161500c52/07eb4e49d341/RC4fa51485b5894d1cb92974356ae0fc00-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10e:2b7::1e80 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e02c6dc391e7e999f146bc443a116e1f35609f4faecbafedd55aaa3a0c7f234d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:02 GMT
content-encoding: gzip
last-modified: Thu, 31 Mar 2022 21:15:51 GMT
server: AkamaiNetStorage
etag: "ab1faf76266ac8bdf276f0bda62d7148:1648761351.579427"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 443
expires: Sun, 25 Sep 2022 15:21:02 GMT

GET
H/1.1 200
OK mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame 59B1 3 KB
3 KB 54ms
9ms Image
image/png 52.222.206.40
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d6tizftlrpuof.cloudfront.net/themes/production/mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.206.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-206-40.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0f12048dcefe9bc239ae8d17fc0977bb7a704c86d72fab2a17393a056a20bebd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 01:47:35 GMT
Via: 1.1 5c79308f72e53cdf81a950b478a7e144.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Fri, 08 Oct 2021 16:35:12 GMT
Server: AmazonS3
Age: 9030808
ETag: "1944989b2cb625c962c6ef510fb08a96"
X-Cache: Hit from cloudfront
x-amz-version-id: e0DDjde5j886.zf5qCShAnB86PP.hmFt
Cache-Control: max-age=315360000, no-transform, public
X-Amz-Cf-Pop: FRA56-P3
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 2675
X-Amz-Cf-Id: XKl86EMkaVeqcgHtwdp8tkl7uRWNRrVUidpw-Ms42iuGUqySY7L-aw==

GET
H2 451 365868.gif
idsync.rlcdn.com/ Frame D27E 0
98 B 91ms
14ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=52372713631993862422035361507226445747
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mcafeeinc.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 14:21:02 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 204 /
02179918.akstat.io/ 0
201 B 184ms
99ms Ping
image/gif 2a02:26f0:dc:185::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://02179918.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:dc:185::11a6 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:02 GMT
content-type: image/gif
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Sun, 25 Sep 2022 14:21:02 GMT

GET
H2 200 s42562831478663 Show response
smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBWB/ 491 B
739 B 238ms
237ms Script
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBWB/s42562831478663?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=25%2F8%2F2022%2014%3A21%3A2%200%200&d.&nsid=0&jsonv=1&.d&sdid=17D5428D6CE01EA3-26F2E1139EAC0A0A&mid=48692942624868663671658095811198696590&aamlh=6&ce=UTF-8&pageName=other-blogs%3Amcafee-labs%3Ashamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&cc=USD&ch=other-blogs&server=www.mcafee.com&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3DpageName&v1=D%3DpageName&c5=D%3Dv5&v5=other-blogs&c6=D%3Dv6&v6=mcafee-labs&c8=D%3Dv153&c16=Thomas%20Roccia&c26=D%3Dg&v26=D%3Dg&c51=%7C&c52=Dec%2019%2C%202018&c56=D%3Dv159&c57=D%3Dv160&c58=D%3Dv161&c59=D%3Dv180&c60=New&c62=D%3Dr&c75=D%3Dv190&v98=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F105.0.5195.125%20Safari%2F537.36&v100=2.20.0&v153=www.mcafee.com&v154=us&v155=english&v166=%7C217048965%7C495955249%7C495955249%7CDATACAMP%20LIMITED%7CENGLAND%7CData%20Processing%2C%20Hosting%2C%20and%20Related%20Services%7CMicro%202%7C2%7C%7C200%7C&v180=year%3D2022%20%7C%20month%3DSeptember%20%7C%20date%3D25%20%7C%20day%3DSunday%20%7C%20time%3D7%3A21%20AM&v181=New&v184=D%3Dmid&v185=Direct%2FBookmarked&v187=na&v188=Shamoon%20Attackers%20Employ%20New%20Tool%20Kit%20to%20Wipe%20Infected%20Systems%20%7C%20McAfee%20Blog&v190=shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

d7c2833d7df3e3da0d799aa74531596819e5289cc03233465492a62e6cef46df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-aam-tid: 4v8hRL7+S8o=
date: Sun, 25 Sep 2022 14:21:02 GMT
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
vary: *
content-length: 491
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v042-0b6fcc24d.edge-irl1.demdex.com 4 ms
pragma: no-cache
last-modified: Mon, 26 Sep 2022 14:21:02 GMT
server: jag
etag: 3573661172532740096-4619377158119027456
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sat, 24 Sep 2022 14:21:02 GMT

GET
H2 200 s45284246697328
smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/ 43 B
307 B 165ms
163ms Image
image/gif 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/s45284246697328?AQB=1&ndh=1&pf=1&t=25%2F8%2F2022%2014%3A21%3A2%200%200&sdid=17D5428D6CE01EA3-26F2E1139EAC0A0A&mid=48692942624868663671658095811198696590&aamlh=6&ce=UTF-8&ns=mcafeeconsumer&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&events=event120%2Cevent1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems&v1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems&c5=%5Bconsumer%3Aweb%5Dother-blogs&v5=%5Bconsumer%3Aweb%5Dother-blogs&c6=%5Bconsumer%3Aweb%5Dmcafee-labs&v6=%5Bconsumer%3Aweb%5Dmcafee-labs&c7=Page%20Name-%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems&c8=www.mcafee.com&v8=new&c9=en-us&v9=en-us&v13=%3A&v14=direct&c15=consumer&v15=consumer&v20=na&v21=united%20states&v23=7%3A00AM&v24=Sunday&c26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&v26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2F&c33=web&v33=web&v116=shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Sep 2022 14:21:02 GMT
x-content-type-options: nosniff
last-modified: Mon, 26 Sep 2022 14:21:02 GMT
server: jag
etag: 3573661174192668672-4619475974578680845
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 24 Sep 2022 14:21:02 GMT

GET
H/1.1

200
OK

results.txt Show response
rldsnbaccjhy2yzqmpha-psi0zc-7c4d2ad6b-clientnsv4-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=psi0zcpx3
https://rldsnbaccjhy2yzqmpha-psi0zc-7c4d2ad6b-clientnsv4-s.akamaihd.net/eum/results.txt

8 B
312 B

303ms
18ms

XHR
text/plain

2.18.79.141
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://rldsnbaccjhy2yzqmpha-psi0zc-7c4d2ad6b-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2.18.79.141 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-18-79-141.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Sun, 25 Sep 2022 14:21:02 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://rldsnbaccjhy2yzqmpha-psi0zc-7c4d2ad6b-clientnsv4-s.akamaihd.net/eum/results.txt
Date: Sun, 25 Sep 2022 14:21:02 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1

200
OK

results.txt Show response
fibg5ighdmaaakqce3yacgqaabrtay6o-psi0zc-7827f79d0-clienttons-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=psi0zcpx3
https://fibg5ighdmaaakqce3yacgqaabrtay6o-psi0zc-7827f79d0-clienttons-s.akamaihd.net/eum/results.txt

8 B
312 B

263ms
28ms

XHR
text/plain

2a02:26f0:11a::6867:4853
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://fibg5ighdmaaakqce3yacgqaabrtay6o-psi0zc-7827f79d0-clienttons-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2a02:26f0:11a::6867:4853 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Sun, 25 Sep 2022 14:21:02 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://fibg5ighdmaaakqce3yacgqaabrtay6o-psi0zc-7827f79d0-clienttons-s.akamaihd.net/eum/results.txt
Date: Sun, 25 Sep 2022 14:21:02 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

Verdicts & Comments Add Verdict or Comment

190 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems	1969-12-31 23:59:59	Name: local-user-context Value: null
www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems	1969-12-31 23:59:59	Name: dnbDetails Value: \|217048965\|495955249\|495955249\|DATACAMP LIMITED\|ENGLAND\|Data Processing, Hosting, and Related Services\|Micro 2\|2\|\|200\|
.mcafee.com/	1970-01-20 06:15:19	Name: AKA_A2 Value: A
.mcafee.com/	1970-01-20 06:15:30	Name: bm_sz Value: 734D7457CC4E9DCC566FEFA040ECC399~YAAQNhdlX61WKnGDAQAAu9IFdRE27KzoygnKXGA8TWYOUpDTlH49eCsH0hnhUdax+R/QbBk52YWf70+U900ZLY3FGiiCcuDpTqDv2ZNg85qmdDz2tfJnanUN4HiTIG/MGIoS7cjVLa4staouVD0envQ14KOqdfTdCudb8n3HVAmfNeb1Ph/MpmAk4TphoDsPkRRammhqTniL1hW2hx3H/GboN6erukNmyzdGu59WFBZBViKewKcKPeUD71KbX/wQKSuagarFQVTwnXKpiseSuI7wNfXWm2qr0uvjB0lScBg1evI=~3160131~3289143
.doubleclick.net/	1970-01-20 15:36:51	Name: IDE Value: AHWqTUmxtWEj2QPXMxGbJI56iYL_V9jdOF_aBnY1CEUmd2tFaBn8yvmMy71dXPOt
.techtarget.com/	1970-01-20 06:15:17	Name: __cf_bm Value: xHfeX7Ff72_1x3lt5h90S749.6lK8o_mxsxVW.L9VrI-1664115660-0-ATIoXPJ6FQPYeCUuAH+qEkMNrLFfTzLyIZLMnKdzonldNJffU63QwL8UudSjG81SluwH1kRVKeGW/zzj6PvCbcs=
.linkedin.com/	1970-01-20 06:58:27	Name: UserMatchHistory Value: AQIlUmcLJLRNCQAAAYN1Bda5gW1s_9Fe2p24Et-snrSnma3nkThElBuNZEM7kedYuW6vGygelxD0rg
.linkedin.com/	1970-01-20 06:58:27	Name: AnalyticsSyncHistory Value: AQLSFmUXFgh1QwAAAYN1Bda5l-b02p6uprsXA2FVPFQwl71lS4XhsUAC3rHfhdXqAIV4LvQ2EAw4v8U0ZaEyNw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 15:00:51	Name: bcookie Value: "v=2&549ab2fc-ca36-480d-8cc3-d0a1f6aa0678"
.linkedin.com/	1970-01-20 06:16:42	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2763:u=1:x=1:i=1664115660:t=1664202060:v=2:sig=AQEE6Voqu0ptnhZrIPZTaoN8FzvHhdLj"
.mcafee.com/	1970-01-20 08:24:51	Name: _fbp Value: fb.1.1664115660619.162905138
.mcafee.com/	1970-01-20 08:24:51	Name: _gcl_au Value: 1.1.1168220563.1664115661
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 15:00:51	Name: bscookie Value: "v=1&20220925142100592127d5-a666-4840-892c-23f11b2adc5dAQFBn8LxoQ83wER0nmHmZZ3ATtgMhOyr"
.linkedin.com/	1970-01-20 10:34:27	Name: li_gc Value: MTswOzE2NjQxMTU2NjA7MjswMjFbv2BFXfYFWEHAgDoXsGmPxU8NCMDfcB1zkl+wARdRjw==
.mcafee.com/	1970-01-20 15:51:15	Name: run_fs_for_user Value: false
.mcafee.com/	1970-01-20 15:00:51	Name: utag_main Value: v_id:01837505d780000c5fe7ef7df8cd03074007406c00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1664117460672$ses_id:1664115660672%3Bexp-session$vapi_domain:mcafee.com
.mcafee.com/	1970-01-20 15:51:15	Name: _ga Value: GA1.2.1502204610.1664115661
.mcafee.com/	1970-01-20 06:16:42	Name: _gid Value: GA1.2.1639599189.1664115661
.mcafee.com/	1970-01-20 06:15:15	Name: _gat_gtag_UA_35949610_14 Value: 1
.mcafee.com/	1970-01-20 15:00:51	Name: _abck Value: 48A3803297BA3DE731CE55425C719332~0~YAAQNhdlX6tZKnGDAQAApNgFdQjqP1mRHoO1zSwOu3kHEggUjB6IkJDmpaFcL5ww6m5vZu8uMw3uqgUlZsxjs3HbTvqqZVfZUp8WzO137Iy4QW4IIqiFgvDkYRqR5f7gUo8oUhTGDkfWtky2KI+PVejVm4djRGz8O2COPzkjMiVN4yLuWwJZXNvJtZbiPsN0G386HqSPOp8QhezQxwjsOHsMgS+r4h8yvzGKse8lm/4Tws6rGoV0GQOZyt18hKYrPvOW22+H9Rw/oxVUQjpOIePA0jpqOZj3k3I5wnVy/eo5p+k8DDr9anWdabWh3E1T1nma7nNMdEBIvjWbICjXUHDq0/c4SDDz+HqWz1iZYqeUoVLSiC+OSqbbh2rm1ToJNFQaJDmKmXzcuCR3QCtVUAGdoT+b~-1~-1~-1
.t.co/	1970-01-20 15:51:15	Name: muc_ads Value: ad99c4af-021e-473e-8dd1-50ff0dd97515
www.mcafee.com/	1970-01-20 15:39:44	Name: qcSxc Value: 1664115661073
.twitter.com/	1970-01-20 15:51:15	Name: personalization_id Value: "v1_EWVBhL8o2/DIF0tEfx5xIQ=="
.demdex.net/	1970-01-20 10:34:27	Name: demdex Value: 52372713631993862422035361507226445747
.mcafee.com/	1969-12-31 23:59:59	Name: AMCVS_A729776A5245B1590A490D44%40AdobeOrg Value: 1
.quantserve.com/	1970-01-20 15:45:30	Name: mc Value: 633063cd-1b64a-f54cf-dd35a
.mcafee.com/	1970-01-20 15:39:44	Name: __qca Value: P0-1369340389-1664115661072
.everesttech.net/	1970-01-20 15:00:51	Name: everest_g_v2 Value: g_surferid~YzBjzQAAAE_wcAN-
tags.srv.stackadapt.com/	1970-01-20 15:00:51	Name: sa-user-id Value: s%3A0-3b4f8d52-238f-4233-79de-b69cf88c06a8.gdBrVCFXxkasDF72%2FpoKBxkoOacAP9TKcxIS32dh2eA
.srv.stackadapt.com/	1970-01-20 15:00:51	Name: sa-user-id-v2 Value: s%3AO0-NUiOPQjN53rac-IwGqIrHJoQ.8AR0Oht0fq7pcxeR6FMR0rO9d4OtgGmRafFZxiajMxg
www.mcafee.com/	1970-01-20 15:00:51	Name: sa-user-id Value: s%253A0-3b4f8d52-238f-4233-79de-b69cf88c06a8.gdBrVCFXxkasDF72%252FpoKBxkoOacAP9TKcxIS32dh2eA
www.mcafee.com/	1970-01-20 15:00:51	Name: sa-user-id-v2 Value: s%253A0-3b4f8d52-238f-4233-79de-b69cf88c06a8%2524ip%2524138.199.38.132.iCc5JAEyk7b2W7WFWnXorm64Djv%252Fp26gB6I3fRDOVNQ
.dpm.demdex.net/	1970-01-20 10:34:27	Name: dpm Value: 52372713631993862422035361507226445747
www.mcafee.com/	1969-12-31 23:59:59	Name: usbls Value: 1
.mcafee.com/	1970-01-20 06:25:20	Name: RT Value: "z=1&dm=mcafee.com&si=e9cff426-7f24-40b5-bb98-7be050fe7dfb&ss=l8hfhvto&sl=1&tt=2va&bcn=%2F%2F02179918.akstat.io%2F&ld=2ve"
.demdex.net/	1970-01-20 10:34:27	Name: dextp Value: 60-1-1664115662071
.mcafee.com/	1970-01-20 15:51:15	Name: s_ecid Value: MCMID%7C48692942624868663671658095811198696590
.mcafee.com/	1970-01-20 06:15:17	Name: s_gpv Value: %5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cshamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems
.mcafee.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.mcafee.com/	1970-01-20 15:00:51	Name: s_nr Value: 1664115662169-New
.mcafee.com/	1970-01-20 06:15:17	Name: gpv Value: other-blogs%3Amcafee-labs%3Ashamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems
.mcafee.com/	1969-12-31 23:59:59	Name: tp Value: 17013
.mcafee.com/	1969-12-31 23:59:59	Name: s_ppv Value: other-blogs%253Amcafee-labs%253Ashamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems%2C7%2C7%2C1200
.mcafee.com/	1970-01-20 15:51:15	Name: AMCV_A729776A5245B1590A490D44%40AdobeOrg Value: -408604571%7CMCIDTS%7C19261%7CMCMID%7C48692942624868663671658095811198696590%7CMCAAMLH-1664720461%7C6%7CMCAAMB-1664720461%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1664122862s%7CNONE%7CMCSYNCSOP%7C411-19268%7CMCAID%7CNONE%7CvVersion%7C4.6.0
.mcafee.com/	1970-01-20 06:58:27	Name: Target_Test Value: seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040
.mcafee.com/	1970-01-20 08:39:15	Name: aam_uuid Value: 52372713631993862422035361507226445747

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/(Line 1811) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/(Line 1811) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=52372713631993862422035361507226445747 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

02179918.akstat.io
ad.doubleclick.net
adservice.google.com
analytics.twitter.com
api2932.d41.co
apt.techtarget.com
assets.adobedtm.com
c.go-mpulse.net
cdn-0.d41.co
cdn.jsdelivr.net
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
cu1pehnsweb01.servicebus.windows.net
d6tizftlrpuof.cloudfront.net
dpm.demdex.net
fibg5ighdmaaakqce3yacgqaabrtay6o-psi0zc-7827f79d0-clienttons-s.akamaihd.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
idsync.rlcdn.com
jelly.mdhv.io
mcafeeinc.demdex.net
pixel.quantserve.com
px.ads.linkedin.com
px4.ads.linkedin.com
pxl.qccerttest.com
rldsnbaccjhy2yzqmpha-psi0zc-7c4d2ad6b-clientnsv4-s.akamaihd.net
rules.quantcount.com
s.go-mpulse.net
secure.quantserve.com
securingtomorrow.mcafee.com
smetrics.mcafee.com
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
tags.tiqcdn.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
trk.techtarget.com
w.usabilla.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.mcafee.com
104.208.16.0
104.244.42.131
104.244.42.133
13.107.42.14
15.236.176.210
161.69.25.99
172.217.19.102
18.211.8.187
18.66.122.58
199.232.16.157
2.18.79.141
206.19.49.24
216.239.32.21
216.58.212.130
2600:9000:206e:4000:6:44e3:f8c0:93a1
2600:9000:223d:8800:11:615:7240:93a1
2606:4700:10::6816:46c5
2606:4700:4400::ac40:91d9
2606:4700::6810:5714
2606:4700::6811:190e
2620:116:800d:21:b314:a0ef:ab7c:d546
2620:1ec:21::14
2a00:1450:4001:829::2002
2a00:1450:4001:829::2008
2a00:1450:400a:800::200a
2a00:1450:400c:c07::9b
2a00:1450:400d:804::2003
2a00:1450:400d:807::200e
2a00:1450:400d:80a::2004
2a00:1450:400d:80d::2003
2a02:26f0:10e:2b7::1e80
2a02:26f0:11a::6867:4839
2a02:26f0:11a::6867:4843
2a02:26f0:11a::6867:4853
2a02:26f0:dc:185::11a6
2a02:26f0:dc:29d::11a6
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f10a:83:face:b00c:0:25de
34.242.155.96
34.242.77.172
34.248.26.113
35.244.174.68
52.21.81.76
52.215.56.149
52.222.206.40
92.123.10.20
92.123.36.220
003c5212fe084a97fd7fd753297fe409de81f1be36fa96caced384c844d3d361
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
01f32b4bd5a19adf689aa2d6335f521e4a62f6080822045b4ab1879f1dd8fcbf
02437c9427a2d6ab1ce1eeae2ad9756c264233a651684918b4200d1c2dbfaf22
037a79360138a9337fc56965cc64efbecbea3988aa360ba00b65f2b13d3acaa9
03cb83fe07a916614f3ce8b33a1727c9b0ae141e1fefbcdc33cd322703e21c84
0a1ad51e1c1441233d6a967ad47310eba4c53b240bfc7da3e8df642dadf8e77e
0c5d12f7f623ddaea002928a5e8aa1126cccf4cb80b58a4ed180d675a339efcc
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0d66fa6c68f151d974336b6ba4fbc234568f3c3fd9e17f23310f78ff9d983bd7
0e139f34a106f59b4f2f0645601b926e392a4004530c8bcd490c8cfaea161687
0eeff867253c5fc6553b6e74e5c43f39e99a59a6c7b06ff9c6579e3e1efbf6d6
0f12048dcefe9bc239ae8d17fc0977bb7a704c86d72fab2a17393a056a20bebd
0fc74d863fdb60539c032979ac785759d8f8d0da3d3abda2717e0e9ab82ba473
17ea10196a490a8d3b8da162c7d4af9c301c5229f70af90dad6fa33eb951d83f
18a0ca8e6cf3c31eb83227d48f89f8165141be974f61a06b5856ef999ff2eb58
1b24c0a340232bac073936e9f6105acf2043571ec9056674847ca3365a0a9ed0
2170edf920df8db1736b378cacb7cbbb19d9693f32a60348d31e285ab9744591
218d05d13fe4ec02c43381f56d55867da02dbb5ed32c417c2584a44fbbfc8c2a
2433290762f14878390667a857add6770254f0ce19676e8d790eeddfe16b082f
2458c6e69ec960015408bcff5b6e3c679da9a9e7cb3149cc810ef75158c0acf1
27dc4635c254b8aa1eacc62b7819be57d827b663d41793078443ae7531d17f32
2c89216f71c61ef90798e0ca2055716b1ca1b22cbb30b2e8984050ae06acc778
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8af6374a001a941e7eea578da32e139e8c9a659ffab78acd97fa160876efee
3384758485dbe9ada2cf47807be1f0513945d9d4bacd7f9406ac79abfc49dee1
34686cba28b7d374710a0b8204ae2cbce77ced594bcac71bef4f5260a8d99745
36925e7859abeeb8681d694d702e00b1fbba6f37ac49b11e8f863ed24507ca6a
37b0a03086d2cf747992fbd585df4c9de2fd008e4e21f6c3988fae8c852dac47
399be28131d1a20656566d51786ebbd615d989571a619d09b1c7269d47b662e3
39f3ae837fe70d3524de0184090b7983660de038051758810772082fab727244
3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2
414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d
44a6addb012e85ee247ae07452582489aaa2a0054e45b0810a95108c68f744a5
457f5c0fdf15b82708a47c22c4928cd465012450d2c262297ab8fec142c34e79
47e99f885403421b39789578697ca2dc00e8174f6f2285f49b0377063080cec9
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4dafc5d60a0cdc3b677a4cd543239bead37d550f86d89ec5210935ba15872ce1
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
50c8022116d8105e7c9af1cb08f1e21c26f3f8516875bba1013fe4cbdd166a8d
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
569c26cc949ef91113628499320d3094b117bf29e3ce614fc3cf6d7d84fe4194
575da010de064c15955854c1a8d3b915f1fe4d6e6963364c4f3475c804c9be94
597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2
5bfe21572eee04df8b3ba7dca96e171a2d072ddc6be9216232307c8ddfa07b69
5d1d332c6a5696d63ad1371230245d733827837ff1c1e0a09d5ec506aea2f37b
5d4ac009da7f99e32023b5d21c87939275d1561bf80e4737aa5d61beba675f29
5dc1ce02c029f4830ed68437ff3f841310db2bc92785e862aa9a8e011f659fbc
656955dd522a5ad6e4854b1ae8cc510c8eafab407ce64ec7957b5c23a8014bd1
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
678e4443e87259063b8fd75aadfe00332e64993b3829693fd69f6b190321042f
6d4d659f4b34d65df2bfac351dda22f2a050352cbebf8f5df3fcb109018f945e
6d82164a8b75a7961fd54f46b2b985fd3bf0f16994631f025ef704eaef35f509
71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f
74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271
75b43df6930d03341e76a75dcd100473926121ac0e707825a0e73e5666d7ff97
76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7bcbe327243628310e84027b85bca98a20d208f66f64685d979c6ccfa587d2d2
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c48971a72486c60216251e89061d7c2b8b03fa57551e0a6be0b7f0f9ab6254c
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f
7e601e5cd42b0c811b65bf97b2a9fecc45bd90886ce4aa1fb15f0cf4de2c9fcf
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
7f220e2dc4fd32bcb6097a7d0990c19966d769f3c2483a513ad3b6f9d3742d9b
82c52b937868d2d0afb2abccadf9b697f20c73c3c30ad9204dad4884878a7f0c
8474952f856a73d936c67fc73c4b330547430caec755cab2ee773a626ec03988
84bcb07e0a5fd55bbcd0d36c5fdd90486977baf2741841c0efcf7cee77de1584
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85f9a306434e8ed7d91e8ee0ee03ca08c58d61b4d41511b51d6e8ee243a3f2ba
874167e9a8246e870b7c7bbc08c771595959ba9e721240c33d19bb383d4e29a5
874d906971668a8a8641b3a589c6ab720236cf0083d830370301e63780dc2f1d
87cf48c0f253995678115f592d32ae687f6263e3d617bf7ad930fadd66d33ffe
89ad79a25fd4337a24961a8dce944e9cfad41bab6e2adb46d309d39dc03d37f1
8aa9ebf2115e657999ee18c8edd27310deb0f290aae75c970023e78ef46c4489
8ef6acc1ca1b081c2b8381d4f876dc7409a7d557593e890bb21f1e35adbe78da
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834
9dee9f7724ca98ec632aadeee67d695806122f2ceae9b874dbc47f4535345ce9
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a982c540f8f384f11cce36732cc23b9f3e9bf9dbee0c854c663f99b27f035969
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b
b08faf373c3f1c8247d01a6ac23353ae7a36a7bbf40d7591814920c11196bedf
b33106caeeae82a71f4d811706788e3611e6d894688d476dfd17ae966debe3c7
b37e66937e62351924fc79d08a60dbee1d9b332660881739e50a0d6704c19a51
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475
b63f011bf81f6548e73fe3c4f2edf35d97ca29054a35969373953a4ba382d782
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608
b69751883be604d7108841f66360e02134764e137438b491d830d2345149219f
b770c681fccac6efe25a9e862b247a220c041c3d6541a3763456c2d2b5c00c06
b964f75cb8c613e484743bf4daaac6efc65c74156fca95cd76ca15d742555d1d
bbc8f5b6465f291e62990af3187eb69b20b9924a0d5a078a4d5b01201c343702
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
bf4daed5acf1ce25b9b55760c7ad3173e7a3bb3089c68188ffb65679054f88cd
c47380f71c3bdb3ebf92f494d7a6b8c1525f1ce8331fdb50398c22f59eea3936
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
c589952098842e06f3b169d1c5439e1908b241b55644f81cb5a8d9e0e4f0b49e
c64a0dd00d685de6eb7d2053110e20e2515ec436f262e5d36896a03b390f917a
c85b89d6b7d92272f7fb5946e61282a75b946883176c9ff73eac557dde75c724
c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85
cc2a9ed4988e65c35ca3723e7b6941441eb3cdffb9c054fd02827e794470675f
cc698829ada2c532110e2d8ceebb401c2938a1559500b5e7660e784d04dc9f10
cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442
cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cd8004457c6e88f965139335606e7d06ab634cc8a3a6fc544deea82494b84c00
d051f3c16ae61275a06cdf30938b3492e1bc6d89b9e7d67e2d175cec4e44df8a
d19422115ab0e94c5ed6d134ce592555166932e530f1d3a506013b84930070d3
d2b79939f4e6206056ca35b5ba01c8d1aa9f288489e13b0b8606db7b9549ea70
d3704d9797dce227e5032123ba2c7744319bf51460b1f5a54e21ec3d9952004e
d4e49c209a8cbc026aa48e9435eb83e8ba47c1cf81acba38a5378b95faff0b88
d585297c70c75e9cc83fa3f363b5e833b645c3fc25f858765aeec296d4d4dac1
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
d7abb302c9c1e55633395bf3b82b4bed7d63804223437d9879fff049895ec72d
d7c2833d7df3e3da0d799aa74531596819e5289cc03233465492a62e6cef46df
d8d8c7d1ceaddd4c91558da63f932442ccdf00e449f36eb36ee601c35a1fd03f
dc1ae582aa9fce07a50f4e2a19b23c4914f390b57d1a517890c605249caf7808
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df43754f3964cfc1d545201b85a31dfbb7ea1efc638479fc78ad848be2e63d2b
dfba83bddfdad7e8f72be482bac94302a3735cfb58b513fcd05d23f8eb9d3a64
e02c6dc391e7e999f146bc443a116e1f35609f4faecbafedd55aaa3a0c7f234d
e0bf5507d9aa03c086b0300be7cbd9af7b251a11ede01909893ff22050587e71
e27adeffacac537b04811ab8921b0483b1ec0178c8be5b4af9aa7143e62dd457
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea2fcfa550c8e004fc94f03166e8d8da9a87e9770b21a30146af7f7297735407
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f187787bd5913b75bd26b850345428b67d4ad99e3521c7601fb3364b6a4e63a1
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f6bcd8be3587ea8d217b5be4b93a853220f34e949b9ceebb28c1d6c295f8810a
f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5
f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47
fa251403ac153674157ed78351b757b362f9e0be8f6c5d595962b9033e488d48
fbd88a10b5258b98d5a54fe5a5547cd11512ad9bec9b71d840f0f22c90740e70
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff4f1d3b83b386fe368a36112d66e193f81a07d24e2d4f98312fcfb53360d5e0

www.mcafee.com Open in urlscan Pro 92.123.10.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

217 Requests

98 %HTTPS

51 %IPv6

37 Domains

52 Subdomains

42 IPs

8 Countries

4383 kBTransfer

7922 kBSize

48 Cookies

50 Outgoing links

Page URL History

Redirected requests

217 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mcafee.com Open in urlscan Pro
92.123.10.20 Public Scan

Screenshot
Live screenshot

Full Image

217
Requests

98 %
HTTPS

51 %
IPv6

37
Domains

52
Subdomains

42
IPs

8
Countries

4383 kB
Transfer

7922 kB
Size

48
Cookies

217 HTTP transactions
0 data transactions