urlscan.io logo urlscan.io
SecurityTrails logo

www.mcafee.com Open in urlscan Pro
104.89.24.41  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Effective URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Submission: On April 19 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 41 IPs in 6 countries across 36 domains to perform 208 HTTP transactions. The main IP is 104.89.24.41, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.mcafee.com.
TLS certificate: Issued by McAfee OV SSL CA 2 on May 21st 2020. Valid for: 2 years.
This is the only time www.mcafee.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 161.69.25.99 7754 (MCAFEE)
78 104.89.24.41 16625 (AKAMAI-AS)
3 2a00:1450:400... 15169 (GOOGLE)
5 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
5 2a02:26f0:df:... 20940 (AKAMAI-ASN1)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2a02:26f0:170... 20940 (AKAMAI-ASN1)
7 2a00:1450:400... 15169 (GOOGLE)
5 2a03:2880:f01... 32934 (FACEBOOK)
1 2a02:26f0:f7:... 20940 (AKAMAI-ASN1)
1 199.232.188.157 54113 (FASTLY)
2 142.250.185.226 15169 (GOOGLE)
1 2a02:26f0:f7:... 20940 (AKAMAI-ASN1)
7 2a00:1450:400... 15169 (GOOGLE)
3 52.31.55.178 16509 (AMAZON-02)
2 54.235.153.212 14618 (AMAZON-AES)
1 143.204.98.107 16509 (AMAZON-02)
3 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
8 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
9 2a03:2880:f12... 32934 (FACEBOOK)
2 104.244.42.67 13414 (TWITTER)
2 104.244.42.133 13414 (TWITTER)
1 99.81.5.109 16509 (AMAZON-02)
3 13.36.218.177 16509 (AMAZON-02)
1 1 54.229.178.120 16509 (AMAZON-02)
13 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
14 104.75.88.194 16625 (AKAMAI-AS)
1 206.19.49.24 17225 (ATT-CERFN...)
2 2 35.244.174.68 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 34.193.254.175 14618 (AMAZON-AES)
2 104.208.16.0 8075 (MICROSOFT...)
1 216.239.34.21 15169 (GOOGLE)
2 2620:116:800d... 16509 (AMAZON-02)
1 34.246.156.81 16509 (AMAZON-02)
1 2600:9000:231... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 108.156.253.153 16509 (AMAZON-02)
1 2 92.123.225.10 20940 (AKAMAI-ASN1)
1 2 2a02:26f0:f7:... 20940 (AKAMAI-ASN1)
208 41
1    161.69.25.99 (United States)

ASN7754 (MCAFEE, US)
securingtomorrow.mcafee.com
78    104.89.24.41 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-24-41.deploy.static.akamaitechnologies.com
www.mcafee.com
3    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
5    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
5    2a02:26f0:df:3b7::1e80 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
3    2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)
static.addtoany.com
2    2a02:26f0:1700:38a::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
s.go-mpulse.net
02179912.akstat.io
7    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a02:26f0:f7::5c7b:e024 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    199.232.188.157 (Munich, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
www.googleadservices.com
1    2a02:26f0:f7:1af::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
c.go-mpulse.net
7    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    52.31.55.178 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-55-178.eu-west-1.compute.amazonaws.com
dpm.demdex.net
2    54.235.153.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-153-212.compute-1.amazonaws.com
api2932.d41.co
1    143.204.98.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-107.fra50.r.cloudfront.net
cdn-0.d41.co
3    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
8    2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
8    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
9    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    104.244.42.67 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
2    104.244.42.133 (United States)

ASN13414 (TWITTER, US)
t.co
1    99.81.5.109 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-5-109.eu-west-1.compute.amazonaws.com
mcafeeinc.demdex.net
3    13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
smetrics.mcafee.com
1    54.229.178.120 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-178-120.eu-west-1.compute.amazonaws.com
cm.everesttech.net
13    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700:4400::6812:2a27 (United States)

ASN13335 (CLOUDFLARENET, US)
trk.techtarget.com
14    104.75.88.194 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-194.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
1    206.19.49.24 (United States)

ASN17225 (ATT-CERFNET-BLOCK, US)
apt.techtarget.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com
2    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    34.193.254.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-254-175.compute-1.amazonaws.com
tags.srv.stackadapt.com
2    104.208.16.0 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
cu1pehnsweb01.servicebus.windows.net
1    216.239.34.21 (United States)

ASN15169 (GOOGLE, US)
PTR: any-in-2215.1e100.net
jelly.mdhv.io
2    2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
1    34.246.156.81 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-156-81.eu-west-1.compute.amazonaws.com
w.usabilla.com
1    2600:9000:2315:7c00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    108.156.253.153 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-253-153.dus51.r.cloudfront.net
d6tizftlrpuof.cloudfront.net
2    92.123.225.10 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-225-10.deploy.static.akamaitechnologies.com
trial-eum-clientnsv4-s.akamaihd.net
kqj27oc4ppqquys7hswq-ppfza2-5086d1f62-clientnsv4-s.akamaihd.net
2    2a02:26f0:f7::5c7b:e02a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
trial-eum-clienttons-s.akamaihd.net
eaarwyaqcaaaekqce3yab5yaabrf6pfn-ppfza2-6e895c591-clienttons-s.akamaihd.net
Apex Domain
Subdomains		 Transfer
82 mcafee.com
securingtomorrow.mcafee.com
www.mcafee.com
smetrics.mcafee.com
733 KB
14 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 980
137 KB
13 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
296 KB
9 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
725 B
8 google.de
www.google.de — Cisco Umbrella Rank: 5383
995 B
8 google.com
www.google.com — Cisco Umbrella Rank: 4
995 B
8 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
stats.g.doubleclick.net — Cisco Umbrella Rank: 95
9 KB
7 gstatic.com
fonts.gstatic.com
56 KB
5 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 138
375 KB
5 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 491
118 KB
5 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 436
87 KB
4 akamaihd.net
trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 1956
kqj27oc4ppqquys7hswq-ppfza2-5086d1f62-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 1953
eaarwyaqcaaaekqce3yab5yaabrf6pfn-ppfza2-6e895c591-clienttons-s.akamaihd.net
1 KB
4 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 3894
6 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 482
www.linkedin.com — Cisco Umbrella Rank: 603
px4.ads.linkedin.com — Cisco Umbrella Rank: 4702
4 KB
4 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 216
mcafeeinc.demdex.net — Cisco Umbrella Rank: 244528
6 KB
3 d41.co
api2932.d41.co — Cisco Umbrella Rank: 841041
cdn-0.d41.co — Cisco Umbrella Rank: 16237
76 KB
3 addtoany.com
static.addtoany.com — Cisco Umbrella Rank: 3990
60 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
3 KB
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 975
pixel.quantserve.com — Cisco Umbrella Rank: 423
10 KB
2 windows.net
cu1pehnsweb01.servicebus.windows.net — Cisco Umbrella Rank: 224711
309 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 327
798 B
2 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 13709
apt.techtarget.com — Cisco Umbrella Rank: 19110
2 KB
2 t.co
t.co — Cisco Umbrella Rank: 476
438 B
2 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 524
432 B
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 104
32 KB
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1272
c.go-mpulse.net — Cisco Umbrella Rank: 558
52 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 238
82 KB
1 akstat.io
02179912.akstat.io — Cisco Umbrella Rank: 59600
201 B
1 cloudfront.net
d6tizftlrpuof.cloudfront.net
3 KB
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 903
1 KB
1 usabilla.com
w.usabilla.com — Cisco Umbrella Rank: 3338
24 KB
1 mdhv.io
jelly.mdhv.io — Cisco Umbrella Rank: 5353
235 B
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1009
517 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 619
10 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 913
3 KB
208 36
Domain Requested by
78 www.mcafee.com www.mcafee.com
s.go-mpulse.net
14 tags.tiqcdn.com www.mcafee.com
tags.tiqcdn.com
13 www.googletagmanager.com assets.adobedtm.com
www.googletagmanager.com
www.mcafee.com
tags.tiqcdn.com
9 www.facebook.com www.mcafee.com
8 www.google.de www.mcafee.com
8 www.google.com www.mcafee.com
7 googleads.g.doubleclick.net www.googleadservices.com
7 fonts.gstatic.com fonts.googleapis.com
5 connect.facebook.net www.mcafee.com
connect.facebook.net
5 assets.adobedtm.com www.mcafee.com
assets.adobedtm.com
5 cdn.jsdelivr.net www.mcafee.com
4 tags.srv.stackadapt.com tags.tiqcdn.com
tags.srv.stackadapt.com
s.go-mpulse.net
3 smetrics.mcafee.com s.go-mpulse.net
www.mcafee.com
assets.adobedtm.com
3 dpm.demdex.net s.go-mpulse.net
www.mcafee.com
3 static.addtoany.com www.mcafee.com
static.addtoany.com
3 fonts.googleapis.com www.mcafee.com
2 cu1pehnsweb01.servicebus.windows.net s.go-mpulse.net
2 www.google-analytics.com www.googletagmanager.com
s.go-mpulse.net
2 idsync.rlcdn.com 2 redirects
2 t.co www.mcafee.com
2 analytics.twitter.com www.mcafee.com
2 px.ads.linkedin.com 2 redirects
2 api2932.d41.co assets.adobedtm.com
cdn-0.d41.co
2 www.googleadservices.com www.mcafee.com
www.googletagmanager.com
2 cdnjs.cloudflare.com www.mcafee.com
cdnjs.cloudflare.com
1 eaarwyaqcaaaekqce3yab5yaabrf6pfn-ppfza2-6e895c591-clienttons-s.akamaihd.net
1 trial-eum-clienttons-s.akamaihd.net 1 redirects
1 kqj27oc4ppqquys7hswq-ppfza2-5086d1f62-clientnsv4-s.akamaihd.net
1 trial-eum-clientnsv4-s.akamaihd.net 1 redirects
1 02179912.akstat.io s.go-mpulse.net
1 d6tizftlrpuof.cloudfront.net www.mcafee.com
1 stats.g.doubleclick.net s.go-mpulse.net
1 pixel.quantserve.com www.mcafee.com
1 rules.quantcount.com secure.quantserve.com
1 w.usabilla.com www.mcafee.com
1 secure.quantserve.com tags.tiqcdn.com
1 jelly.mdhv.io www.mcafee.com
1 apt.techtarget.com www.mcafee.com
1 trk.techtarget.com www.mcafee.com
1 cm.everesttech.net 1 redirects
1 mcafeeinc.demdex.net assets.adobedtm.com
1 px4.ads.linkedin.com www.mcafee.com
1 www.linkedin.com 1 redirects
1 cdn-0.d41.co assets.adobedtm.com
1 c.go-mpulse.net s.go-mpulse.net
1 static.ads-twitter.com www.mcafee.com
1 snap.licdn.com www.mcafee.com
1 s.go-mpulse.net www.mcafee.com
1 securingtomorrow.mcafee.com 1 redirects
208 49
Subject Issuer Validity Valid
www.mcafee.com
McAfee OV SSL CA 2		 2020-05-21 -
2022-05-21		 2 years crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-10 -
2022-09-10		 a year crt.sh
akstat.io
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-15 -
2023-04-19		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-01-27 -
2022-04-27		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-21 -
2022-07-26		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.d41.co
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-01 -
2023-03-04		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
smetrics.mcafee.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-16 -
2023-01-16		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2022-02-27 -
2023-02-28		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.techtarget.com
Sectigo RSA Domain Validation Secure Server CA		 2021-10-13 -
2022-11-12		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.srv.stackadapt.com
Amazon		 2021-11-09 -
2022-12-07		 a year crt.sh
servicebus.windows.net
Microsoft Azure TLS Issuing CA 05		 2022-04-12 -
2023-04-07		 a year crt.sh
jelly.mdhv.io
GTS CA 1D4		 2022-04-11 -
2022-07-10		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
w.usabilla.com
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh

This page contains 9 frames:

Primary Page: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Frame ID: D0C1861F43BA85E555FD0B4E43994A08
Requests: 199 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: E3CA60EC55A60907B1F081408F5C5384
Requests: 1 HTTP requests in this frame

Frame: https://mcafeeinc.demdex.net/dest5.html?d_nsid=0
Frame ID: EE680CAEF47123F3C76E99D82D6ECEF4
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: CAE8F8F449A4B324843C6764DEC24698
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 462500CF2B1DA3F47491CE26B738D4F6
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 92A0710CAB03518D9254097D219E46BB
Requests: 1 HTTP requests in this frame

Frame: https://w.usabilla.com/1eb8bd09b246.js?lv=1
Frame ID: 2F4ABF2D823386CD1B5C361080DEE562
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
Frame ID: 40CE4A1C76286EFB009D63C32FCDB7EA
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 7D2A42D9D060D0FC52E1F6A15BCB20E0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide

Page URL History Show full URLs

  1. https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-stea... HTTP 301
    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-t... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • addtoany\.com/menu/page\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

208
Requests

98 %
HTTPS

50 %
IPv6

36
Domains

49
Subdomains

41
IPs

6
Countries

2206 kB
Transfer

5858 kB
Size

45
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/ HTTP 301
    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 109
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408621524&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1650408621524%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs%252Fother-blogs%252Fmcafee-labs%252Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408621524&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408621524&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&liSync=true&e_ipv6=AQK8otoB68C4-wAAAYBEBQCFPvTWkjVisqiQ4z30XvKCh6K597CGY1AXocEEz42FL-eCNzRJQsCuSph9521kiOX5mPwAtQ
Request Chain 120
  • https://cm.everesttech.net/cm/dd?d_uuid=81295250020836494103305982488477133149 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl88rAAAAIB6qwP7
Request Chain 148
  • https://idsync.rlcdn.com/365868.gif?partner_uid=81295250020836494103305982488477133149 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomODEyOTUyNTAwMjA4MzY0OTQxMDMzMDU5ODI0ODg0NzcxMzMxNDkQABoNCKz5_JIGEgUI6AcQAEIASgA HTTP 307
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=cd9a3b66acd54e7619ed17022836bad95a518355fa1ea1e25a69a4af04542680b0da87c991749652
Request Chain 205
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=ppfza2qrw HTTP 302
  • https://kqj27oc4ppqquys7hswq-ppfza2-5086d1f62-clientnsv4-s.akamaihd.net/eum/results.txt
Request Chain 206
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=ppfza2qrw HTTP 302
  • https://eaarwyaqcaaaekqce3yab5yaabrf6pfn-ppfza2-6e895c591-clienttons-s.akamaihd.net/eum/results.txt

208 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Redirect Chain
  • https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
  • https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
198 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6c3863ea880020da3633fca5370103fe50b39d3c087ddf08dfcfd7d54f16dd33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
37100
content-type
text/html; charset=UTF-8
date
Tue, 19 Apr 2022 22:50:18 GMT
expires
Tue, 19 Apr 2022 22:50:18 GMT
last-modified
Tue, 19 Apr 2022 21:02:09 GMT
referrer-policy
no-referrer-when-downgrade
server
Apache
server-timing
cdn-cache; desc=REVALIDATE edge; dur=8 origin; dur=601
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-akamai-transformed
9 197453 0 pmb=mTOE,1mRUM,2
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
330
Content-Type
text/html; charset=iso-8859-1
Date
Tue, 19 Apr 2022 22:50:17 GMT
Location
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Server
Apache
main.min.css
www.mcafee.com/enterprise/www/css/ 		79 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/enterprise/www/css/main.min.css
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
02af54bc2bacd59ea605b64bf5a3b880b6d6bae73e5c24a52b49ca2d6d7d3844
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
14909
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 31 Jan 2022 23:38:23 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"13b7c-5d6e947bf59c0-gzip"
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Thu, 01 Jan 1970 00:00:00 GMT
style.min.css
www.mcafee.com/blogs/wp-includes/css/dist/block-library/ 		81 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
11204
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Apr 2022 06:39:18 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 18:23:09 GMT
blocks.style.build.css
www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/dist/ 		27 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.5.0
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
3267
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 15:38:43 GMT
dashicons.min.css
www.mcafee.com/blogs/wp-includes/css/ 		58 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-includes/css/dashicons.min.css?ver=5.9.3
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=34
content-length
35749
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 03:54:27 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 22:19:17 GMT
wpmm.css
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/assets/css/ 		71 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/assets/css/wpmm.css?ver=1.3.7
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ee51b51995f3768e62a8ab777746d972874bace6cd2482629f6e58f37b65e758
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
9844
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:38 GMT
server
Apache
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
expires
Wed, 19 Apr 2023 19:43:30 GMT
wp-megamenu.css
www.mcafee.com/blogs/wp-content/uploads/wp-megamenu/ 		18 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/wp-megamenu/wp-megamenu.css?ver=1.3.7
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c28b11b88f25260096e090cba278a677c0c4f0d1f36570e6c173865d7c261ba6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
1625
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 25 Jan 2022 05:30:03 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 20:48:26 GMT
wpmm-featuresbox.css
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/ 		868 B
684 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/wpmm-featuresbox.css?ver=1
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c7243883df019158d584ad142b9b69ab0ff43312e939b1cd9b44b14c1a1d44f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
322
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:38 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 16:32:50 GMT
wpmm-gridpost.css
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/wpmm-gridpost.css?ver=1
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5fef6314aa3fafeb4b0bc082cb5214b85d89edddb817095796d77875073c2f76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
1484
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:38 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 11:51:08 GMT
style.min.css
www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/ 		2 KB
882 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/style.min.css?ver=1
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c85b89d6b7d92272f7fb5946e61282a75b946883176c9ff73eac557dde75c724
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
519
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Feb 2022 08:49:12 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 20:47:09 GMT
style.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/ 		28 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/style.css?ver=5.9.3
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2433290762f14878390667a857add6770254f0ce19676e8d790eeddfe16b082f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
5824
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 23 Jul 2021 05:58:51 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 17:29:35 GMT
front.css
www.mcafee.com/blogs/wp-content/plugins/super-socializer/css/ 		73 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/super-socializer/css/front.css?ver=7.13.16
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
282656d5ab704ddf2bead855584893e798b59b9b1494b5cf40f73230cc571ee2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
20874
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 19:43:30 GMT
addtoany.min.css
www.mcafee.com/blogs/wp-content/plugins/add-to-any/ 		1 KB
825 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.15
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
20a84f304abfaf56bb829a84199344bca40bf7d4dba451e109a840cbdf728436
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
462
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 19:43:30 GMT
css
fonts.googleapis.com/ 		18 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f66a48a13c4d8604a7f8f41bc198bf10044fc4dd7c0dfc8f8a1d3adc8be91941
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 21:36:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 19 Apr 2022 22:50:19 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 19 Apr 2022 22:50:19 GMT
css
fonts.googleapis.com/ 		9 KB
720 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Oswald%3A200%2C300%2Cregular%2C500%2C600%2C700&ver=1.3.7
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8230dd99a840ebad43aacb1e94192f44d5dd12393a1c0e638feaed0014878d95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 22:50:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 19 Apr 2022 22:50:19 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 19 Apr 2022 22:50:19 GMT
jquery-3.6.0.min.js
www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/jquery-3.6.0.min.js?ver=3.6.0
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=33
accept-ranges
bytes
content-length
89501
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 22:25:03 GMT
jquery-migrate-3.3.2.min.js
www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/jquery-migrate-3.3.2.min.js?ver=3.3.2
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=37
accept-ranges
bytes
content-length
11224
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 14:38:37 GMT
addtoany.min.js
www.mcafee.com/blogs/wp-content/plugins/add-to-any/ 		129 B
480 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
129
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 19:40:15 GMT
wpmm-featuresbox.js
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/ 		488 B
840 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/wpmm-featuresbox.js?ver=1
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
eff0e1854fa55be60eda0bdadc46196855405268c7dd0bfa17bbc659f04c1ae6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:38 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
488
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 12:48:48 GMT
wpmm-gridpost.js
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/wpmm-gridpost.js?ver=1
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2e770bd9e02e484d6aacb06aa5a10129a2a21082b03e3dadeb283c045f61b33e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:38 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
2493
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 19:40:15 GMT
script.min.js
www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/ 		925 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/script.min.js?ver=1
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
656955dd522a5ad6e4854b1ae8cc510c8eafab407ce64ec7957b5c23a8014bd1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Feb 2022 08:49:12 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
925
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 20:55:16 GMT
blog.css
www.mcafee.com/enterprise/www/css/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/enterprise/www/css/blog.css
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4753909d47b250070815b12b4b69fa0500302f30795fa77ccde3227fd10ec3ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=33
content-length
5007
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 01 Feb 2022 21:22:42 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"55aa-5d6fb8058ec80-gzip"
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Thu, 01 Jan 1970 00:00:00 GMT
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/ 		158 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/bootstrap.min.css
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2554115
x-jsd-version
4.6.1
x-cache
MISS, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19177-FRA, cache-hhn4054-HHN
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"278e1-H7g/xZXPKL+TYth2EOrfo7e7vlk"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4CI14ITHMzqNKXxx6lpfLdojp0%2FOt71FLARqkLy4qyMyaCxSZ%2FysyTMwPyqYOkzyq%2BIeodOXkfgOxaIlFqn0i6x%2BtlnliNCL1p%2Bv0pjsB5k2xnTujuOLmqemqS8%2Bf1fVIzekKXzcRXZuTofsRcU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6fe932ccf9309c06-FRA
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		30 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4366137
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5631
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aI8M0F9cAOiaVw5H6Fc4xMiKq5VqXkPpHgNPBTsw1aoKWKILlCTmoEuoLOSQgSmPtpLgey6QWWQn8fGuQJEwzQ2LOaBGiyK9xwth6YkpDBUCeMjP3Ihayh%2FiniHZr5p0S0CfN3rJNoX%2BThutPXYZqEf%2B"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6fe932ccf8279a18-FRA
expires
Sun, 09 Apr 2023 22:50:19 GMT
static_nav.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 		53 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
218d05d13fe4ec02c43381f56d55867da02dbb5ed32c417c2584a44fbbfc8c2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
7985
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 22 Jan 2022 05:57:56 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 15:34:18 GMT
static_footer.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 		18 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_footer.css
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c48971a72486c60216251e89061d7c2b8b03fa57551e0a6be0b7f0f9ab6254c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=17
content-length
2840
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 07 Jan 2022 13:21:38 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 18:40:00 GMT
slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css?ver=5.6.3
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2554117
x-jsd-version
1.8.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19175-FRA, cache-hhn4068-HHN
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pitZ3cGb1aPqsfk2DBnysdvGBtmSCBXU%2FSHuegbyVDkyz4WNpq4yaJaERUcIv9RBOJ%2BqgREE6cR1tBnVh%2BuCo7INPcG2oFz5VW9%2FdR4Io9X29rG6YyFU%2B04o8nwM3VTYhlzRyvE2k6FNb2wnu5c%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6fe932ccfb6f9bf8-FRA
newtheme-style.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 		80 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e906436e21a8490ebb646535185815624343377d407320f064f69045f3332f4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
13865
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 19 Apr 2022 10:06:29 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000
content-type
text/css; charset=utf-8
cache-control
max-age=14400, public
accept-ranges
bytes
expires
Wed, 19 Apr 2023 21:08:23 GMT
McAfeeHzRed.svg
www.mcafee.com/content/dam/consumer/en/company-logo/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/content/dam/consumer/en/company-logo/McAfeeHzRed.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8474952f856a73d936c67fc73c4b330547430caec755cab2ee773a626ec03988
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://pam.mcafee.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
frame-ancestors https://pam.mcafee.com
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 13:48:31 GMT
server
Apache
x-frame-options
DENY
etag
"b88-5dc896ed09fb0"
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000
date
Tue, 19 Apr 2022 22:50:19 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
2952
x-mcafee-cache
365-days
expires
Wed, 19 Apr 2023 22:50:19 GMT
chevron-up-black.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		265 B
601 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/chevron-up-black.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9dee9f7724ca98ec632aadeee67d695806122f2ceae9b874dbc47f4535345ce9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 23 Jul 2021 05:58:51 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
265
x-content-type-options
nosniff
expires
Fri, 13 May 2022 21:05:18 GMT
search_icon_black.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/search_icon_black.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5c911eb39ad184a724aac53d6e259a6c1598d9d4341ca481f9db71e22c76b6bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 09 Nov 2021 07:08:51 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
1211
x-content-type-options
nosniff
expires
Thu, 19 May 2022 09:53:19 GMT
cross-grey-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		447 B
783 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
75b43df6930d03341e76a75dcd100473926121ac0e707825a0e73e5666d7ff97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 28 Jul 2021 11:04:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
447
x-content-type-options
nosniff
expires
Tue, 10 May 2022 11:41:58 GMT
globe-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/globe-icon.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 26 Jul 2021 04:39:06 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
1087
x-content-type-options
nosniff
expires
Fri, 13 May 2022 21:05:18 GMT
facebook.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		691 B
919 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/facebook.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
c2360a63214a4c506ea53b464da6013fad961ec65f5ac3132f2d161b70e20b86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 17 Aug 2021 05:32:24 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=2357642
server-timing
cdn-cache; desc=HIT, edge; dur=2
content-length
691
expires
Tue, 17 May 2022 05:44:21 GMT
linkedin.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		775 B
1003 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/linkedin.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
6f5900b58770638d1557e62f3a54eb5d2565562eb8050e68d63954dbf6ee77d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 17 Aug 2021 05:32:23 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=2357786
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
775
expires
Tue, 17 May 2022 05:46:45 GMT
twitter.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		806 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/twitter.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
ff91452f83ca176dd6aef8ddca1f0eef9b1a7edade26ca0167e1e93485ed088c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 17 Aug 2021 05:32:33 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=2357995
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
806
expires
Tue, 17 May 2022 05:50:14 GMT
email.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		734 B
962 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/email.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
c48dfe2811b178d0d09b499f4c07d74f6c417e4bc14eafce2b3c94781548bd7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 17 Aug 2021 05:32:34 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=2357622
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
734
expires
Tue, 17 May 2022 05:44:01 GMT
link.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		844 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/link.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
c776499873d7afef2f42887296b1a505c237a4dd3f2fe60c8c34116dd9e9a3ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 19 Oct 2021 15:20:28 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=837313
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
844
expires
Fri, 29 Apr 2022 15:25:32 GMT
facebook-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		509 B
839 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/facebook-white.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7d96d2e1b074aae1837dca30f5a377b312196ebec0060a99c7d64655bae7c05b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 09 Aug 2021 11:05:19 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
509
x-content-type-options
nosniff
expires
Wed, 18 May 2022 08:25:26 GMT
twitter-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/twitter-white.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
48a3f2f17c97ab0f447cbf07748755c5fb27841a0f20149519bd6f4be5274e9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 09 Aug 2021 11:05:19 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
1595
x-content-type-options
nosniff
expires
Fri, 13 May 2022 08:10:49 GMT
instagram-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/instagram-white.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c8801a050e21e0e0aef39f1517a6dcce6d56a71950460282d873f4553cd98977
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 09 Aug 2021 11:05:19 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
3442
x-content-type-options
nosniff
expires
Fri, 06 May 2022 09:15:01 GMT
linkedin-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		888 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/linkedin-white.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
47826fb7ccc2189d0bedd25fc09c57b8dab9b03ce66d60f02af04f78f1001b20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 09 Aug 2021 11:05:19 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
888
x-content-type-options
nosniff
expires
Mon, 09 May 2022 21:19:47 GMT
youtube-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		993 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/youtube-white.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8dbf13ee25ebb0469215de647614d72bc7828eefd22b2a2779b283e7a67af8fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 09 Aug 2021 11:05:19 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
993
x-content-type-options
nosniff
expires
Thu, 05 May 2022 16:57:07 GMT
rss-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		744 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/rss-white.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
003c5212fe084a97fd7fd753297fe409de81f1be36fa96caced384c844d3d361
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 09 Aug 2021 11:05:19 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
744
x-content-type-options
nosniff
expires
Tue, 10 May 2022 12:50:24 GMT
300x200_Blog_ukrainescam.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/04/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2022/04/300x200_Blog_ukrainescam.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
ae76c1a3226452722f7648a7a0d0a0bc030afaab66d0bf5f2a26146e3ec0303b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Fri, 01 Apr 2022 21:22:14 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
no-transform, max-age=1031546
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
14224
expires
Sun, 01 May 2022 21:22:45 GMT
300x200_Blog_scamparty.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_scamparty.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
7716b50cc0675d22d9f9cf1224e282269b57a7d6a3a4541f3b9b48862df03419
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Thu, 10 Mar 2022 19:24:17 GMT
x-serial
1128
strict-transport-security
max-age=31536000
content-type
image/webp
x-check-cacheable
YES
cache-control
no-transform, max-age=1456486
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
16128
server
Akamai Image Manager
expires
Fri, 06 May 2022 19:25:05 GMT
300x200_Blog_phonenotifications.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_Blog_phonenotifications.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
d8d255d26500377962ab84e9578971dd558a5772b8d6bbbb8a16e98f55a3611b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Thu, 24 Feb 2022 00:16:27 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
no-transform, max-age=2511133
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
17006
expires
Thu, 19 May 2022 00:22:32 GMT
300x200_maskingIP.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_maskingIP.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
b6008a46367feb68269adff71ca0507a7ffa2fafffa8c3af83a4f6f6518936e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Fri, 04 Feb 2022 22:57:46 GMT
x-serial
1589
strict-transport-security
max-age=31536000
content-type
image/webp
x-check-cacheable
YES
cache-control
no-transform, max-age=2067024
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
20746
server
Akamai Image Manager
expires
Fri, 13 May 2022 21:00:43 GMT
300x200_HANCITOR.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/12/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2021/12/300x200_HANCITOR.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
f266dd76093d18576935f25c75b429165ae83e5630b6e723f282c5e2eeb00c1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 25 Jan 2022 05:44:32 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
no-transform, max-age=2067115
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
14448
expires
Fri, 13 May 2022 21:02:14 GMT
300x200_SeasonforScams.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/11/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2021/11/300x200_SeasonforScams.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
24d11f91b5546461b004b858c726ef1228ca8fa47e5e09b2e39f3789c9413447
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 25 Jan 2022 05:44:33 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
no-transform, max-age=2066869
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
23198
expires
Fri, 13 May 2022 20:58:08 GMT
300x200_Squirrelwaffle.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/11/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2021/11/300x200_Squirrelwaffle.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
89b9296a15088c3885813778cff511c9ed386423aa985e3c4a374295163fcd51
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Thu, 17 Mar 2022 20:58:17 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
no-transform, max-age=2066931
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
12564
expires
Fri, 13 May 2022 20:59:10 GMT
300x200_AndroidGaming.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/10/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2021/10/300x200_AndroidGaming.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
e26c61587827a4d320d0766a1d979cdcdf9ca93cd7323e2aff6822b7ba39b15f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Fri, 18 Feb 2022 20:58:09 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
no-transform, max-age=2067051
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
9132
expires
Fri, 13 May 2022 21:01:10 GMT
300x200_powerpoint.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/09/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2021/09/300x200_powerpoint.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
a535c591be3492fdf85462e10f231e43c2e6e3becd254698dc508b9b7e15c3a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Fri, 18 Feb 2022 20:58:08 GMT
x-serial
1504
strict-transport-security
max-age=31536000
content-type
image/webp
x-check-cacheable
YES
cache-control
no-transform, max-age=2067093
server-timing
cdn-cache; desc=HIT, edge; dur=2
content-length
14730
server
Akamai Image Manager
expires
Fri, 13 May 2022 21:01:52 GMT
300x200_MalwareMexico.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/09/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2021/09/300x200_MalwareMexico.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
d5cd84cc07e1b1de269767307530f3d99a79ea0387d98a4fb9e9b0f65cb09a23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Fri, 18 Feb 2022 20:58:08 GMT
x-serial
71
strict-transport-security
max-age=31536000
content-type
image/webp
x-check-cacheable
YES
cache-control
no-transform, max-age=2067251
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
10142
server
Akamai Image Manager
expires
Fri, 13 May 2022 21:04:30 GMT
300x200_MalwareIndia.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/09/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2021/09/300x200_MalwareIndia.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
6dc29b86dd6cb91a632a411bddaddb571dff296f2628cbc4f666c36ef54a6e3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Thu, 17 Mar 2022 20:52:42 GMT
x-serial
1273
strict-transport-security
max-age=31536000
content-type
image/webp
x-check-cacheable
YES
cache-control
no-transform, max-age=2066699
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
5862
server
Akamai Image Manager
expires
Fri, 13 May 2022 20:55:18 GMT
300x200_RiseofDeepLearning.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/08/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2021/08/300x200_RiseofDeepLearning.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
485d3d9905192b37c2b35167d3f095bb1bc3804fb272e533342f182b5dce4165
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Fri, 18 Feb 2022 20:58:07 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
no-transform, max-age=2066865
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
21972
expires
Fri, 13 May 2022 20:58:04 GMT
logo-red.svg
www.mcafee.com/content/dam/consumer/en/company-logo/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/content/dam/consumer/en/company-logo/logo-red.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d3704d9797dce227e5032123ba2c7744319bf51460b1f5a54e21ec3d9952004e
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://pam.mcafee.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
frame-ancestors https://pam.mcafee.com
x-content-type-options
nosniff
last-modified
Thu, 14 Apr 2022 01:49:30 GMT
server
Apache
x-frame-options
DENY
etag
"e1a-5dc93813f3a5b"
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000
date
Tue, 19 Apr 2022 22:50:19 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
3610
x-mcafee-cache
365-days
expires
Wed, 19 Apr 2023 22:50:19 GMT
backtotop.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		742 B
1000 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/backtotop.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
b948b4e3f54ac94c26f8ca688fb6f84974e5f95128bd291213562ada2b854c8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 25 Jan 2022 06:03:45 GMT
x-serial
1355
strict-transport-security
max-age=31536000
content-type
image/png
x-check-cacheable
YES
cache-control
no-transform, max-age=2067037
server-timing
cdn-cache; desc=HIT, edge; dur=3
content-length
742
server
Akamai Image Manager
expires
Fri, 13 May 2022 21:00:56 GMT
navigation.js
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/navigation.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ff4f1d3b83b386fe368a36112d66e193f81a07d24e2d4f98312fcfb53360d5e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 24 Jan 2022 09:37:18 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
1617
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 15:40:10 GMT
jquery.slim.min.js
cdn.jsdelivr.net/npm/jquery@3.5.1/dist/ 		71 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2554092
x-jsd-version
3.5.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19149-FRA, cache-hhn4052-HHN
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"11abc-z42YIVUtUbtQzlcuaWq6EwkGWAA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FZtHl0jpxhgp%2FACcmuFe%2FlWjxDbfcNdC%2BVmYa7J5aYQuhxw3jAkVbqIU%2FdpOiq3pWmdryMNkcqV04Q%2BukIrk4x78SVeiDgf8Zzj1ka23nxN5HK00oc%2FoJU4cNeI1biqSX0nKVsPfICEoxW9Pwlo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6fe932cd89e49c06-FRA
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/ 		81 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/bootstrap.bundle.min.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2554116
x-jsd-version
4.6.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19132-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"14535-A2PLWLentg73+/gri862MFIyUBo"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iu0e6F%2BCYntmQTEjirj8zvVGbYocm%2F6ZOCzuFHNVso2E5Ep54WvEuol3xz9xGUH53rd7zk0yZECalm%2Bd0mML%2BXxS0NnKu8hcjUSUUsdM8sfSr28NXy8qQ9ukUFaVXtZqmHdEHicYz%2BcW2AVVa%2Fc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6fe932cddf0d9a0f-FRA
slick.min.js
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 		42 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js?ver=10faaf528e636a046163bdb6753031b2
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2554119
x-jsd-version
1.8.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19152-FRA, cache-hhn4071-HHN
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CmEY0PL2fCLsmvqfBQ9A%2BLSCN9PmW1njqhkNNuNUqLAA1RPNSsJdxLMLiAPfcj1inkv5JVBq11egYTCBag8D0st3K37eSwA9JWAaBevWxPB7QXUjMxx2ZQxT2L5F30J5DGIx%2F3cI0Ynm9bWba8g%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6fe932ce0df59196-FRA
launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
assets.adobedtm.com/ 		335 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:df:3b7::1e80 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
6d4d659f4b34d65df2bfac351dda22f2a050352cbebf8f5df3fcb109018f945e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
last-modified
Thu, 31 Mar 2022 21:15:50 GMT
server
AkamaiNetStorage
etag
"f4f97dfb86834a4f03017580725d0f33:1648761350.205862"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.mcafee.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
95958
expires
Tue, 19 Apr 2022 23:50:19 GMT
mpp-frontend.js
www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/js/ 		331 B
683 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.5.0
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
331
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 20:03:32 GMT
hlst-extend.min.js
www.mcafee.com/blogs/wp-content/plugins/highlight-search-terms/ 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/highlight-search-terms/hlst-extend.min.js?ver=1.5
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
11ad34354aa42ea83ed45226016e50b8fe825c1a213c57e998af4cd7a251ec7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
6701
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 21:06:03 GMT
shortcodes.js
www.mcafee.com/blogs/wp-content/plugins/social-polls-by-opinionstage/public/js/ 		439 B
791 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.7.9
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
25afe676005c046f770992aa6e09eb9cbd6f73ee0b51000efd239fbc4ac600e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:43 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=17
accept-ranges
bytes
content-length
439
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 22:25:03 GMT
wpmm.js
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/assets/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/assets/js/wpmm.js?ver=1.3.7
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9b9e485828e3ab9be4f5285e9214960c209adae3a0e6332e869a5b104007008f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:38 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
7883
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 21:07:34 GMT
theme-script.js
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/theme-script.js?ver=5.9.3
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 23 Jul 2021 05:58:51 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
3736
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 19:12:26 GMT
skip-link-focus-fix.min.js
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 		325 B
677 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/skip-link-focus-fix.min.js?ver=20151215
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 23 Jul 2021 05:58:51 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
325
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 20:48:27 GMT
general.js
www.mcafee.com/blogs/wp-content/plugins/super-socializer/js/front/social_login/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-content/plugins/super-socializer/js/front/social_login/general.js?ver=7.13.16
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
bdbc00de393216f6118f704088accc9ebddd220480741d5ed088c01f46f84088
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Jun 2021 04:03:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
1433
x-content-type-options
nosniff
expires
Wed, 19 Apr 2023 16:22:05 GMT
FZlJEMRw
www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/ 		84 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/FZlJEMRw
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fa43fd4073d3976c0bc94de0d58e6f81290443515528b60e80aa889fa38f80c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
last-modified
Mon, 28 Feb 2022 19:29:24 GMT
etag
"a7a61709860c0c57ec0c92584ae4f1bc214dfc71043ea43843572e55d14841f6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=21600
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=31536000
content-length
20456
wp-emoji-release.min.js
www.mcafee.com/blogs/wp-includes/js/ 		18 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/blogs/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 26 Jan 2022 06:39:27 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=14400, public
content-disposition
inline
server-timing
cdn-cache; desc=HIT, edge; dur=16
accept-ranges
bytes
content-length
18181
x-content-type-options
nosniff
expires
Tue, 18 Apr 2023 05:43:04 GMT
page.js
static.addtoany.com/menu/ 		72 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
via
e1s
x-content-type-options
nosniff
cf-cache-status
HIT
age
46791
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 01 Dec 2021 08:23:25 GMT
server
cloudflare
etag
W/"11ee2-5d2116348919c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=172800
cf-ray
6fe932ce3c5b9244-FRA
cf-bgj
minify
css2
fonts.googleapis.com/ 		19 KB
981 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5d60ce49f261c72be59ec3eda251d9f890be64e5f98390633c391ae53ba5b0b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 21:07:23 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 19 Apr 2022 22:50:19 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 19 Apr 2022 22:50:19 GMT
LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
s.go-mpulse.net/boomerang/ 		204 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:1700:38a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4dafc5d60a0cdc3b677a4cd543239bead37d550f86d89ec5210935ba15872ce1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
br
last-modified
Tue, 18 Jan 2022 06:15:03 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
timing-allow-origin
*
content-length
50742
gray-arrowdwn.svg
www.mcafee.com/content/dam/en-us/test-assets/header-redesign/ 		179 B
523 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/content/dam/en-us/test-assets/header-redesign/gray-arrowdwn.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2170edf920df8db1736b378cacb7cbbb19d9693f32a60348d31e285ab9744591
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://pam.mcafee.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
frame-ancestors https://pam.mcafee.com
x-content-type-options
nosniff
last-modified
Fri, 15 Apr 2022 01:21:35 GMT
server
Apache
x-frame-options
DENY
etag
"b3-5dca73b3ec428"
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000
date
Tue, 19 Apr 2022 22:50:19 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
179
x-mcafee-cache
365-days
expires
Wed, 19 Apr 2023 22:50:19 GMT
pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 19:33:39 GMT
x-content-type-options
nosniff
age
530200
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8000
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:11:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Apr 2023 19:33:39 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v19/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v19/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 19:31:44 GMT
x-content-type-options
nosniff
age
530315
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7884
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:17:03 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Apr 2023 19:31:44 GMT
pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 19:30:32 GMT
x-content-type-options
nosniff
age
530387
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7840
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:11:22 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Apr 2023 19:30:32 GMT
blue-right-arrow.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/blue-right-arrow.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5d4ac009da7f99e32023b5d21c87939275d1561bf80e4737aa5d61beba675f29
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 18 Aug 2021 05:39:36 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public, public
server-timing
cdn-cache; desc=HIT, edge; dur=6
accept-ranges
bytes
content-length
1332
x-content-type-options
nosniff
expires
Tue, 17 May 2022 05:16:27 GMT
Ryan.jpg
www.mcafee.com/blogs/wp-content/uploads/2018/07/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2018/07/Ryan.jpg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
d0444653d0b6016785ad1489d32bc5b5185e740c125312f1f4f0c4e19e2b46c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Sat, 19 Feb 2022 09:32:14 GMT
x-serial
1409
strict-transport-security
max-age=31536000
content-type
image/webp
x-check-cacheable
YES
cache-control
no-transform, max-age=2127710
server-timing
cdn-cache; desc=MISS, edge; dur=64, origin; dur=149
content-length
6048
server
Akamai Image Manager
expires
Sat, 14 May 2022 13:52:09 GMT
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2255724
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
77160
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-12d68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hRrac23grS%2FTlK0KOROPfvhha8bkZLbrKZo00PozNika1fbFBAv28vBYQgsukaItTu4jcQc%2B0FehTBdvMwtnISYzSw0AujQlebFgYDCSswE29zdfu32XlkRDk%2FBMqI6rkicJyF%2FCLTy4WTHYNpOVdvOV"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6fe932ce78c2912a-FRA
expires
Sun, 09 Apr 2023 22:50:19 GMT
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 19:31:44 GMT
x-content-type-options
nosniff
age
530315
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7816
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:11:40 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Apr 2023 19:31:44 GMT
pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 		7 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
17ea10196a490a8d3b8da162c7d4af9c301c5229f70af90dad6fa33eb951d83f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:38:18 GMT
x-content-type-options
nosniff
age
22321
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7632
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:17:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Apr 2023 16:38:18 GMT
pxiGyp8kv8JHgFVrJJLucHtA.woff2
fonts.gstatic.com/s/poppins/v19/ 		8 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v19/pxiGyp8kv8JHgFVrJJLucHtA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 19:34:08 GMT
x-content-type-options
nosniff
age
530171
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8668
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:10:31 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Apr 2023 19:34:08 GMT
opensans-regular-webfont.woff2
www.mcafee.com/enterprise/www/css/fonts/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/enterprise/www/css/fonts/opensans-regular-webfont.woff2
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/enterprise/www/css/main.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
50c8022116d8105e7c9af1cb08f1e21c26f3f8516875bba1013fe4cbdd166a8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mcafee.com/enterprise/www/css/main.min.css
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 23 Jun 2021 06:28:08 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"48b4-5c56902840e00"
strict-transport-security
max-age=31536000
content-type
application/font-woff2
x-xss-protection
1; mode=block
content-disposition
attachment
server-timing
cdn-cache; desc=REVALIDATE, edge; dur=4, origin; dur=127
accept-ranges
bytes
content-length
18612
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mcafee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 19:32:58 GMT
x-content-type-options
nosniff
age
530241
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7748
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:15:31 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Apr 2023 19:32:58 GMT
20180412-GhostSecret-1.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 		63 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-1.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
678e8e73815c022d0dd0a7cb8eaf7a37d5c7759c692ad945a5f042bc36a5a6e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 25 Jan 2022 13:38:45 GMT
x-serial
1634
strict-transport-security
max-age=31536000
content-type
image/webp
x-check-cacheable
YES
cache-control
no-transform, max-age=2354166
server-timing
cdn-cache; desc=MISS, edge; dur=1, origin; dur=348
content-length
64370
server
Akamai Image Manager
expires
Tue, 17 May 2022 04:46:25 GMT
20180412-GhostSecret-2.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-2.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
ab05c963114aa7b9486b6fffd9409af3cb1aa0f55762f72819b23df7cefb429d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Wed, 26 Jan 2022 14:00:50 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=2401147
server-timing
cdn-cache; desc=HIT, edge; dur=49
content-length
5938
expires
Tue, 17 May 2022 17:49:26 GMT
20180412-GhostSecret-3.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-3.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
d384a06e51a2768147e3cc3cb97d5b09c2bdb6b2e0e4bc238ebd76bd1cfac850
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Wed, 26 Jan 2022 14:00:51 GMT
x-serial
190
strict-transport-security
max-age=31536000
content-type
image/webp
x-check-cacheable
YES
cache-control
no-transform, max-age=2332448
server-timing
cdn-cache; desc=MISS, edge; dur=1, origin; dur=351
content-length
47410
server
Akamai Image Manager
expires
Mon, 16 May 2022 22:44:27 GMT
20180412-GhostSecret-4.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-4.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
559afeaefaee506a69375fb058a699f782b2246c40810f6b4a6cd967981aec0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Wed, 26 Jan 2022 14:00:49 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=2291540
server-timing
cdn-cache; desc=HIT, edge; dur=37
content-length
6435
expires
Mon, 16 May 2022 11:22:39 GMT
20180412-GhostSecret-5.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-5.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
7bdf7d3d48d514d3537d7849fe90f75475ab2bf49c2b65b5c5aed0c9bcdeeca8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Tue, 01 Feb 2022 19:52:51 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=2332553
server-timing
cdn-cache; desc=HIT, edge; dur=33
content-length
5546
expires
Mon, 16 May 2022 22:46:12 GMT
20180412-GhostSecret-6.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-6.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
accd271a82a97837718c0a3bf0e1c6fad3ac21f801dce9ae10a66de015a681da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Wed, 26 Jan 2022 14:00:51 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=2387813
server-timing
cdn-cache; desc=HIT, edge; dur=165
content-length
8291
expires
Tue, 17 May 2022 14:07:12 GMT
20180412-GhostSecret-7.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-7.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
baa8b1d358b515d8b7e9622eca0fed65802a19df40e23b7c67138d04f141827b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Wed, 26 Jan 2022 14:00:54 GMT
x-serial
119
strict-transport-security
max-age=31536000
content-type
image/png
x-check-cacheable
YES
cache-control
no-transform, max-age=131051
server-timing
cdn-cache; desc=MISS, edge; dur=1, origin; dur=244
content-length
13421
server
Akamai Image Manager
expires
Thu, 21 Apr 2022 11:14:30 GMT
fbevents.js
connect.facebook.net/en_US/ 		99 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26311
x-xss-protection
0
pragma
public
x-fb-debug
QrI6VVQBtB8pouyQQKE2veZd0nFg5TpM0MHbtWbdKNXv43x2ju0QQB8d5L+LYiHwxwEjEG36f6HrVYY/Cq8ILg==
x-fb-trip-id
686109401
x-frame-options
DENY
date
Tue, 19 Apr 2022 22:50:19 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
662
Date
Tue, 19 Apr 2022 22:50:19 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
X-EdgeConnect-MidMile-RTT
0
X-EdgeConnect-Cache-Status
1
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=36966
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
uwt.js
static.ads-twitter.com/ 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dd0aab4060ef1c321293aa501648b607c5b2123b504db705357a90b560fb855c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 19:47:38 GMT
etag
"ddc5cdcd86497322d9e46464798180f9+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
9501
x-served-by
cache-iad-kjyo7100047-IAD, cache-muc13983-MUC
conversion.js
www.googleadservices.com/pagead/ 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
9f2fc412da514ae1b4748fb922a7e06c5aab9a29296e3c021f86513f6a1e8ae5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17225
x-xss-protection
0
server
cafe
etag
16958488767326041532
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 19 Apr 2022 22:50:19 GMT
sm.23.html
static.addtoany.com/menu/ Frame E3CA 		741 B
784 B 		Document
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/sm.23.html
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1924500
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=315360000, immutable
cf-cache-status
HIT
cf-ray
6fe932d00fb49ba0-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 19 Apr 2022 22:50:19 GMT
etag
W/"2e5-5cc9e128a4c38"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Wed, 22 Sep 2021 23:42:51 GMT
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
e4s
x-content-type-options
nosniff
truncated
/ 		34 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/gif
icons.30.svg.js
static.addtoany.com/menu/svg/ 		77 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/svg/icons.30.svg.js
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
via
e3s
x-content-type-options
nosniff
cf-cache-status
HIT
age
7312901
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 10 Nov 2021 01:49:04 GMT
server
cloudflare
etag
W/"132a9-5d0656e4a26b3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
max-age=315360000, immutable
cf-ray
6fe932d00fb69ba0-FRA
cf-bgj
minify
config.json
c.go-mpulse.net/api/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC&d=www.mcafee.com&t=5501362&v=1.737.0&sl=0&si=1e5dd090-ab79-4c52-ad22-eca80a741ec8-ralzfv&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=250743
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f7:1af::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a3935c241510b950f45880b82b60284f71f326a55288071821a8f0961798c449

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 22:50:19 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
1675
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/?random=1650408621403&cv=9&fst=1650408621403&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
10ec331a7fa46e4439aafe4e1b107bb6469ce6d8ed0fe8acdc77f0d590fc4412
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1078
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
448732493334171
connect.facebook.net/signals/config/ 		307 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/448732493334171?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
125214d6e905ae98a9b8cc8664244c3dce376d6e32e59f294878762a0eec128f
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
89181
x-xss-protection
0
pragma
public
x-fb-debug
0DyCZg68M31z/3sZ4O2AQjDZjXDBjYSRsmckVxNiD7xri6KFLcETsO4DrdzMYvS+vLZRFsyfUmoJIO8QcfxHJg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 19 Apr 2022 22:50:19 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
id
dpm.demdex.net/ 		526 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=A729776A5245B1590A490D44%40AdobeOrg&d_nsid=0&ts=1650408621473
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.55.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-31-55-178.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b0abefe062d78a4a0fd0d9f49407c4c18644ee30d80137ef2770e1dae20d2144
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-2-v031-0f52fd261.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
qOHt+1btRqI=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.mcafee.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
361
Expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:df:3b7::1e80 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
last-modified
Tue, 02 Jun 2020 21:30:12 GMT
server
AkamaiNetStorage
etag
"41f1b46329a6056c0f2c993498eda989:1591133412.019903"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.mcafee.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12161
expires
Tue, 19 Apr 2022 23:50:19 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:df:3b7::1e80 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
last-modified
Tue, 02 Jun 2020 21:30:12 GMT
server
AkamaiNetStorage
etag
"e9aa55ef8b40a205f86b54789b37de5c:1591133412.323749"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.mcafee.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1607
expires
Tue, 19 Apr 2022 23:50:19 GMT
AppMeasurement_Module_AudienceManagement.min.js
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_AudienceManagement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:df:3b7::1e80 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
content-encoding
gzip
last-modified
Tue, 02 Jun 2020 21:30:12 GMT
server
AkamaiNetStorage
etag
"7324535d27629ca693bad7fd0da315ea:1591133412.560246"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.mcafee.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
8764
expires
Tue, 19 Apr 2022 23:50:19 GMT
/
api2932.d41.co/sync/ 		0
516 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api2932.d41.co/sync/
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.235.153.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-235-153-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 22:50:20 GMT
Referrer-Policy
no-referrer-when-downgrade
Expect-CT
max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
access-control-allow-origin
https://www.mcafee.com
Cache-Control
no-cache, no-store
access-control-allow-credentials
true
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-XSS-Protection
1; mode=block
dnb_coretag_v4.min.js
cdn-0.d41.co/tags/ 		74 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-107.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 19 Apr 2022 22:50:02 GMT
Via
1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront)
Last-Modified
Thu, 18 Nov 2021 14:57:32 GMT
Server
AmazonS3
Age
74
ETag
"c5b0d60b7c887bcae6d8897835a15d14"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Connection
keep-alive
X-Amz-Cf-Pop
FRA50-C1
Accept-Ranges
bytes
Content-Length
76079
X-Amz-Cf-Id
5PG-ArplLXUn3WcfDDyMiKNKl8J6NJBa8M6ZtQ_pkiFjjEH061IXyw==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408621524&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-st...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1650408621524%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408621524&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-st...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408621524&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-s...
0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408621524&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&liSync=true&e_ipv6=AQK8otoB68C4-wAAAYBEBQCFPvTWkjVisqiQ4z30XvKCh6K597CGY1AXocEEz42FL-eCNzRJQsCuSph9521kiOX5mPwAtQ
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 8C6BAA74E7ED494A8A8EC549375D6D65 Ref B: FRAEDGE1108 Ref C: 2022-04-19T22:50:20Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXdCbOOcltcFiGmRQUeAg==
x-li-fabric
prod-lva1

Redirect headers

date
Tue, 19 Apr 2022 22:50:20 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 556A722EB79347DDB1C4BDDD743A0CA3 Ref B: FRAEDGE0707 Ref C: 2022-04-19T22:50:20Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408621524&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&liSync=true&e_ipv6=AQK8otoB68C4-wAAAYBEBQCFPvTWkjVisqiQ4z30XvKCh6K597CGY1AXocEEz42FL-eCNzRJQsCuSph9521kiOX5mPwAtQ
x-li-proto
http/2
content-length
0
x-li-uuid
AAXdCbOJsk7Xloi6HfXyPQ==
/
www.google.com/pagead/1p-user-list/975085349/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/975085349/?random=1650408621403&cv=9&fst=1650405600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&fmt=3&is_vtc=1&random=2884460951&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/975085349/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/975085349/?random=1650408621403&cv=9&fst=1650405600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&fmt=3&is_vtc=1&random=2884460951&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
187610925152304
connect.facebook.net/signals/config/ 		307 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/187610925152304?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4efd0e4384f1de3d392d29f8a82bdd641c68d4d743105b7797b56237af1eb8ee
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
89118
x-xss-protection
0
pragma
public
x-fb-debug
oE3XOjYN5VYPD593XxlEVlyLRRxnHoC7d/WGKMKf4jTGOGuUPYbAEj9gXGIYMepDHjrG0zi3GL+sR4xHwXkVrQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 19 Apr 2022 22:50:19 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=448732493334171&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408621561&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650408621559.1698736563&it=1650408621418&coo=false&exp=p1&rqm=GET
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Tue, 19 Apr 2022 22:50:19 GMT
adsct
analytics.twitter.com/i/ 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=736cf697-0ecb-4b43-94bd-e004b52e875b&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
104
date
Tue, 19 Apr 2022 22:50:20 GMT
server
tsa_o
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
5fc3a114a7801faf54dafffa748db89b13ed3e02d22a68599c7ec178cc9ab5e6
content-length
43
adsct
t.co/i/ 		43 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.3.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=736cf697-0ecb-4b43-94bd-e004b52e875b&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
111
date
Tue, 19 Apr 2022 22:50:19 GMT
server
tsa_o
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
71a4db8d2255e25274c0ca8736215610fd1ea13b64ae1ccf170ab9b89dfdc8c2
content-length
43
766537420057144
connect.facebook.net/signals/config/ 		307 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/766537420057144?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cf718792729fdd90fa7a301c371e0bd6b1bab7df4ec664bfa7e7f0656a58b87c
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
89118
x-xss-protection
0
pragma
public
x-fb-debug
pV2X4v4STsK0GXR/mG6TyS1jybBJBgwsff6Mx3IOzDGjkZtrBxohmPRR9KGUI5NlNn9baHCPlSr5JfxoykYJkA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 19 Apr 2022 22:50:19 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=187610925152304&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408621605&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650408621559.1698736563&it=1650408621418&coo=false&exp=p1&rqm=GET
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Tue, 19 Apr 2022 22:50:19 GMT
dest5.html
mcafeeinc.demdex.net/ Frame EE68 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mcafeeinc.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.81.5.109 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-5-109.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-1-v031-096666b20.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
CRLhLy2yQ7Y=
content-encoding
gzip
date
Tue, 19 Apr 2022 22:50:20 GMT
last-modified
Wed, 13 Apr 2022 14:59:55 GMT
vary
accept-encoding
id
smetrics.mcafee.com/ 		48 B
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://smetrics.mcafee.com/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&mid=89296311227772837752800260770345300576&ts=1650408621674
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
b214cccddc7befa6c82212f0d757ccedba128ce1ea11a20a14a6b20f7ce79557
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7b6f4bb9f7-xdr2p
vary
Origin
x-c
main-1637.I660130.M0-562
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.mcafee.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Yl88rAAAAIB6qwP7
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=81295250020836494103305982488477133149
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl88rAAAAIB6qwP7
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl88rAAAAIB6qwP7
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
HTTP/1.1
Server
52.31.55.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-31-55-178.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v031-078b4ff78.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
kHeMtAnGSqc=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl88rAAAAIB6qwP7
Date
Tue, 19 Apr 2022 22:50:20 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
/
www.facebook.com/tr/ 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=766537420057144&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408621758&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650408621559.1698736563&it=1650408621418&coo=false&exp=p1&rqm=GET
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Tue, 19 Apr 2022 22:50:20 GMT
api
api2932.d41.co/ 		55 B
605 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api2932.d41.co/api?req=api2932&form=json
Requested by
Host: cdn-0.d41.co
URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.235.153.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-235-153-212.compute-1.amazonaws.com
Software
/
Resource Hash
5a66b400ed3590731f8335b4bd05758241ff8a9641da75a262e7112ffe0aff57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 22:50:20 GMT
Referrer-Policy
no-referrer-when-downgrade
Expect-CT
max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
application/json
access-control-allow-origin
https://www.mcafee.com
Cache-control
no-store
access-control-allow-credentials
true
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Length
55
X-XSS-Protection
1; mode=block
js
www.googletagmanager.com/gtag/ 		105 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b29249df54e56342e1b205d903fb75f231714f997a4b753e404ad7c9d2daaffb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42175
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 19 Apr 2022 22:50:20 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1650408621831&cv=9&fst=1650408621403&num=2&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
48cbf0fe5c2c63c68e49de5ccf0ab8ab531631632fd7f0608771690ed81933d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1082
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tracking.js
trk.techtarget.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 15 Oct 2021 14:31:37 GMT
server
cloudflare
age
533
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
expires
Tue, 19 Apr 2022 22:51:27 GMT
cache-control
max-age=1200
cf-ray
6fe932d3ec07920b-FRA
cf-bgj
minify
utag.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		322 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cc5d6ee0ec9d7b82d1a540fc2d3a47150b6da73616dcbbd76f79601153497020

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 11:05:20 GMT
server
AkamaiNetStorage
etag
"3921ae90c2a3395d0ebc577fba047a21:1650366320.57554"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
expires
Tue, 19 Apr 2022 22:55:20 GMT
FZlJEMRw
www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/ 		18 B
742 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/FZlJEMRw
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
vary
Origin
strict-transport-security
max-age=31536000
content-type
application/json
access-control-allow-origin
https://www.mcafee.com
access-control-allow-credentials
true
x_req_id
9a9ff49a-035b-4638-96c0-b4f46ed76d4e
server-timing
edge; dur=2, origin; dur=160, cdn-cache; desc=MISS
access-control-allow-headers
Content-Type
content-length
18
slider-right-arrow.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		746 B
974 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/slider-right-arrow.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
ce6418b62f6e6f2ffd7676db898aa6da5d64c75517766210a15ad53ce8d91404
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
last-modified
Tue, 25 Jan 2022 06:00:51 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
no-transform, max-age=2066846
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
746
expires
Fri, 13 May 2022 20:57:46 GMT
globe-icon.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/globe-icon.svg
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 26 Jul 2021 04:39:06 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
1087
x-content-type-options
nosniff
expires
Wed, 18 May 2022 15:09:37 GMT
/
www.google.com/pagead/1p-user-list/976855902/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/976855902/?random=1650408621831&cv=9&fst=1650405600000&num=2&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&fmt=3&is_vtc=1&random=1528060186&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/976855902/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/976855902/?random=1650408621831&cv=9&fst=1650405600000&num=2&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&fmt=3&is_vtc=1&random=1528060186&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activity.gif
apt.techtarget.com/activity/ 		43 B
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1259816&version=2.1.1&ref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&r=1650408622003
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 22:50:20 GMT
Last-Modified
Tue, 26 Mar 2019 18:30:29 GMT
Server
Apache/2.4.6 (CentOS)
ETag
"2b-5850384029cff"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=25
Content-Length
43
utag.currency.js
tags.tiqcdn.com/utag/tiqapp/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.currency.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7c0817627eb49057128efed83f2ca779e1f3bef48376624533eed1196e1e5c0b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Sun, 17 Apr 2022 01:00:03 GMT
server
AkamaiNetStorage
etag
"dc2d5489932657353866b998d769ea10:1650157203.827368"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1716
expires
Wed, 04 May 2022 22:50:20 GMT
js
www.googletagmanager.com/gtag/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
acc59d09739aab2d6132b62296168fcfe862ab9e216713930e79c6af3ac346bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38752
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 19 Apr 2022 22:50:20 GMT
js
www.googletagmanager.com/gtag/ 		94 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-5471927&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
99fbb55cf236e05f8929217cbec0b3f204382bd6b226e2e13025995451b80ef2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38247
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 19 Apr 2022 22:50:20 GMT
js
www.googletagmanager.com/gtag/ 		105 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-597407903&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
26f03aa6318a4dc3fabed6f3c9162b22500483949e3b6dfbb3c0f5d64338fe94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42173
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 19 Apr 2022 22:50:20 GMT
utag.276.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		33 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.276.js?utv=ut4.39.202204191104
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
8bfed30326b8ffb6bc3f54db1157dde5278c961d56922390e2353c6d163bf19d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 11:05:20 GMT
server
AkamaiNetStorage
etag
"c915295bd8c771678bdf1b1890a84bed:1650366320.044767"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
5065
expires
Wed, 04 May 2022 22:50:20 GMT
utag.331.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.331.js?utv=ut4.39.202201051242
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
ea2fcfa550c8e004fc94f03166e8d8da9a87e9770b21a30146af7f7297735407

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Tue, 21 Dec 2021 08:45:24 GMT
server
AkamaiNetStorage
etag
"59b591af9c74eed7eeee7eb9933434aa:1640076324.779275"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2298
expires
Wed, 04 May 2022 22:50:20 GMT
utag.356.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		103 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.356.js?utv=ut4.39.202204191104
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
3428ca4123d41c84536344c96b18d6ddc89cdd354790bde33b9b24c4407025b7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 11:05:19 GMT
server
AkamaiNetStorage
etag
"5622bdd71323d5a8d52b620b0bcb30b5:1650366319.758452"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
27162
expires
Wed, 04 May 2022 22:50:20 GMT
utag.444.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.444.js?utv=ut4.39.202204191104
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cc2a9ed4988e65c35ca3723e7b6941441eb3cdffb9c054fd02827e794470675f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Mon, 20 Sep 2021 09:32:59 GMT
server
AkamaiNetStorage
etag
"b2cb1df33dd6b8a4f10369db69c7e7dd:1632130379.813891"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
6343
expires
Wed, 04 May 2022 22:50:20 GMT
utag.476.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.476.js?utv=ut4.39.202006041316
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Thu, 31 Oct 2019 10:34:56 GMT
server
AkamaiNetStorage
etag
"6b2903b10789da4d6134a59bb1fc8a49:1572518096.337345"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2366
expires
Wed, 04 May 2022 22:50:20 GMT
utag.515.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Thu, 23 Jul 2020 12:04:49 GMT
server
AkamaiNetStorage
etag
"7365d951d30f1fa9668d0437fedeb4e3:1595505889.289423"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1048
expires
Wed, 04 May 2022 22:50:20 GMT
utag.518.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.518.js?utv=ut4.39.202204191104
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
6c109fc598f457e5cee21e846082801d00bf09ed0a5eaa2762deeb63dc978a5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 11:05:21 GMT
server
AkamaiNetStorage
etag
"c4cda173010944d4ffdd95bf47eac4ac:1650366321.256729"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2499
expires
Wed, 04 May 2022 22:50:20 GMT
utag.521.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Wed, 15 Jul 2020 10:59:20 GMT
server
AkamaiNetStorage
etag
"c09f093e0e4ce83103416febd13a6294:1594810760.535353"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
3237
expires
Wed, 04 May 2022 22:50:20 GMT
utag.523.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.523.js?utv=ut4.39.202201051242
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
27dc4635c254b8aa1eacc62b7819be57d827b663d41793078443ae7531d17f32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Thu, 27 Aug 2020 12:46:09 GMT
server
AkamaiNetStorage
etag
"fb30f56886da031845524ee15f427821:1598532369.53687"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1163
expires
Wed, 04 May 2022 22:50:20 GMT
utag.531.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.531.js?utv=ut4.39.202202081111
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 04:25:45 GMT
server
AkamaiNetStorage
etag
"3a9ced3787ddb191062f19331c8d30bd:1606796745.86938"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
3239
expires
Wed, 04 May 2022 22:50:20 GMT
utag.537.js
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.537.js?utv=ut4.39.202012161058
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
last-modified
Wed, 14 Oct 2020 13:17:10 GMT
server
AkamaiNetStorage
etag
"8b5d313be7f848419f47125d0c6664fd:1602681430.396878"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1538
expires
Wed, 04 May 2022 22:50:20 GMT
ibs:dpid=477&dpuuid=cd9a3b66acd54e7619ed17022836bad95a518355fa1ea1e25a69a4af04542680b0da87c991749652
dpm.demdex.net/ Frame EE68
Redirect Chain
  • https://idsync.rlcdn.com/365868.gif?partner_uid=81295250020836494103305982488477133149
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomODEyOTUyNTAwMjA4MzY0OTQxMDMzMDU5ODI0ODg0NzcxMzMxNDkQABoNCKz5_JIGEgUI6AcQAEIASgA
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=cd9a3b66acd54e7619ed17022836bad95a518355fa1ea1e25a69a4af04542680b0da87c991749652
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=477&dpuuid=cd9a3b66acd54e7619ed17022836bad95a518355fa1ea1e25a69a4af04542680b0da87c991749652
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
HTTP/1.1
Server
52.31.55.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-31-55-178.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mcafeeinc.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v031-0213cbb87.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
qyqxItIMRsw=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Tue, 19 Apr 2022 22:50:20 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dpm.demdex.net/ibs:dpid=477&dpuuid=cd9a3b66acd54e7619ed17022836bad95a518355fa1ea1e25a69a4af04542680b0da87c991749652
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
clear
content-length
0
/
www.facebook.com/tr/ Frame CAE8 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.mcafee.com
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.mcafee.com
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 22:50:20 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
/
www.facebook.com/tr/ Frame 4625 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.mcafee.com
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.mcafee.com
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 22:50:20 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1989
date
Tue, 19 Apr 2022 22:17:11 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 20 Apr 2022 00:17:11 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-597407903&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14892
x-xss-protection
0
server
cafe
etag
4605403730725282575
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 19 Apr 2022 22:50:20 GMT
a
www.googletagmanager.com/ 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-597407903&cv=1&v=3&t=t&pid=666178569&rv=4i1&es=1&e=gtm.init_consent&eid=1&tc=1&z=0
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a
www.googletagmanager.com/ 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-597407903&cv=1&v=3&t=t&pid=666178569&rv=4i1&es=1&e=gtm.init&eid=2&tc=1&z=0
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a
www.googletagmanager.com/ 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-597407903&cv=1&v=3&t=t&pid=666178569&rv=4i1&es=1&e=gtm.js&eid=3&u=AAAAAAAAAAAM&tc=1&tr=1rep&ti=1rep&z=0
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a
www.googletagmanager.com/ 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-597407903&cv=1&v=3&t=t&pid=666178569&rv=4i1&es=1&e=*&eid=10&u=AAAAAAAAAAAM&tc=1&z=0
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ Frame 92A0 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.mcafee.com
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.mcafee.com
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 22:50:20 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
events.js
tags.srv.stackadapt.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-254-175.compute-1.amazonaws.com
Software
/
Resource Hash
a0104fed6924984b774b65fc586372bef3ebefeb9e56112c789472cfdf6f08b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 22:50:20 GMT
Content-Encoding
gzip
Cache-Control
max-age=30
Content-Length
4433
Connection
keep-alive
Content-Type
text/javascript
messages
cu1pehnsweb01.servicebus.windows.net/webp32h01/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
type
entry
Authorization
SharedAccessSignature sr=http%3a%2f%2fcu1pehnsweb01.servicebus.windows.net%2fwebp32h01&sig=egeBP80h1RMGKxIU3lvC2c7N8fqicJTBSJTk9weZQwA%3d&se=2188580224&skn=webp32h01send
Content-Type
application/json; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.mcafee.com
Strict-Transport-Security
max-age=31536000
Access-Control-Allow-Credentials
true
Server
Microsoft-HTTPAPI/2.0
Date
Tue, 19 Apr 2022 22:50:21 GMT
Transfer-Encoding
chunked
Content-Type
application/xml; charset=utf-8
messages
cu1pehnsweb01.servicebus.windows.net/webp32h01/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,type
Access-Control-Request-Method
POST
Origin
https://www.mcafee.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
authorization,content-type,type
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://www.mcafee.com
Access-Control-Max-Age
3600
Content-Length
0
Date
Tue, 19 Apr 2022 22:50:20 GMT
Server
Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age=31536000
js
www.googletagmanager.com/gtag/ 		105 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-614089511&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a31d73276b7ebf605819f7cc99cca74af053e3a9b3be0b43360f3e7c4fcf01b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42174
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 19 Apr 2022 22:50:20 GMT
js
www.googletagmanager.com/gtag/ 		105 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-614089511
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b994f32cc502cdd42ac156fd4f323282c0473001c96d71a6a92f117c309715ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42177
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 19 Apr 2022 22:50:20 GMT
star.gif
jelly.mdhv.io/v1/ 		43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jelly.mdhv.io/v1/star.gif?pid=Fm4ZsumnWdLJITEAOIqxG583lBzi&src=mh&evt=hi&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&_rnd=0.6608222605733225
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.34.21 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
any-in-2215.1e100.net
Software
Google Frontend /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:21 GMT
server
Google Frontend
content-type
image/gif
x-cloud-trace-context
2d948d3533d07f64255e521dc9ce623a
cache-control
no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0
content-length
43
expires
-1
577185772377767
connect.facebook.net/signals/config/ 		308 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/577185772377767?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d94ad9b24f79c97da646cbe15951b0895a28017ce0bfa8dd6a2ac1361b76d6ec
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
89624
x-xss-protection
0
pragma
public
x-fb-debug
DpVD9NoR0+QbO7Sza6DKPkub63aIk3Xpu/yty3ERwJxWGci4nmhgySSYYadJ+xrIuOMwSZvl+CAysNQfMfTo5Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 19 Apr 2022 22:50:20 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		149 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
780f6e25a6d42c520045022366425d652d666144d874db076db23e2913620f86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56769
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 19 Apr 2022 22:50:20 GMT
a
www.googletagmanager.com/ 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-597407903&cv=1&v=3&t=t&pid=666178569&rv=4i1&es=1&e=gtm.dom&eid=11&u=AAAAAAAAAAAM&tc=1&z=0
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Tue, 26 Apr 2022 22:50:20 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
202 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mcafee/consumer-main/202204191104&cb=1650408622441
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Tue, 19 Apr 2022 23:00:20 GMT
s58523685229930
smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/ 		43 B
328 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/s58523685229930?AQB=1&ndh=1&pf=1&t=19%2F3%2F2022%2022%3A50%3A22%202%200&sdid=2CEAAA29B60DCF14-3594496232671421&mid=89296311227772837752800260770345300576&aamlh=6&ce=UTF-8&ns=mcafeeconsumer&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&events=event120%2Cevent1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Canalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&v1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Canalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&c5=%5Bconsumer%3Aweb%5Dother-blogs&v5=%5Bconsumer%3Aweb%5Dother-blogs&c6=%5Bconsumer%3Aweb%5Dmcafee-labs&v6=%5Bconsumer%3Aweb%5Dmcafee-labs&c7=Page%20Name-%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Canalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&c8=www.mcafee.com&v8=new&c9=en-us&v9=en-us&v13=%3A&v14=direct&c15=consumer&v15=consumer&v20=na&v21=united%20states&v23=3%3A30PM&v24=Tuesday&c26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&v26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&c33=web&v33=web&v116=analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
x-c
main-1637.I660130.M0-562
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 20 Apr 2022 22:50:20 GMT
server
jag
xserver
anedge-7b6f4bb9f7-zmzsl
etag
3544225525934948352-4619768283293279838
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Mon, 18 Apr 2022 22:50:20 GMT
FZlJEMRw
www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/ 		18 B
746 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/FZlJEMRw
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.24.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-24-41.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
vary
Origin
strict-transport-security
max-age=31536000
content-type
application/json
access-control-allow-origin
https://www.mcafee.com
access-control-allow-credentials
true
x_req_id
79ef6c73-72cc-4af4-93a3-f1d0eeef4b25
server-timing
edge; dur=1, origin; dur=175, cdn-cache; desc=MISS
access-control-allow-headers
Content-Type
content-length
18
adsct
analytics.twitter.com/i/ 		43 B
78 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=0aa7c0f5-c29c-43ff-9824-841ae7c99e70&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
111
date
Tue, 19 Apr 2022 22:50:20 GMT
server
tsa_o
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
5fc3a114a7801faf54dafffa748db89b13ed3e02d22a68599c7ec178cc9ab5e6
content-length
43
adsct
t.co/i/ 		43 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.3.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=0aa7c0f5-c29c-43ff-9824-841ae7c99e70&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
103
date
Tue, 19 Apr 2022 22:50:20 GMT
server
tsa_o
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
71a4db8d2255e25274c0ca8736215610fd1ea13b64ae1ccf170ab9b89dfdc8c2
content-length
43
1eb8bd09b246.js
w.usabilla.com/ Frame 2F4A 		194 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://w.usabilla.com/1eb8bd09b246.js?lv=1
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.246.156.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-246-156-81.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d03acb4f99b67b990814738b04d0e709390465fbf841bed44787828366e749f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
x-widget-server
2.1
etag
"da1b28189fe1aad7848e4c3efdb21dfe"
content-type
text/javascript
cache-control
public,max-age=0
content-length
23822
s51124160120337
smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBWB/ 		491 B
764 B 		Script
General
Check archive.org
Download Go to
Full URL
https://smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBWB/s51124160120337?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=19%2F3%2F2022%2022%3A50%3A22%202%200&d.&nsid=0&jsonv=1&.d&sdid=2CEAAA29B60DCF14-3594496232671421&mid=89296311227772837752800260770345300576&aamlh=6&ce=UTF-8&pageName=other-blogs%3Amcafee-labs%3Aanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&cc=USD&ch=other-blogs&server=www.mcafee.com&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3DpageName&v1=D%3DpageName&c5=D%3Dv5&v5=other-blogs&c6=D%3Dv6&v6=mcafee-labs&c8=D%3Dv153&c16=Ryan%20Sherstobitoff&c26=D%3Dg&v26=D%3Dg&c51=%7C&c52=Apr%2024%2C%202018&c56=D%3Dv159&c57=D%3Dv160&c58=D%3Dv161&c59=D%3Dv180&c60=New&c62=D%3Dr&c75=D%3Dv190&v98=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F100.0.4896.75%20Safari%2F537.36&v100=2.20.0&v153=www.mcafee.com&v154=us&v155=english&v166=%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C403%7C&v180=year%3D2022%20%7C%20month%3DApril%20%7C%20date%3D19%20%7C%20day%3DTuesday%20%7C%20time%3D3%3A50%20PM&v181=New&v184=D%3Dmid&v185=Direct%2FBookmarked&v187=na&v188=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&v190=analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
e9e657fb2768c71debcdd44a6a5ed3d276965e8d3982d9094b9371c287ac3c86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-aam-tid
e+AAhC2uRE4=
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
x-c
main-1637.I660130.M0-562
p3p
CP="This is not a P3P policy"
vary
*
content-length
491
x-xss-protection
1; mode=block
dcs
dcs-prod-irl1-2-v031-0353f7add.edge-irl1.demdex.com UNKNOWN
pragma
no-cache
last-modified
Wed, 20 Apr 2022 22:50:20 GMT
server
jag
xserver
anedge-7b6f4bb9f7-g6t6k
etag
3544225526107701248-4619796158704045085
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Mon, 18 Apr 2022 22:50:20 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1779406120&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&ul=en-us&de=UTF-8&dt=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GBACUABBAAAAC~&jid=251157113&gjid=2078397501&cid=772957514.1650408623&tid=UA-35949610-14&_gid=1352315111.1650408623&_r=1&gtm=2ou4i1&cd1=na&cd2=us&cd3=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&cd9=&cd10=analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&cd13=&cd16=Ryan%20Sherstobitoff&cd17=Apr%2024%2C%202018&cg1=blogs&cg2=other-blogs&cg3=mcafee-labs&cg4=analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&cg5=&z=1129392579
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.mcafee.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1650408622584&cv=9&fst=1650408622584&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
97c60d4cc0a25f973818f07bfd2a20a5f733c6a2d1aa5b4584ddab2ea96aea66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1241
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/?random=1650408622589&cv=9&fst=1650408622589&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
400e31c24fd187066099eef296b90d8d494c4d03df6e657e551fe9a9a7f1885e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1241
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=577185772377767&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408622623&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650408621559.1698736563&it=1650408621418&coo=false&exp=p1&rqm=GET
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Tue, 19 Apr 2022 22:50:20 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=577185772377767&ev=ViewContent&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408622624&cd[content_type]=product&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1650408621559.1698736563&it=1650408621418&coo=false&tm=1&exp=p1&rqm=GET
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:20 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Tue, 19 Apr 2022 22:50:20 GMT
rules-p-hvA1U3-AR_BCf.js
rules.quantcount.com/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-hvA1U3-AR_BCf.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:7c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
506749860aa7e22e638011c219c9bd26bece45a3b33057c2f145b96b937b5e44

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:09:05 GMT
content-encoding
gzip
age
2613
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Tue, 04 May 2021 18:33:58 GMT
server
AmazonS3
etag
W/"eb0fff4b7031d9152713e8e316a7cc4e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 b17dca9c320b96e12b996848d121ffe4.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
KXEnSb3uAqPfyxfI3nY7RbA5duuJ20mqmIS1b7pYVrXXIuEWwR38hQ==
pixel;r=659594676;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F;uh...
pixel.quantserve.com/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=659594676;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F;uht=2;fpan=1;fpa=P0-1419685418-1650408622658;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=mcafee.com;je=0;sr=1600x1200x24;dst=0;et=1650408622658;tzo=0;ogl=locale.en_US%2Ctype.article%2Ctitle.Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide%2Cdescription.McAfee%20Advanced%20Threat%20Research%20analysts%20have%20uncovered%20a%20global%20data%20reconnaiss%2Curl.https%3A%2F%2Fwww%252Emcafee%252Ecom%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostse%2Csite_name.McAfee%20Blog%2Cimage.https%3A%2F%2Fsecuringtomorrow%252Emcafee%252Ecom%2Fwp-content%2Fuploads%2F2018%2F04%2F20180412-GhostSec
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35949610-14&cid=772957514.1650408623&jid=251157113&gjid=2078397501&_gid=1352315111.1650408623&_u=4GBACUAABAAAAC~&z=944571802
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 19 Apr 2022 22:50:20 GMT
content-type
text/plain
access-control-allow-origin
https://www.mcafee.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/?random=1650408622665&cv=9&fst=1650408622665&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8453f094111112fe49a1f844861ae053f9d7d953027f441c6affcdcec90ccbf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1119
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1650408622667&cv=9&fst=1650408622667&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fcbb8a55db187b33f8e7623f7693c06acb4ff0bcc012bc58a1b89926ddd3cef4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1118
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1650408622668&cv=9&fst=1650408622668&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cbd3078234a143aeb1e799671aad7ef2ea4246a99e6308a326411f8e352be392
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1117
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/597407903/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/597407903/?random=1650408622589&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=966861528&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/597407903/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/597407903/?random=1650408622589&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=966861528&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/976855902/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/976855902/?random=1650408622584&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=68112619&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/976855902/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/976855902/?random=1650408622584&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=68112619&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/614089511/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/614089511/?random=1650408622665&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=2043275402&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/614089511/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/614089511/?random=1650408622665&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=2043275402&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/740246542/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/740246542/?random=1650408622667&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=3200425891&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/740246542/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/740246542/?random=1650408622667&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=3200425891&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/740246542/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/740246542/?random=1650408622668&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=75151690&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/740246542/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/740246542/?random=1650408622668&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=75151690&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35949610-14&cid=772957514.1650408623&jid=251157113&_u=4GBACUAABAAAAC~&z=358234030
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35949610-14&cid=772957514.1650408623&jid=251157113&_u=4GBACUAABAAAAC~&z=358234030
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sa.css
tags.srv.stackadapt.com/ 		65 B
292 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-254-175.compute-1.amazonaws.com
Software
/
Resource Hash
c0d185cd5846a86304846cde2c2822a5846786da0d94d7cc7e1952b41d32dff2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 22:50:21 GMT
Cache-Control
only-if-cached, no-transform, private, max-age=7776000
Connection
keep-alive
Content-Length
65
Content-Type
text/css
sa.jpeg
tags.srv.stackadapt.com/ 		0
881 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-254-175.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 22:50:21 GMT
Cache-Control
only-if-cached, no-transform, private, max-age=7776000
Connection
keep-alive
Content-Length
651
Content-Type
image/jpeg
RC4fa51485b5894d1cb92974356ae0fc00-source.min.js
assets.adobedtm.com/97913309b792/00f161500c52/07eb4e49d341/ 		828 B
708 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/97913309b792/00f161500c52/07eb4e49d341/RC4fa51485b5894d1cb92974356ae0fc00-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:df:3b7::1e80 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
e02c6dc391e7e999f146bc443a116e1f35609f4faecbafedd55aaa3a0c7f234d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:50:21 GMT
content-encoding
gzip
last-modified
Thu, 31 Mar 2022 21:15:51 GMT
server
AkamaiNetStorage
etag
"ab1faf76266ac8bdf276f0bda62d7148:1648761351.579427"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.mcafee.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
443
expires
Tue, 19 Apr 2022 23:50:21 GMT
mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame 40CE 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d6tizftlrpuof.cloudfront.net/themes/production/mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
Requested by
Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.156.253.153 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-253-153.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0f12048dcefe9bc239ae8d17fc0977bb7a704c86d72fab2a17393a056a20bebd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 24 Aug 2021 18:53:45 GMT
Via
1.1 6eb77e673c2aa566dbadbc817458b976.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Fri, 13 Aug 2021 12:15:04 GMT
Server
AmazonS3
Age
20577397
ETag
"1944989b2cb625c962c6ef510fb08a96"
X-Cache
Hit from cloudfront
x-amz-version-id
HisYRYbV2ml0Cly3Ot1zesxtMBlwdJ2E
Cache-Control
max-age=315360000, no-transform, public
X-Amz-Cf-Pop
DUS51-P2
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
2675
X-Amz-Cf-Id
LLz5S7ye__6biuFEkPuTnGxr36BEr17YofQn6qS5JO3ur-CyuYf6oA==
/
www.facebook.com/tr/ Frame 7D2A 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.mcafee.com
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.mcafee.com
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 22:50:21 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
/
02179912.akstat.io/ 		0
201 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://02179912.akstat.io/
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:1700:38a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:21 GMT
content-type
image/gif
access-control-allow-origin
https://www.mcafee.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
x-xss-protection
0
expires
Tue, 19 Apr 2022 22:50:21 GMT
saq_pxl
tags.srv.stackadapt.com/ 		141 B
444 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=uSyobPfzhDJe2LRnhI_IVA&is_js=true&landing_url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&t=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&host=https://www.mcafee.com&sa_conv_data_css_value=%20%220-00ed7921-9060-4246-5d43-55168b21743f%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9902691e702d242d55376f9bd2b48f8505413afb8
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-254-175.compute-1.amazonaws.com
Software
/
Resource Hash
597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 22:50:21 GMT
Access-Control-Allow-Methods
GET
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.mcafee.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
141
results.txt
kqj27oc4ppqquys7hswq-ppfza2-5086d1f62-clientnsv4-s.akamaihd.net/eum/
Redirect Chain
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=ppfza2qrw
  • https://kqj27oc4ppqquys7hswq-ppfza2-5086d1f62-clientnsv4-s.akamaihd.net/eum/results.txt
8 B
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://kqj27oc4ppqquys7hswq-ppfza2-5086d1f62-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Server
92.123.225.10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-225-10.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 22:50:21 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
AkamaiNetStorage
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://kqj27oc4ppqquys7hswq-ppfza2-5086d1f62-clientnsv4-s.akamaihd.net/eum/results.txt
Date
Tue, 19 Apr 2022 22:50:21 GMT
Server
AkamaiGHost
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
results.txt
eaarwyaqcaaaekqce3yab5yaabrf6pfn-ppfza2-6e895c591-clienttons-s.akamaihd.net/eum/
Redirect Chain
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=ppfza2qrw
  • https://eaarwyaqcaaaekqce3yab5yaabrf6pfn-ppfza2-6e895c591-clienttons-s.akamaihd.net/eum/results.txt
8 B
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://eaarwyaqcaaaekqce3yab5yaabrf6pfn-ppfza2-6e895c591-clienttons-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Server
2a02:26f0:f7::5c7b:e02a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 22:50:22 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
AkamaiNetStorage
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://eaarwyaqcaaaekqce3yab5yaabrf6pfn-ppfza2-6e895c591-clienttons-s.akamaihd.net/eum/results.txt
Date
Tue, 19 Apr 2022 22:50:21 GMT
Server
AkamaiGHost
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
a
www.googletagmanager.com/ 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-597407903&cv=1&v=3&t=t&pid=666178569&rv=4i1&es=1&e=gtm.load&eid=15&u=CAAAAAAAAAAM&tc=1&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 22:50:21 GMT
server
Google Tag Manager
vary
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

219 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| theChampLoadEvent string| theChampDefaultLang string| theChampCloseIconPath string| theChampSiteUrl number| theChampVerified number| theChampEmailPopup string| heateorSsMoreSharePopupSearchText object| _wpemojiSettings function| $ function| jQuery object| postgrid_ajax_load object| WPMLLanguageSwitcherDropdownClick object| a2a_config object| utag_data object| sec object| today number| dd string| mm number| yyyy object| ISOTOPE_CACHE string| ISOTOPE_AJAX_URL string| ISOTOPE_AJAX_URL_ENDPOINT number| ISOTOPE_AJAX_ITEMS string| ISOTOPE_CURRENT_CATEGORY object| digitalData object| BOOMR_config string| BOOMR_API_key object| BOOMR function| mQueryChangeHandler function| resetSubmenuDisplay function| parentTabClick function| resizeHandler function| initApp object| bootstrap function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| twq object| google_conversion_id object| google_custom_params object| google_remarketing_only object| a2a function| a2a_show_dropdown function| a2a_miniLeaveDelay function| a2a_init number| a2apage_init function| BOOMR_check_doc_domain object| ErrorStackParser object| UserTimingCompression object| BOOMR_mq object| twemoji object| wp function| GooglemKTybQhCsO object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_tag_data object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_gcl_cookie_path object| google_gcl_cookie_flags object| google_gcl_cookie_domain object| google_gcl_cookie_max_age_seconds object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| google_gtm_experiments object| _bmrEvents object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| scrolledAmountArr function| lintrk boolean| _already_called_lintrk object| twttr function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq function| AppMeasurement_Module_ActivityMap function| AppMeasurement_Module_AudienceManagement function| DIL object| s object| regeneratorRuntime object| dnbvid string| dnbDetails string| pageName undefined| pageGlobalName undefined| localeCode undefined| countryLangMapper string| metaDataClassification object| metaDataClassificationList number| ml string| md_val object| regE function| getMetaData function| isEmployee function| getIP function| getALQueryParam string| eidval string| smcidVal string| tagVal string| utmcampaignVal string| utmsourceVal string| utmmediumVal object| hrefParamMapper function| getHrefParamVal function| updateQueryStringParam function| bindVideoTrackers function| aaBCTrack object| dataLayer function| gtag object| techtargetic object| hlst_query object| hlst_areas object| ajax_objects object| wpmm_object object| el function| theChampPopup function| theChampStrReplace function| theChampCallAjax function| theChampGetScript function| theChampGetElementsByClass function| theChampGetCookie object| _acxj object| _cf object| bmak undefined| bm_counter object| bm_script undefined| scripts string| bm_url object| url_split string| obfus_state_field string| state_field_str string| _sd_trace object| google_tag_manager boolean| utag_condload undefined| run_fullstory_for_user object| utag object| _gaq object| pageTracker string| e boolean| __tealium_twc_switch function| tealiumiq_currency_load object| utag_cfg_ovrd object| __TEALIUM function| targetPageParamsAll function| targetPageParams object| tealiumiq_currency string| GoogleAnalyticsObject function| ga function| saq function| _saq function| lightningjs function| usabilla_live string| gtagRename object| _qevents object| s_i_mcafeewwconsumermain object| d object| sm object| s_i_mcafeeenterprise object| gaplugins object| gaGlobal object| gaData function| google_trackConversion object| GooglebQhCsO function| quantserve function| __qc object| ezt object| _qoptions function| qtrack number| BOOMR_onload object| res string| current_window_url_param

45 Cookies

Domain/Path Name / Value
www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide Name: dnbDetails
Value: ||||||||||403|
.mcafee.com/ Name: bm_sz
Value: C7C4D5F3355DE276664AA5ACB87DDE52~YAAQ0eF7XLjNrz6AAQAAo/sERA9EfJQkp8UDPq2AlGrGa3d86hoIU8kMJUDgEme7pcNrejVRTHmi9Uj7lAL6xmYf4VzAesXl6mImmXsSheXtuc6KZSYUAm1tSGxKhRYPez6gY+X0JaHjfgGeTKkzjQshpzuifI9omm0IRy+5wdQcalKfHZY7fDhoasiyzTkdz7BGApfC8MEcK8u1ADBk59xM209St6X28nqwk/GZElh6b4SohT8S6OpitMMF0MHvVI097vHyGt59W3FG/HBKTZQb6G2448wg4oJdGYHQgcnloOU=~3683377~3425845
.mcafee.com/ Name: _fbp
Value: fb.1.1650408621559.1698736563
.demdex.net/ Name: demdex
Value: 81295250020836494103305982488477133149
.mcafee.com/ Name: AMCVS_A729776A5245B1590A490D44%40AdobeOrg
Value: 1
.linkedin.com/ Name: UserMatchHistory
Value: AQIGjoUVsBeg6QAAAYBEBP9huLa1Cvdsd2QqcPc1JA4_CsaM64O0tr2d81diQhdsDeodIlrsnBwEmA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQIqXwo6EzymwAAAAYBEBP9hyVsfw7zo1qAlhFncQs0aM-NnlwSLxLnKkXnBZpAiDR5PTz5ZqkvTDyKzNXwnww
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&254265a6-f034-4c8c-891d-bfad0775568f"
.linkedin.com/ Name: lidc
Value: "b=VGST03:s=V:r=V:a=V:p=V:g=2564:u=1:x=1:i=1650408619:t=1650495019:v=2:sig=AQFSCnf7CRM1L4jmbcDRlNdLlBHODiOv"
.t.co/ Name: muc_ads
Value: 3cdfb9c7-f90b-44b8-b223-d450c02ae568
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&20220419225019a2007929-4f71-4a5b-8c51-67f1bba1ff25AQFWz7UPa04wpLkA0wegb71MUACTwx55"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTA0MDg2MTk7MjswMjGymWtyE/i0ye8d/I+aNP6hZLJUChxpJGqFChHLxt0N9g==
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Yl88rAAAAIB6qwP7
.twitter.com/ Name: personalization_id
Value: "v1_+n/ntYYnCO11Tv8lr9t3ng=="
.dpm.demdex.net/ Name: dpm
Value: 81295250020836494103305982488477133149
.doubleclick.net/ Name: IDE
Value: AHWqTUl3j_k_iFVtBdh7lTO55e8GnG2wBC6ZRO2Q1EmUNc5gHPh5OT4EUvgKdF7l
.techtarget.com/ Name: __cf_bm
Value: pXePZSiSAeG1xFXtSoBrvx9j8MjjCw8oYFsdy1_HHHU-1650408620-0-ATQLodL9juO3hneeHxBmqHmzNCgO88R8jnn50d6O1tSzSjs5jYcMKNjgbvMBqaC2KzzxRbRoR7tv5EQ8ISAb2vg=
.mcafee.com/ Name: s_ecid
Value: MCMID%7C89296311227772837752800260770345300576
.mcafee.com/ Name: AMCV_A729776A5245B1590A490D44%40AdobeOrg
Value: -408604571%7CMCIDTS%7C19102%7CMCMID%7C89296311227772837752800260770345300576%7CMCAAMLH-1651013421%7C6%7CMCAAMB-1651013421%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1650415821s%7CNONE%7CMCSYNCSOP%7C411-19109%7CMCAID%7CNONE%7CvVersion%7C4.6.0
.demdex.net/ Name: dextp
Value: 60-1-1650408622201
.mcafee.com/ Name: run_fs_for_user
Value: false
.rlcdn.com/ Name: rlas3
Value: rA/QSqH4asx1zPVJGSoQpbSj2ttfL7Bx2m5uKOsWcRo=
.mcafee.com/ Name: _gcl_au
Value: 1.1.1310555505.1650408622
.mcafee.com/ Name: utag_main
Value: v_id:0180440507cc001d829048d3411d03073007a06b00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1650410422028$ses_id:1650408622028%3Bexp-session$vapi_domain:mcafee.com
.rlcdn.com/ Name: pxrc
Value: CKz5/JIGEgUI6AcQABIGCPHrARAA
.mcafee.com/ Name: s_gpv
Value: %5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Canalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide
.mcafee.com/ Name: s_cc
Value: true
.mcafee.com/ Name: s_nr
Value: 1650408622532-New
.mcafee.com/ Name: gpv
Value: other-blogs%3Amcafee-labs%3Aanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide
.mcafee.com/ Name: tp
Value: 25360
.mcafee.com/ Name: s_ppv
Value: other-blogs%253Amcafee-labs%253Aanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2C5%2C5%2C1200
.mcafee.com/ Name: _ga
Value: GA1.2.772957514.1650408623
.mcafee.com/ Name: _gid
Value: GA1.2.1352315111.1650408623
.mcafee.com/ Name: _gat_gtag_UA_35949610_14
Value: 1
.mcafee.com/ Name: _abck
Value: 38E4118A3712BDBF2163236C0F862376~-1~YAAQ0eF7XMLNrz6AAQAAUAMFRAcjzwt49GaDPB12plL4vWSTPr5rmovfFQawO+840gwHwrMkECqzvCcBnT7BPCXWM8IwUU2jJSZYv7Dso1FqUEsS3a2oex9L3lgBm/pu9Fag8KDlDT50OaE3BWeSOr4IKDLHdloJ73iGh/q91S8cYMWKoDsDHY+iiGiGErSC+lKFPHr3O9SGiVwgLpcHc+FpAIFwUloniTClwawuiH9EDZihLbN7WgFOa4vyoO6Gf+ydspDxV+EV1RcZ/C20qW8YDjCzhJtANpFfJIRjfZp3BYckCSeQBy0ExUKVmyZDxJR8dpaUwZuz9wR/JzpFi4NyNPxWHv5L2Yx6Q4UsWMTGkYWpYmO5ec+o9EXZkEkXGki8UaAMfDxc0Q==~-1~-1~-1
.mcafee.com/ Name: Target_Test
Value: seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040
.mcafee.com/ Name: aam_uuid
Value: 81295250020836494103305982488477133149
.quantserve.com/ Name: mc
Value: 625f3cac-e2a0b-e87f6-55a3e
.mcafee.com/ Name: __qca
Value: P0-1419685418-1650408622658
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-00ed7921-9060-4246-5d43-55168b21743f.15DEidi0%2Fhf9qQPyVgkL3aaXI%2B9VBhB3QNiGEIKU7B4
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AAO15IZBgQkZdQ1UWiyF0P1QTr7g.S9y2KCKyN%2FVslGMUi%2BEUDzspZGXn7dl1WMSsIa4b%2FYg
www.mcafee.com/ Name: usbls
Value: 1
.mcafee.com/ Name: RT
Value: "z=1&dm=mcafee.com&si=02ce0a00-f664-4cb6-899a-f15050bd2209&ss=l26qogo7&sl=1&tt=356&bcn=%2F%2F02179912.akstat.io%2F&ld=35a"

6 Console Messages

Source Level URL
Text
javascript warning URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/(Line 1734)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/(Line 1734)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

02179912.akstat.io
analytics.twitter.com
api2932.d41.co
apt.techtarget.com
assets.adobedtm.com
c.go-mpulse.net
cdn-0.d41.co
cdn.jsdelivr.net
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
cu1pehnsweb01.servicebus.windows.net
d6tizftlrpuof.cloudfront.net
dpm.demdex.net
eaarwyaqcaaaekqce3yab5yaabrf6pfn-ppfza2-6e895c591-clienttons-s.akamaihd.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
idsync.rlcdn.com
jelly.mdhv.io
kqj27oc4ppqquys7hswq-ppfza2-5086d1f62-clientnsv4-s.akamaihd.net
mcafeeinc.demdex.net
pixel.quantserve.com
px.ads.linkedin.com
px4.ads.linkedin.com
rules.quantcount.com
s.go-mpulse.net
secure.quantserve.com
securingtomorrow.mcafee.com
smetrics.mcafee.com
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
tags.tiqcdn.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
trk.techtarget.com
w.usabilla.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.mcafee.com
104.208.16.0
104.244.42.133
104.244.42.67
104.75.88.194
104.89.24.41
108.156.253.153
13.107.42.14
13.36.218.177
142.250.185.226
143.204.98.107
161.69.25.99
199.232.188.157
206.19.49.24
216.239.34.21
2600:9000:2315:7c00:6:44e3:f8c0:93a1
2606:4700:10::6816:46c5
2606:4700:4400::6812:2a27
2606:4700::6810:5514
2606:4700::6811:180e
2620:116:800d:21:3175:5196:e3fd:8c1d
2620:1ec:21::14
2a00:1450:4001:808::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:813::200a
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a00:1450:4001:828::2008
2a00:1450:400c:c00::9d
2a02:26f0:1700:38a::11a6
2a02:26f0:df:3b7::1e80
2a02:26f0:f7:1af::11a6
2a02:26f0:f7::5c7b:e024
2a02:26f0:f7::5c7b:e02a
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
34.193.254.175
34.246.156.81
35.244.174.68
52.31.55.178
54.229.178.120
54.235.153.212
92.123.225.10
99.81.5.109
003c5212fe084a97fd7fd753297fe409de81f1be36fa96caced384c844d3d361
02af54bc2bacd59ea605b64bf5a3b880b6d6bae73e5c24a52b49ca2d6d7d3844
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0f12048dcefe9bc239ae8d17fc0977bb7a704c86d72fab2a17393a056a20bebd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
10ec331a7fa46e4439aafe4e1b107bb6469ce6d8ed0fe8acdc77f0d590fc4412
11ad34354aa42ea83ed45226016e50b8fe825c1a213c57e998af4cd7a251ec7b
125214d6e905ae98a9b8cc8664244c3dce376d6e32e59f294878762a0eec128f
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
17ea10196a490a8d3b8da162c7d4af9c301c5229f70af90dad6fa33eb951d83f
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
20a84f304abfaf56bb829a84199344bca40bf7d4dba451e109a840cbdf728436
2170edf920df8db1736b378cacb7cbbb19d9693f32a60348d31e285ab9744591
218d05d13fe4ec02c43381f56d55867da02dbb5ed32c417c2584a44fbbfc8c2a
2433290762f14878390667a857add6770254f0ce19676e8d790eeddfe16b082f
24d11f91b5546461b004b858c726ef1228ca8fa47e5e09b2e39f3789c9413447
25afe676005c046f770992aa6e09eb9cbd6f73ee0b51000efd239fbc4ac600e6
26f03aa6318a4dc3fabed6f3c9162b22500483949e3b6dfbb3c0f5d64338fe94
27dc4635c254b8aa1eacc62b7819be57d827b663d41793078443ae7531d17f32
282656d5ab704ddf2bead855584893e798b59b9b1494b5cf40f73230cc571ee2
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e770bd9e02e484d6aacb06aa5a10129a2a21082b03e3dadeb283c045f61b33e
3428ca4123d41c84536344c96b18d6ddc89cdd354790bde33b9b24c4407025b7
3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2
400e31c24fd187066099eef296b90d8d494c4d03df6e657e551fe9a9a7f1885e
414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8
4753909d47b250070815b12b4b69fa0500302f30795fa77ccde3227fd10ec3ef
47826fb7ccc2189d0bedd25fc09c57b8dab9b03ce66d60f02af04f78f1001b20
485d3d9905192b37c2b35167d3f095bb1bc3804fb272e533342f182b5dce4165
48a3f2f17c97ab0f447cbf07748755c5fb27841a0f20149519bd6f4be5274e9a
48cbf0fe5c2c63c68e49de5ccf0ab8ab531631632fd7f0608771690ed81933d1
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4dafc5d60a0cdc3b677a4cd543239bead37d550f86d89ec5210935ba15872ce1
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4efd0e4384f1de3d392d29f8a82bdd641c68d4d743105b7797b56237af1eb8ee
506749860aa7e22e638011c219c9bd26bece45a3b33057c2f145b96b937b5e44
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
50c8022116d8105e7c9af1cb08f1e21c26f3f8516875bba1013fe4cbdd166a8d
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
559afeaefaee506a69375fb058a699f782b2246c40810f6b4a6cd967981aec0a
597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2
5a66b400ed3590731f8335b4bd05758241ff8a9641da75a262e7112ffe0aff57
5c911eb39ad184a724aac53d6e259a6c1598d9d4341ca481f9db71e22c76b6bc
5d4ac009da7f99e32023b5d21c87939275d1561bf80e4737aa5d61beba675f29
5d60ce49f261c72be59ec3eda251d9f890be64e5f98390633c391ae53ba5b0b6
5fef6314aa3fafeb4b0bc082cb5214b85d89edddb817095796d77875073c2f76
656955dd522a5ad6e4854b1ae8cc510c8eafab407ce64ec7957b5c23a8014bd1
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
678e8e73815c022d0dd0a7cb8eaf7a37d5c7759c692ad945a5f042bc36a5a6e2
6c109fc598f457e5cee21e846082801d00bf09ed0a5eaa2762deeb63dc978a5c
6c3863ea880020da3633fca5370103fe50b39d3c087ddf08dfcfd7d54f16dd33
6d4d659f4b34d65df2bfac351dda22f2a050352cbebf8f5df3fcb109018f945e
6dc29b86dd6cb91a632a411bddaddb571dff296f2628cbc4f666c36ef54a6e3f
6f5900b58770638d1557e62f3a54eb5d2565562eb8050e68d63954dbf6ee77d4
71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f
75b43df6930d03341e76a75dcd100473926121ac0e707825a0e73e5666d7ff97
76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74
7716b50cc0675d22d9f9cf1224e282269b57a7d6a3a4541f3b9b48862df03419
780f6e25a6d42c520045022366425d652d666144d874db076db23e2913620f86
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7bdf7d3d48d514d3537d7849fe90f75475ab2bf49c2b65b5c5aed0c9bcdeeca8
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c0817627eb49057128efed83f2ca779e1f3bef48376624533eed1196e1e5c0b
7c48971a72486c60216251e89061d7c2b8b03fa57551e0a6be0b7f0f9ab6254c
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7d96d2e1b074aae1837dca30f5a377b312196ebec0060a99c7d64655bae7c05b
7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
8230dd99a840ebad43aacb1e94192f44d5dd12393a1c0e638feaed0014878d95
8453f094111112fe49a1f844861ae053f9d7d953027f441c6affcdcec90ccbf9
8474952f856a73d936c67fc73c4b330547430caec755cab2ee773a626ec03988
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89b9296a15088c3885813778cff511c9ed386423aa985e3c4a374295163fcd51
8bfed30326b8ffb6bc3f54db1157dde5278c961d56922390e2353c6d163bf19d
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8dbf13ee25ebb0469215de647614d72bc7828eefd22b2a2779b283e7a67af8fb
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
97c60d4cc0a25f973818f07bfd2a20a5f733c6a2d1aa5b4584ddab2ea96aea66
99fbb55cf236e05f8929217cbec0b3f204382bd6b226e2e13025995451b80ef2
9b9e485828e3ab9be4f5285e9214960c209adae3a0e6332e869a5b104007008f
9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834
9dee9f7724ca98ec632aadeee67d695806122f2ceae9b874dbc47f4535345ce9
9f2fc412da514ae1b4748fb922a7e06c5aab9a29296e3c021f86513f6a1e8ae5
9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05
a0104fed6924984b774b65fc586372bef3ebefeb9e56112c789472cfdf6f08b9
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a31d73276b7ebf605819f7cc99cca74af053e3a9b3be0b43360f3e7c4fcf01b8
a3935c241510b950f45880b82b60284f71f326a55288071821a8f0961798c449
a535c591be3492fdf85462e10f231e43c2e6e3becd254698dc508b9b7e15c3a9
ab05c963114aa7b9486b6fffd9409af3cb1aa0f55762f72819b23df7cefb429d
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acc59d09739aab2d6132b62296168fcfe862ab9e216713930e79c6af3ac346bd
accd271a82a97837718c0a3bf0e1c6fad3ac21f801dce9ae10a66de015a681da
ae76c1a3226452722f7648a7a0d0a0bc030afaab66d0bf5f2a26146e3ec0303b
afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b
b0abefe062d78a4a0fd0d9f49407c4c18644ee30d80137ef2770e1dae20d2144
b214cccddc7befa6c82212f0d757ccedba128ce1ea11a20a14a6b20f7ce79557
b29249df54e56342e1b205d903fb75f231714f997a4b753e404ad7c9d2daaffb
b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475
b6008a46367feb68269adff71ca0507a7ffa2fafffa8c3af83a4f6f6518936e1
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608
b948b4e3f54ac94c26f8ca688fb6f84974e5f95128bd291213562ada2b854c8d
b994f32cc502cdd42ac156fd4f323282c0473001c96d71a6a92f117c309715ce
b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6
baa8b1d358b515d8b7e9622eca0fed65802a19df40e23b7c67138d04f141827b
bdbc00de393216f6118f704088accc9ebddd220480741d5ed088c01f46f84088
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
c0d185cd5846a86304846cde2c2822a5846786da0d94d7cc7e1952b41d32dff2
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2360a63214a4c506ea53b464da6013fad961ec65f5ac3132f2d161b70e20b86
c28b11b88f25260096e090cba278a677c0c4f0d1f36570e6c173865d7c261ba6
c48dfe2811b178d0d09b499f4c07d74f6c417e4bc14eafce2b3c94781548bd7e
c7243883df019158d584ad142b9b69ab0ff43312e939b1cd9b44b14c1a1d44f1
c776499873d7afef2f42887296b1a505c237a4dd3f2fe60c8c34116dd9e9a3ab
c85b89d6b7d92272f7fb5946e61282a75b946883176c9ff73eac557dde75c724
c8801a050e21e0e0aef39f1517a6dcce6d56a71950460282d873f4553cd98977
c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85
cbd3078234a143aeb1e799671aad7ef2ea4246a99e6308a326411f8e352be392
cc2a9ed4988e65c35ca3723e7b6941441eb3cdffb9c054fd02827e794470675f
cc5d6ee0ec9d7b82d1a540fc2d3a47150b6da73616dcbbd76f79601153497020
cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442
cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
ce6418b62f6e6f2ffd7676db898aa6da5d64c75517766210a15ad53ce8d91404
cf718792729fdd90fa7a301c371e0bd6b1bab7df4ec664bfa7e7f0656a58b87c
d03acb4f99b67b990814738b04d0e709390465fbf841bed44787828366e749f9
d0444653d0b6016785ad1489d32bc5b5185e740c125312f1f4f0c4e19e2b46c3
d3704d9797dce227e5032123ba2c7744319bf51460b1f5a54e21ec3d9952004e
d384a06e51a2768147e3cc3cb97d5b09c2bdb6b2e0e4bc238ebd76bd1cfac850
d5cd84cc07e1b1de269767307530f3d99a79ea0387d98a4fb9e9b0f65cb09a23
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
d8d255d26500377962ab84e9578971dd558a5772b8d6bbbb8a16e98f55a3611b
d94ad9b24f79c97da646cbe15951b0895a28017ce0bfa8dd6a2ac1361b76d6ec
dd0aab4060ef1c321293aa501648b607c5b2123b504db705357a90b560fb855c
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e02c6dc391e7e999f146bc443a116e1f35609f4faecbafedd55aaa3a0c7f234d
e26c61587827a4d320d0766a1d979cdcdf9ca93cd7323e2aff6822b7ba39b15f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
e906436e21a8490ebb646535185815624343377d407320f064f69045f3332f4f
e9e657fb2768c71debcdd44a6a5ed3d276965e8d3982d9094b9371c287ac3c86
ea2fcfa550c8e004fc94f03166e8d8da9a87e9770b21a30146af7f7297735407
ee51b51995f3768e62a8ab777746d972874bace6cd2482629f6e58f37b65e758
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff0e1854fa55be60eda0bdadc46196855405268c7dd0bfa17bbc659f04c1ae6
f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1
f266dd76093d18576935f25c75b429165ae83e5630b6e723f282c5e2eeb00c1f
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f66a48a13c4d8604a7f8f41bc198bf10044fc4dd7c0dfc8f8a1d3adc8be91941
f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5
fa43fd4073d3976c0bc94de0d58e6f81290443515528b60e80aa889fa38f80c2
fcbb8a55db187b33f8e7623f7693c06acb4ff0bcc012bc58a1b89926ddd3cef4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff4f1d3b83b386fe368a36112d66e193f81a07d24e2d4f98312fcfb53360d5e0
ff91452f83ca176dd6aef8ddca1f0eef9b1a7edade26ca0167e1e93485ed088c